An error occurred:

Check: ENS-TP-000236

Trellix ENS 10.x STIG: ENS-TP-000236 (in versions v2 r14 through v2 r5)

Title

(U) The Trellix ENS Threat Prevention On-Demand Scan must be enabled to use scan cache. (Cat II impact)

Discussion

(U) Using the scan cache will prevent duplicate scanning of files while also improving performance. In addition, the ENS module will check the local reputation cache for the file hash. If the file hash is found, the module gets the reputation data for the file from the cache.

Check Content

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Verify Performance >> "Use the Scan Cache" is selected. If Performance >> "Use the Scan Cache" is not selected, this is a finding.

Fix Text

(U) Access the ePO server console. Select Menu >> Policy >> Policy Catalog From the "Product" list, select "Endpoint Security Threat Prevention". From the "Category" list, select "On-Demand Scan". Select each configured On-Demand Scan policy. Select the Performance >> "Use the Scan Cache" option. Click "Save".

Additional Identifiers

Rule ID: SV-228270r944500_rule

Vulnerability ID: V-228270

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection