Check: ENS-EP-000001
Trellix ENS 10.x STIG:
ENS-EP-000001
(in versions v3 r2 through v3 r1)
Title
(CUI) The ENS Exploit Prevention for IPS must be enabled. (Cat II impact)
Discussion
(CUI) Exploit Prevention content is updated monthly. This content not only provides protection against zero-day exploits, but also offers some flexibility in the way that patches can be applied.
Check Content
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. Select “Endpoint Security Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Verify “Enable Exploit Prevention” is selected. If the “Enable Exploit Prevention” is not selected, this is a finding. Verify “Enable Network Intrusion Prevention” and “Automatically block network intruders” are selected. If either the “Enable Network intrusion Prevention” or “Automatically block network intruders” are not selected, this is a finding.
Fix Text
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog. Select “Endpoint Protection Threat Prevention” from the Product list. From the Category list, select “Exploit Prevention”. Select “Enable Exploit Prevention”. Select “Enable Network Intrusion Prevention” and “Automatically block network intruders”. Click “Save”.
Additional Identifiers
Rule ID: SV-230205r1022740_rule
Vulnerability ID: V-230205
Group Title: SRG-APP-000272
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
| CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
| Number | Title |
|---|---|
| SI-3(2) |
Automatic Updates |