Trellix ENS 10.x STIG Version Comparison

There are 3 differences between versions v3 r3 (Jan. 30, 2025) (the "left" version) and v3 r5 (July 2, 2025) (the "right" version).

Check ENS-CO-000100 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

(U) The Trellix ENS module enforcement status must be enabled.

Check Content

(U) From Note: If the functions listed below are performed by a different product, the "enforcing" requirement for that function is not applicable. From the ePO server console, select "System Tree". From the System Tree, select "My Organization". Select "Assigned Policies". From the "Product:" drop-down list, select "Endpoint Security Common" and verify the Policy Enforcement Status is "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Threat Prevention" and verify the Product Enforcement Status is "Enforcing". From the "Product:" drop-down list, select "Endpoint Security Firewall" and verify the Product Enforcement Status is "Enforcing". If the Product Enforcement Status is not "Enforcing" for "Endpoint Security Common", "Endpoint Security Threat Prevention", or "Endpoint Security Firewall", this is a finding.

Discussion

(U) When the Trellix ENS module is not enforcing policies, the resulting set of policies configured and deployed to endpoints will not be applied. The endpoint system will not be protected.

Fix

(U) Access the ePO server console. Select "My Organization". Select System Tree >> Assigned Policies. From the "Product:" drop-down list, select the product(s) for which "Enforcement status:" is "Not enforcing". Click "Not enforcing" to open the "Enforcement" screen. For "Enforcement Status:", click "Enforcing". Click the "Enforcing" button. Click "Save".