Title

McAfee VirusScan On-Demand scan must be configured to scan all files. (Cat II impact)

Discussion

When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Items tab, locate the "File types to scan:" label. Ensure the "All files" option is selected. Criteria: If "All files" is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the bScanAllFiles has value of 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Item tab, locate the "File types to scan:" label. Select the "All files" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243378r722473_rule

Vulnerability ID: V-243378

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.