Check: ENS-TP-000241
Trellix ENS 10.x STIG:
ENS-TP-000241
(in version v2 r5)
Title
(U) The McAfee ENS Threat Prevention Access Protection must be configured to prevent remote creation of autorun files. (Cat II impact)
Discussion
(U) Autorun files are used to automatically launch program files, typically setup files from CDs. Preventing other computers from making a connection and creating or altering autorun.inf files can prevent spyware and adware from being executed. Many spyware and virus programs are distributed on CDs.
Check Content
(U) NOTE: If HIPS signature 3886 is enabled to provide this same protection, this check is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Verify Access Protection >> Rules >> Remotely creating autorun files is configured to "block". If Access Protection >> Rules >> Remotely creating autorun files is not configured to "block", this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Access Protection". Select each configured Access Protection policy. Configure Access Protection >> Rules >> Remotely creating autorun files to "block". Click "Save".
Additional Identifiers
Rule ID: SV-228274r772322_rule
Vulnerability ID: V-228274
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |