An error occurred:

Check: DTAM055

McAfee VirusScan 8.8 Local Client STIG: DTAM055 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On-Demand scan must be configured to find unknown macro threats. (Cat II impact)

Discussion

Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. The scanning for unknown macro viruses will mitigate zero day attacks.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Items tab, locate the "Heuristics:" label. Ensure the "Find unknown macro threats" option is selected. Criteria: If "Find unknown macro threats" is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) DesktopProtection\Tasks Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task. Criteria: If, under the applicable GUID key, the dwMacroHeuristicsLevel has value of 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task. Right-click the Task and select Properties. Under the Scan Items tab, locate the "Heuristics:" label. Select the "Find unknown macro threats" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243383r722488_rule

Vulnerability ID: V-243383

Group Title: SRG-APP-000277

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001241

The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection