Check: ENS-EP-000002
Trellix ENS 10.x STIG:
ENS-EP-000002
(in versions v2 r7 through v2 r5)
Title
(U) The ENS Generic Privilege Escalation Prevention must be enabled. (Cat II impact)
Discussion
(U) For antivirus software to be effective it must be running at all times beginning from the point of the system's initial startup. Otherwise the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.
Check Content
(U) NOTE: If McAfee ENS is being used for Host Intrusion Prevention, this requirement is applicable and must be met. If McAfee Host Intrusion Prevention is still being used for this protection, this check is Not Applicable. If the OPORD 16-0080 FRAGO 6 has been released and it is still in the implementation period, this is Not a Finding if configured per the FRAGO steps of implementation. Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select each configured “Exploit Prevention” policy. Verify the Threat Prevention >> Exploit Prevention >> “Enable Generic Privilege Escalation Prevention” check box is selected. If the Threat Prevention >> Exploit Prevention >> “Enable Generic Privilege Escalation Prevention” check box is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Protection Threat Prevention" from the Product list. From the Category list, select "Exploit Prevention". Select each configured "Exploit Prevention" policy. Select the Threat Prevention >> Exploit Prevention >> "Enable Generic Privilege Escalation Prevention" check box. Click "Save".
Additional Identifiers
Rule ID: SV-230206r772376_rule
Vulnerability ID: V-230206
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
Controls
Number | Title |
---|---|
SI-3 (2) |
Automatic Updates |