Trellix ENS 10.x STIG Version Comparison

There are 9 differences between versions v2 r12 (Oct. 25, 2023) (the "left" version) and v2 r14 (April 24, 2024) (the "right" version).

Check ENS-CO-000100 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

(U) The McAfee Trellix ENS module enforcement status must be enabled.

Check Content

(U) From the ePO server console, select “System "System Tree” From Tree". From the System Tree Tree, select “My "My Organization” Select Organization". Select >>Assigned "Assigned Policies. From Policies". From the "Product:" drop-down list, select "Endpoint Security Common" and verify the Policy Enforcement Status is "All enforce". From "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Threat Prevention" and verify the Product Enforcement Status is "All enforce". From "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Firewall" and verify the Product Enforcement Status is "All enforce". If "Enforcing". If the Product Enforcement Status is not "Enforcing" "All enforce" for "Endpoint Security Common", "Endpoint Security Threat Prevention", or "Endpoint Security Firewall", this is a finding.

Discussion

(U) When the McAfee Trellix ENS module is not enforcing policies, the resulting set of policies configured and deployed to endpoints will not be applied. The endpoint system will not be protected.

Fix

(U) Access the ePO server console. Select "My Organization". Select System Tree >> Assigned Policies. From the "Product:" drop-down list, select the product(s) for which "Enforcement status:" is "Not enforcing". Click on "Not enforcing" to open the "Enforcement" screen. For "Enforcement Status:", click the "Enforcing" button. Click "Save".