Check: ENS-FW-000001
Trellix ENS 10.x STIG:
ENS-FW-000001
(in versions v3 r2 through v2 r9)
Title
(CUI) The ENS Firewall must be enabled with intrusion alerts. (Cat II impact)
Discussion
(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the firewall acts according to the rule, blocking or allowing traffic through. A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.
Check Content
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Options”, select policy and then verify “Protection Options” is set to “Enable firewall intrusion alerts”. If the Protection Options is not set to “Enable firewall intrusion alerts”, this is a finding.
Fix Text
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Options” and for "Protection Options" select “Enable firewall intrusion alerts”. Click "Save".
Additional Identifiers
Rule ID: SV-230196r1022734_rule
Vulnerability ID: V-230196
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |