Title

McAfee VirusScan On-Access Scanner General Settings must be configured to scan floppy during shutdown. (Cat II impact)

Discussion

Computer viruses in the early days of personal computing were almost exclusively passed around by floppy disks. Floppy disks would be used to boot the computer and, if infected, would infect the hard drive files, as well. Although floppy drives have fallen out of use, it is still a good security practice, whenever the antivirus software allows, to enable the scanning software to scan a floppy disk at shutdown.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the General tab, locate the "Scan:" label. Ensure the "Floppy during shutdown" option is selected. Criteria: If the "Floppy during shutdown" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration\ Criteria: If the value of bScanFloppyonShutdown is 1, this is not a finding. If the value is 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the General tab, locate the "Scan:" label. Select the "Floppy during shutdown" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243358r722413_rule

Vulnerability ID: V-243358

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.