Title

The antivirus signature file age must not exceed 7 days. (Cat I impact)

Discussion

Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system.

Check Content

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Click Help >> About VirusScan Enterprise. The "About" dialog box will be displayed, showing, among other information, the current DAT version installed and the date of that DAT version. Guidance in DTAM016 requires updates be run daily, automatically or manually. If compliant, the DAT date will be within 24-48 hours old. Since automated update tasks' success is not guaranteed, the expectation is for update task success to be frequently monitored and corrected when unsuccessful. To allow for that correction, the minimum acceptable threshold for DAT date is not to exceed 7 days. If the DAT date displayed is more than "7" days old, this is a finding. If the vendor or trusted site's files match the date of the signature files on the machine, this is not a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select the AutoUpdate option, right-click, and select "Start".

Additional Identifiers

Rule ID: SV-243355r722666_rule

Vulnerability ID: V-243355

Group Title: SRG-APP-000276

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.