McAfee MOVE AV Multi-Platform 4.5 STIG Version Comparison

There are 1 differences between versions v1 r1 (Dec. 11, 2017) (the "left" version) and v1 r2 (July 27, 2018) (the "right" version).

Check MV45-OPT-000001 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

The McAfee MOVE AV Options Policy must be configured with the location of quarantine to ensure consistency across all systems.

Check Content

Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager", verify the Quarantine Directory is set to <SYSTEM_DRIVE>\Quarantine. If <SYSTEM_DRIVE>\Quarantine or another location authorized by the ISSM. If the Quarantine Directory is not set to <SYSTEM_DRIVE>\Quarantine, or another location authorized by the ISSM, this is a finding. finding.".

Discussion

The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently. To centrally manage the quarantine on all systems, the quarantine should always be configured the same across all systems, which will allow management to better control access to those locations.

Fix

Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager", configure the Quarantine Directory to <SYSTEM_DRIVE>\Quarantine. Click <SYSTEM_DRIVE>\Quarantine, or another location authorized by the ISSM. Click "Save".