An error occurred:

Check: DTAM052

McAfee VirusScan 8.8 Local Client STIG: DTAM052 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On-Demand scan must be configured to scan inside archives. (Cat II impact)

Discussion

Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment.

Check Content

NOTE: This setting must be configured. Exclusions for specific extensions may be created. Exclusions must be documented with, and approved by, the local ISSO/ISSM. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Items tab, locate the "Options:" label. Ensure the "Scan inside archives (e.g. .ZIP)" option is selected. Criteria: If "Scan inside archives (e.g. .ZIP)" is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the ScanArchives has value of 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Items tab, locate the "Options:" label. Select the "Scan inside archives (e.g. .ZIP)" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243380r722479_rule

Vulnerability ID: V-243380

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection