Title

McAfee VirusScan On-Demand scan must be configured so there are no exclusions from the scan unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA. (Cat II impact)

Discussion

When scanning for malware, excluding specific files will increase the risk of a malware-infected file going undetected. By configuring antivirus software without any exclusions, the scanner has a higher success rate at detecting and eradicating malware.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Exclusions tab, locate the "What not to scan:" label. Ensure that no items are listed in this area. If any items are listed, they must be documented with, and approved by, the local ISSO/ISSM/DAA. Criteria: If no items are listed in the "What not to scan:" area, this is not a finding. If excluded items exist, and they are documented with and approved by the ISSO/ISSM/DAA, this is not a finding. If excluded items exist, and they are not documented with and approved by the ISSO/ISSM/DAA, this is a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the NumExcludeItems has value of 0, this is not a finding. If the NumExcludeItems has value other than 0, and they are documented with and approved by the ISSO/ISSM/DAA, this is not a finding. If the NumExcludeItems has value other than 0, and they are not documented with and approved by the ISSO/ISSM/DAA, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click on the Task and select Properties. Under the Exclusions tab, locate the "What not to scan:" label, remove any items. Click OK to Save.

Additional Identifiers

Rule ID: SV-243379r722476_rule

Vulnerability ID: V-243379

Group Title: SRG-APP-000277

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.