Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be configured to scan all subfolders. (Cat II impact)

Discussion

(U) Antivirus software is the most commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives and folders regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of a system's hard drives and/or not configuring the scan to scan all files and running processes introduces a higher risk of threats going undetected.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify Scan Locations >> Scan subfolders >> What to scan >> "Subfolders" is selected. If Scan Locations >> Scan subfolders >> What to scan >> "Subfolders" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the Scan Locations >> Scan subfolders >> What to scan >> "Subfolders" option. Click "Save".

Additional Identifiers

Rule ID: SV-228262r944491_rule

Vulnerability ID: V-228262

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.