Title

The anti-virus signature file age must not exceed seven days. (Cat II impact)

Discussion

(U) Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. By configuring a system to attempt an antivirus update on a daily basis, the system is ensured of maintaining an antivirus signature age of seven days or less. If the update attempt were to be configured for only once a week, and that attempt failed, the system would be immediately out of date.

Check Content

(U) From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the system being reviewed. Click on the system to open the System Information page. On the System Information page, select the "Products" tab. Under the "Product" section, select "Endpoint Security Threat Protection". Scroll down and inspect the "AMcore content version" and "AMcore content date." Verify the "AMcore content Date:" is within the last 7 days. If the "AMcore content Date:" is not within the last 7 days, this is a finding. If the site manages Linux hosts, inspect the "MED DAT" content version and "MED DAT" content date. If the MED DAT content date is not within the last 7 days, this is a finding.

Fix Text

(U) From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the system being reviewed. Click on the system to open the System Information page. Click Actions >> Agent >> Edit Tasks on a Single System. On the Client Tasks page, click Actions >> New Client Task Assignment. On the Client Task Assignment Builder page, under the "Product" section, select "McAfee Agent". Under the "Task Type" section, select "Product Update". Under the "Task Name" section, click on "Create New Task". Type a unique name for the "Task Name". For "Package selection:", select the "All packages" radio button. Click "Save". Or Select the "Selected packages" radio button. For the "Package types:" section, select the appropriate content package check box and the "Engine" check box under the "Signatures and engines:" section. Click "Save". On the Client Task Assignment Builder page, under the "Task Name" section, select the task just created. Click "Next" to schedule the task. For "Schedule status:", select the radio button for "Enabled". For "Schedule type:", choose "Daily". Schedule the "Effective period:", "Start time:" and other options according to best practices. Click "Save".

Additional Identifiers

Rule ID: SV-251045r879662_rule

Vulnerability ID: V-251045

Group Title: SRG-APP-000276

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.