Title

The Trellix Data Exchange Layer (DXL) Client policy for all managed systems must have Self Protection enabled. (Cat I impact)

Discussion

This policy configures whether the settings for the DXL client policy pushed from the ePO server are protected from being changed. If the Self Protection is not enabled, the potential exists for the DXL client to be stopped or settings modified at the client level.

Check Content

This check must be completed for the active Trellix DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Self Protection, verify the check box for "Enable Self Protection (Windows only)" is selected. If the check box for "Enable Self Protection (Windows only)" is not selected, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix DXL Client from Products. Under "Actions" select Edit for the policy that manages the managed clients. Select the check box for "Enable Self Protection (Windows only)".

Additional Identifiers

Rule ID: SV-221991r961458_rule

Vulnerability ID: V-221991

Group Title: SRG-APP-000379

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.