Check: ENS-TP-000213
Trellix ENS 10.x STIG:
ENS-TP-000213
(in versions v2 r14 through v2 r5)
Title
(U) The Trellix ENS Threat Prevention On-Access Process Settings must be configured to scan all files. (Cat II impact)
Discussion
(U) When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
Check Content
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Verify Process Settings >> Scanning >> Standard >> "What to scan:All files" is selected. If Process Settings >> Scanning >> Standard >> "What to scan:All files" is not selected, this is a finding.
Fix Text
(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Click the "Show Advanced" button. Select the Process Settings >> Scanning >> Standard >> "What to scan:All files" option. Click "Save".
Additional Identifiers
Rule ID: SV-228247r944476_rule
Vulnerability ID: V-228247
Group Title: SRG-APP-000278
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |