Title

(U) The Default Client Update Settings must be configured. (Cat II impact)

Discussion

(U) Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The antivirus software product must be configured to receive those updates automatically in order to afford the expected protection.

Check Content

(U) From the ePO server console, select "Policy Catalog". From the "Product:" drop-down list, select "Endpoint Security Common" From the "Category" list, look for "Options" Select each configured policy (example: DISA Global: ENS Common) Select "Show Advanced" Look for section named "Default Client Update" If under "What to update” the “Security content, hotfixes and patches" option is not selected, this is a finding.

Fix Text

(U) From the ePO server console, select "Policy Catalog". From the "Product:" drop-down list, select "Endpoint Security Common" and configure the "Default Client Update”. Configure the Default Client Update task schedule for updates. Under “What to update”, select “Security content, hotfixes, and patches”. Click "Save".

Additional Identifiers

Rule ID: SV-230193r879659_rule

Vulnerability ID: V-230193

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.