Check: DTAG008
McAfee VirusScan 8.8 Managed Client STIG:
DTAG008
(in versions v6 r1 through v5 r14)
Title
The antivirus signature file age must not exceed 7 days. (Cat I impact)
Discussion
Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system.
Check Content
Guidance in DTAM016 requires updates be run daily, automatically or manually. If compliant, the DAT date will be within 24-48 hours old. Since automated update tasks’ success is not guaranteed, the expectation is for update task success to be frequently monitored and corrected when unsuccessful. To allow for that correction, the minimum acceptable threshold for DAT date is not to exceed 7 days. On the client machine, right-click on the McAfee red shield icon in the taskbar. Choose "About". Scroll down to the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" section. Review the date for "DAT Created On:". Criteria: If the "DAT Created On:" date is older than 7 days from the current date, this is a finding. From the ePO server console System Tree, select the "Systems" tab, select the asset to be checked, and double-click to open its properties. Under the System Information, scroll down to the VirusScan Enterprise section and click on the "More" link in the top-right portion of the VirusScan Enterprise section. Scroll down to the General section and confirm the DAT Date reflected is within the last 7 days. Criteria: If the DAT Date is older than 7 days from the current date, this is a finding. NOTE: If the vendor or trusted site's files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.
Fix Text
Update client machines via ePO client task. If this fails to update the client, update antivirus signature files as your local process describes (e.g., auto update or runtime executable.)
Additional Identifiers
Rule ID: SV-216891r397864_rule
Vulnerability ID: V-216891
Group Title: SRG-APP-000276
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001240 |
The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. |
Controls
Number | Title |
---|---|
SI-3 |
Malicious Code Protection |