Check: TIDX-CL-000001
Trellix TIE/DXL STIG:
TIDX-CL-000001
(in versions v2 r2 through v1 r0.1)
Title
The McAfee Data Exchange Layer (DXL) Client policy for all managed systems must have Self Protection enabled. (Cat I impact)
Discussion
This policy configures whether the settings for the DXL client policy pushed from the ePO server are protected from being changed. If the Self Protection is not enabled, the potential exists for the DXL client to be stopped or settings modified at the client level.
Check Content
This check needs to be completed for the active McAfee DXL Client policy that manages managed clients. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions", select Edit for the policy that manages the managed clients. Under Self Protection, verify the check box for "Enable Self Protection (Windows only)" is selected. If the check box for "Enable Self Protection (Windows only)" is not selected, this is a finding.
Fix Text
From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee DXL Client from Products. Under "Actions" select Edit for the policy that manages the managed clients. Select the check box for "Enable Self Protection (Windows only)".
Additional Identifiers
Rule ID: SV-221991r506938_rule
Vulnerability ID: V-221991
Group Title: SRG-APP-000379
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001248 |
The information system prevents non-privileged users from circumventing malicious code protection capabilities. |
| CCI-001744 |
Implement organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner. |
Controls
| Number | Title |
|---|---|
| CM-3(5) |
Automated Security Response |