Title

(U) The Trellix ENS Threat Prevention Options must be configured to enable Trellix GTI feedback when performing Proactive Data Analysis. (Cat II impact)

Discussion

(U) Trellix GTI is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet. Trellix GTI uses real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data collected from the analysis, GTI dynamically calculates reputation scores that represent the level of risk to a network. Trellix GTI Proactive Data Analysis sends anonymous diagnostic and usage data to Trellix. GTI feedback enables Trellix GTI-based telemetry feedback to collect anonymized data on files and processes executing on the endpoint system.

Check Content

(U) NOTE: For Classified networks, this requirement is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Verify "Proactive Data Analysis:Trellix GTI feedback" is selected. If "Proactive Data Analysis:Trellix GTI feedback" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "Options". Select each configured Options policy. Click the "Show Advanced" button. Select the "Proactive Data Analysis:Trellix GTI feedback" option. Click "Save".

Additional Identifiers

Rule ID: SV-228234r944459_rule

Vulnerability ID: V-228234

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.