Title

McAfee VirusScan On-Access Scanner General Settings must be configured to scan boot sectors. (Cat II impact)

Discussion

Boot sector viruses will install into the boot sector of a system, ensuring that they will execute when the user boots the system. This risk is mitigated by scanning boot sectors at each startup of the system.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties Select the General Settings. Under the General tab, locate the "Scan:" label. Ensure the "Boot Sectors" option is selected. Criteria: If the "Boot Sectors" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) \SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bDontScanBootSectors is 0, this is not a finding. If the value is 1, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the General tab, locate the "Scan:" label. Select the "Boot Sectors" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243357r722410_rule

Vulnerability ID: V-243357

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.