Title

McAfee VirusScan Unwanted Programs Policy must be configured to detect spyware. (Cat II impact)

Discussion

Spyware is software that aids in gathering information about a person or organization without their knowledge, and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the user's knowledge. Spyware may try to deceive users by bundling itself with desirable software. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Some types of spyware disable software firewalls and antivirus software. Detecting, blocking, and eradicating malicious spyware or preventing it from being installed will alleviate the negative side effects of the spyware.

Check Content

Access the local VirusScan console by clicking on Start->All Programs->McAfee->VirusScan Console. Under the Task column, find the Unwanted Programs Policy, right-click, and choose Properties. In the Scan Items tab, ensure the Spyware option is selected. If the Spyware option is not selected, this is a finding. If the Spyware option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\NVP Criteria: If the value DetectSpyware is 1, this is not a finding.

Fix Text

Access the local VirusScan console by clicking on Start->All Programs->McAfee->VirusScan Console. Under the Task column, find the Unwanted Programs Policy, right-click, and choose Properties. In the Scan Items tab, select the Spyware option. Click OK to save.

Additional Identifiers

Rule ID: SV-243409r722566_rule

Vulnerability ID: V-243409

Group Title: SRG-APP-000279

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.