An error occurred:

Check: MV45-SVM-000007

McAfee MOVE AV Multi-Platform 4.5 STIG: MV45-SVM-000007 (in versions v1 r2 through v1 r1)

Title

The McAfee MOVE AV SVM Settings policy must be configured to use McAfee Global Threat Intelligence file reputation with a sensitivity level of medium or higher. (Cat II impact)

Discussion

Anti-virus software vendors use collective intelligence from sensors and cross-vector intelligence from web, email, and network threats to compile scores that reflect the likelihood of whether a file in question is malware. The collective intelligence is constantly being updated, more frequently than the typical daily anti-virus signature files. With File Reputation lookup, a more real-time response to potential malicious code is realized than with the local-running anti-virus software, since by querying the cloud-based database when a file appears to be suspicious, up-to-the-minute intelligence is provided. This type of protection reduces the threat protection time period from days to milliseconds, increases malware detection rates, and reduces downtime and remediation costs associated with malware attacks. Using File Reputation lookup is mandated by USCYBERCOM on DoD systems.

Check Content

NOTE: This requirement is Not Applicable on the classified network. Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under McAfee GTI, verify the "Enable McAfee GTI" check box is selected with a sensitivity level of "Medium" or higher. If the "Enable McAfee GTI" check box is not selected or sensitivity level is lower than "Medium", this is a finding.

Fix Text

NOTE: This requirement is Not Applicable on the classified network. Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under McAfee GTI, select the "Enable McAfee GTI" check box. Select "Medium" or higher for sensitivity level. Click "Save".

Additional Identifiers

Rule ID: SV-93281r1_rule

Vulnerability ID: V-78575

Group Title: MV45-SVM-000007

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001242

The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection