Title

McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan inside archive files. (Cat II impact)

Discussion

Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment.

Check Content

NOTE: This requirement can be left not configured and marked as Not Applicable if the regularly scheduled on-demand scan, validated under V-6611, DTAM052, includes the scanning of archive files. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Compressed files:" label. Ensure the "Scan inside archives (e.g., .ZIP)" option is selected. Criteria: If the "Scan inside archives (e.g., .ZIP)" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Compressed files:" label. Select the "Scan inside archives (e.g., .ZIP)" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243401r722542_rule

Vulnerability ID: V-243401

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.