Title

McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan when reading from disk. (Cat II impact)

Discussion

Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Scan files:" label. Ensure the "When reading from disk" is selected. Criteria: If the "When reading from disk" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default Criteria: If the value bScanOutgoing is 1, this is not a finding. If the value is 0, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select All Processes. Under the Scan Items tab, locate the "Scan files:" label. Select the "When reading from disk" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243397r722530_rule

Vulnerability ID: V-243397

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.