Check: DTAM001
McAfee VirusScan 8.8 Managed Client STIG:
DTAM001
(in versions v6 r1 through v5 r14)
Title
McAfee VirusScan On-Access General Policies must be configured to enable on-access scanning at system startup. (Cat I impact)
Discussion
For antivirus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, trojans, and other malware infecting the system during that startup phase.
Check Content
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access General Policies. Under the General tab, locate the "Enable on-access scanning:" label. Ensure the "Enable on-access scanning at system startup" option is selected. Criteria: If the "Enable on-access scanning at startup" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bStartDisabled is 0, this is not a finding. If the value is 1, this is a finding.
Fix Text
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access General Policies. Under the General tab, locate the "Enable on-access scanning:" label. Select the "Enable on-access scanning at system startup" option. Select Save.
Additional Identifiers
Rule ID: SV-216892r397870_rule
Vulnerability ID: V-216892
Group Title: SRG-APP-000278
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
Number | Title |
---|---|
SI-3 |
Malicious Code Protection |