Title

McAfee VirusScan On-Access Scanner General Settings must be configured to enable on-access scanning at system startup. (Cat I impact)

Discussion

For Antivirus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the General tab, locate the "General:" label. Ensure the "Enable on-access scanning at system startup" option is selected. Criteria: If the "Enable on-access scanning at startup" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) \SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bStartDisabled is 0, this is not a finding. If the value is 1, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Under the General tab, locate the "General:" label. Select the "Enable on-access scanning at system startup" option. Click OK to Save.

Additional Identifiers

Rule ID: SV-243356r722407_rule

Vulnerability ID: V-243356

Group Title: SRG-APP-000278

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.