Check: ENS-TP-000206
Trellix ENS 10.x STIG:
ENS-TP-000206
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Threat Prevention On-Access Scan must be configured to scan boot sectors. (Cat II impact)
Discussion
(U) Boot sector viruses will install into the boot sector of a system, ensuring that they will execute when the user boots the system. This risk is mitigated by scanning boot sectors at each startup of the system.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Verify the On-Access Scan >> "Scan boot sectors" check box is selected. If the On-Access Scan >> "Scan boot sectors" check box is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Select the On-Access Scan >> "Scan boot sectors" check box. Click "Save".
Additional Identifiers
Rule ID: SV-228240r944465_rule
Vulnerability ID: V-228240
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |