Check: ENS-TP-000212
Trellix ENS 10.x STIG:
ENS-TP-000212
(in versions v2 r12 through v2 r5)
Title
(U) The McAfee ENS Threat Prevention On-Access Scan must be configured with McAfee Decide trust logic. (Cat II impact)
Discussion
(U) Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from malware attacks. "Let McAfee Decide" trust logic improves security and boosts performance by avoiding unnecessary scans.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Verify Process Settings >> Process Types >> Standard >> "When to scan:Let McAfee decide" is selected. If Process Settings >> Process Types >> Standard >> "When to scan:Let McAfee decide" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Select the Process Settings >> Process Types >> Standard >> "When to scan:Let McAfee decide" option. Click "Save".
Additional Identifiers
Rule ID: SV-228246r879664_rule
Vulnerability ID: V-228246
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |