Title

(U) The Trellix ENS module enforcement status must be enabled. (Cat II impact)

Discussion

(U) When the Trellix ENS module is not enforcing policies, the resulting set of policies configured and deployed to endpoints will not be applied. The endpoint system will not be protected.

Check Content

(U) From the ePO server console, select "System Tree". From the System Tree, select "My Organization". Select "Assigned Policies". From the "Product:" drop-down list, select "Endpoint Security Common" and verify the Policy Enforcement Status is "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Threat Prevention" and verify the Product Enforcement Status is "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Firewall" and verify the Product Enforcement Status is "Enforcing". If the Product Enforcement Status is not "Enforcing" for "Endpoint Security Common", "Endpoint Security Threat Prevention", or "Endpoint Security Firewall", this is a finding.

Fix Text

(U) Access the ePO server console. Select "My Organization". Select System Tree >> Assigned Policies. From the "Product:" drop-down list, select the product(s) for which "Enforcement status:" is "Not enforcing". Click "Not enforcing" to open the "Enforcement" screen. For "Enforcement Status:", click the "Enforcing" button. Click "Save".

Additional Identifiers

Rule ID: SV-228223r953840_rule

Vulnerability ID: V-228223

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.