An error occurred:

Check: DTAM046

McAfee VirusScan 8.8 Local Client STIG: DTAM046 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On-Demand scan must be configured to scan all subfolders. (Cat II impact)

Discussion

Antivirus software is the mostly commonly used technical control for malware threat mitigation. Antivirus software on hosts should be configured to scan all hard drives and folders regularly to identify any file system infections and to scan any removable media, if applicable, before media is inserted into the system. Not scheduling a regular scan of the hard drives of a system and/or not configuring the scan to scan all files and running processes, introduces a higher risk of threats going undetected.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Locations tab, locate the "Scan options:" label. Ensure the "Include subfolders" option is selected. Criteria: If "Include subfolders" is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the bScanSubdirs has value of 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Locations tab, locate the "Scan options:" label. Select the "Include subfolders" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243376r722467_rule

Vulnerability ID: V-243376

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection