Title

(CUI) The ENS Exploit Prevention for IPS must be enabled. (Cat II impact)

Discussion

(CUI) Exploit Prevention content is updated monthly, This content not only provides protection against zero-day exploits, but also offers some flexibility in the way that patches can be applied.

Check Content

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog Select “Endpoint Security Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Verify “Enable Exploit Prevention” is selected. If the “Enable Exploit Prevention” is not selected, this is a finding. Verify “Enable Network Intrusion Prevention” and “Automatically block network intruders” are selected. If either the “Enable Network intrusion Prevention” or “Automatically block network intruders” are not selected, this is a finding.

Fix Text

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. Select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select “Enable Exploit Prevention”. Select “Enable Network Intrusion Prevention” and “Automatically block network intruders”. Click “Save”.

Additional Identifiers

Rule ID: SV-230205r879659_rule

Vulnerability ID: V-230205

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.