Title

The Advanced Threat Defense (ATD) file types must be configured for those files to be sent from an endpoint for analysis. (Cat II impact)

Discussion

Trellix ATD is a separate Trellix product which enables organizations to detect advanced, evasive malware and convert threat information into action and protection. It includes additional inspection capabilities that broaden detection and expose evasive threats. It integrates with other Trellix security solutions, one of which is the Trellix TIE server. This requirement is to be configured if the organization has the Trellix ATD solution implemented as part of their security infrastructure.

Check Content

If the organization has not implemented the Trellix ATD as part of their security infrastructure, this is Not Applicable. This check must be completed for the active Trellix TIE Server Management policy that manages the site Trellix TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, verify the "Selected File Types" is configured and not empty. If the "Selected File Types" is not configured, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the Trellix TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site Trellix TIE. Select the "Sandboxing" tab. Under Trellix Advanced Threat Defense, populate "Selected FileTypes" with the organizational specific file types to be analyzed by the ATD.

Additional Identifiers

Rule ID: SV-222008r1015917_rule

Vulnerability ID: V-222008

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.