Check: ENS-EP-000001
Trellix ENS 10.x STIG:
ENS-EP-000001
(in version v2 r5)
Title
(CUI) The ENS Exploit Prevention for IPS must be enabled. (Cat II impact)
Discussion
(CUI) Exploit Prevention content is updated monthly, This content not only provides protection against zero-day exploits, but also offers some flexibility in the way that patches can be applied.
Check Content
(CUI) NOTE: If HIPs is still be used for this protection, this check is Not Applicable. If the OPORD 16-0080 FRAGO 6 has not been released, this check is Not Applicable. If the OPORD 16-0080 FRAGO 6 has been released and it is still in the implementation period, this is Not a Finding if configured per the FRAGO steps of implementation. Access the ePO server console. Select Menu >> Policy >> Policy Catalog Select “Endpoint Security Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Verify “Enable Exploit Prevention” is selected. If the “Enable Exploit Prevention” is not selected, this is a finding. Under Options, Advanced, verify “Enable Adaptive Mode” is not selected. If the “Enable Adaptive Mode” is selected, this is a finding. Verify “Enable Network Intrusion Prevention” and “Automatically block network intruders” are selected. If either the “Enable Network intrusion Prevention” or “Automatically block network intruders” are not selected, this is a finding.
Fix Text
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. Select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select “Enable Exploit Prevention”. Under Options, Advanced, de-select “Enable Adaptive Mode”. Select “Enable Network Intrusion Prevention” and “Automatically block network intruders”. Click “Save”.
Additional Identifiers
Rule ID: SV-230205r772373_rule
Vulnerability ID: V-230205
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
Controls
Number | Title |
---|---|
SI-3 (2) |
Automatic Updates |