Check: ENS-CO-000112
Trellix ENS 10.x STIG:
ENS-CO-000112
(in versions v3 r2 through v3 r1)
Title
(U) The Default Client Update Settings must be configured. (Cat II impact)
Discussion
(U) Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The antivirus software product must be configured to receive those updates automatically in order to afford the expected protection.
Check Content
(U) From the ePO server console, select "Policy Catalog". From the "Product:" drop-down list, select "Endpoint Security Common". From the "Category" list, look for "Options". Select each configured policy (example: DISA Global: ENS Common). Select "Show Advanced". Look for section named "Default Client Update". If under "What to update” the “Security content, hotfixes and patches" option is not selected, this is a finding.
Fix Text
(U) From the ePO server console, select "Policy Catalog". From the "Product:" drop-down list, select "Endpoint Security Common" and configure the "Default Client Update”. Configure the Default Client Update task schedule for updates. Under “What to update”, select “Security content, hotfixes, and patches”. Click "Save".
Additional Identifiers
Rule ID: SV-230193r1022732_rule
Vulnerability ID: V-230193
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
CCI-004964 |
Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |