Title

(U) The Trellix ENS Threat Prevention On-Access Scan must be configured to specify 45 as the maximum number of seconds for each file scan. (Cat II impact)

Discussion

(U) When antivirus software is not configured to limit the amount of time spent trying to scan a file, the total effectiveness of the antivirus software and performance on the system being scanned will be degraded. By limiting the amount of time the antivirus software uses when scanning a file, the scan will be able to complete in a timely manner.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Verify On-Access Scan >> Specify maximum number of seconds for each file scan is configured to "45" seconds or less. If On-Access Scan >> Specify maximum number of seconds for each file scan is not configured to "45" seconds or less, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Access Scan". Select each configured On-Access Scan policy. Set On-Access Scan >> Specify maximum number of seconds for each file scan to "45" seconds or less. Click "Save".

Additional Identifiers

Rule ID: SV-228239r944464_rule

Vulnerability ID: V-228239

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.