Check: ENS-TP-000204
Trellix ENS 10.x STIG:
ENS-TP-000204
(in versions v3 r2 through v3 r1)
Title
(U) The Trellix ENS Threat Prevention On-Access Scan must be enabled on system startup. (Cat I impact)
Discussion
(U) For antivirus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, trojans, and other malware to infect the system during that startup phase.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Verify the On-Access Scan >> "Enable On-Access Scan on system startup" check box is selected. If the On-Access Scan >> "Enable On-Access Scan on system startup" check box is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Select the On-Access Scan >> "Enable On-Access Scan on system startup" check box. Click "Save".
Additional Identifiers
Rule ID: SV-228238r1022711_rule
Vulnerability ID: V-228238
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
| CCI-002624 |
Configure malicious code protection mechanisms to perform real-time scans of files from external sources at endpoint; and/or network entry and exit points as the files are downloaded, opened, or executed in accordance with organizational policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |