An error occurred:

Check: DTAM154

McAfee VirusScan 8.8 Local Client STIG: DTAM154 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits. (Cat II impact)

Discussion

A rootkit is a stealthy type of software, usually malicious, and is designed to mask the existence of processes or programs from normal methods of detection. Rootkits will often enable continued privileged access to a computer. Scanning and handling detection of rootkits will mitigate the likelihood of rootkits being installed and used maliciously on the system.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Locations tab, in the box under the "Specify where scanning takes place." label, ensure the "Memory for rootkits" option is displayed. Criteria: If "Memory for rootkits" is displayed in the in the configuration for the daily or weekly On-Demand Scan, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on demand client scan task. Criteria: If, under the applicable GUID key, there exists a szScanItem with a REG_SZ value of "SpecialScanForRootkits", this is not a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Locations tab, in the box under the "Specify where scanning takes place." label, select "Memory for rootkits" from the drop-down selection box. Click OK to Save.

Additional Identifiers

Rule ID: SV-243428r722623_rule

Vulnerability ID: V-243428

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection