Title

McAfee VirusScan On-Demand scan must be configured to scan boot sectors. (Cat II impact)

Discussion

Boot sector viruses will install into the boot sector of a system, ensuring that they will execute when the user boots the system. This risk is mitigated by scanning boot sectors at each startup of the system.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Locations tab, locate the "Scan options:" label. Ensure the "Scan boot sectors" option is selected. Criteria: If "Scan boot sectors" is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the bSkipBootScan has value of 1, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, find and select the scheduled task that shows a Status of "Daily" or "Weekly" or any frequency other than "Not Scheduled". Right-click the Task and select Properties. Under the Scan Locations tab, locate the "Scan options:" label. Select the "Scan boot sectors" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243377r722470_rule

Vulnerability ID: V-243377

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.