Check: ENS-CO-000102
Trellix ENS 10.x STIG:
ENS-CO-000102
(in versions v3 r2 through v2 r5)
Title
(U) The Trellix ENS Common Options must be configured to require a password to uninstall the client. (Cat I impact)
Discussion
(U) The client interface is a method for accessing and configuring Trellix ENS policies and configurations directly on the system. In "Standard" mode, most protection statuses and features are accessible and require a password to view or change settings. The "Lock client interface" mode requires a password to even access the client. If the client interface is not in the locked mode, users could potentially change the protection settings.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Verify Client Interface Mode >> Uninstallation >> "Require password to uninstall the client" is selected. If Client Interface Mode >> Uninstallation >> "Require password to uninstall the client" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Common". From the "Category" list, select "Options". Select each configured Options policy. Select Client Interface Mode >> Uninstallation >> "Require password to uninstall the client" option. Click "Save".
Additional Identifiers
Rule ID: SV-228225r961863_rule
Vulnerability ID: V-228225
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |