Title

McAfee VirusScan Unwanted Programs Policies must be configured to detect adware. (Cat II impact)

Discussion

Adware, like spyware, is, at best, an annoyance by presenting unwanted advertisement to the user of a computer, sometimes in the form of a popup. At worst, it redirects the user to malicious websites. Detecting and blocking will mitigate the likelihood of users being tricked into visiting sites with malicious content.

Check Content

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select the policy associated with the Unwanted Programs Policies. Under the Scan Items tab, locate the "Select categories of unwanted programs to detect:" label. Ensure the "Adware" option is selected. Criteria: If the "Adware" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\NVP Criteria: If the value DetectAdware is 1, this is not a finding.

Fix Text

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select the policy associated with the Unwanted Programs Policies. Under the Scan Items tab, locate the "Select categories of unwanted programs to detect:" label. Select the "Adware" option. Select Save.

Additional Identifiers

Rule ID: SV-216946r397873_rule

Vulnerability ID: V-216946

Group Title: SRG-APP-000279

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.