Title

The Advanced Threat Defense (ATD) file types must be configured for those files to be sent from an endpoint for analysis. (Cat II impact)

Discussion

McAfee ATD is a separate McAfee product which enables organizations to detect advanced, evasive malware and convert threat information into action and protection. It includes additional inspection capabilities that broaden detection and expose evasive threats. It integrates with other McAfee security solutions, one of which is the McAfee TIE server. This requirement is to be configured if the organization has the McAfee ATD solution implemented as part of their security infrastructure.

Check Content

If the organization has not implemented the McAfee ATD as part of their security infrastructure, this is Not Applicable. This check needs to be completed for the active McAfee TIE Server Management policy that manages the site McAfee TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Select the "Sandboxing" tab. Under McAfee Advanced Threat Defense, verify the "Selected File Types" is configured and not empty. If the "Selected File Types" is not configured, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Select the "Sandboxing" tab. Under McAfee Advanced Threat Defense, populate "Selected FileTypes" with the organizational specific file types to be analyzed by the ATD.

Additional Identifiers

Rule ID: SV-222008r506938_rule

Vulnerability ID: V-222008

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.