Title

(U) The Trellix ENS Threat Prevention Options must be configured to enable Safety Pulse when performing Proactive Data Analysis. (Cat II impact)

Discussion

(U) Trellix GTI is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet. Trellix GTI uses real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data collected from the analysis, GTI dynamically calculates reputation scores that represent the level of risk to a network. Safety Pulse performs a health check on the client system before and after AMCore content file updates, and at regular intervals, and sends results to Trellix.

Check Content

(U) NOTE: For Classified networks, this requirement is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify "Proactive Data Analysis:Safety Pulse" is selected. If "Proactive Data Analysis:Safety Pulse" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Select the "Proactive Data Analysis:Safety Pulse" option. Click "Save".

Additional Identifiers

Rule ID: SV-228235r944460_rule

Vulnerability ID: V-228235

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.