An error occurred:

Check: DTAM149

McAfee VirusScan 8.8 Managed Client STIG: DTAM149 (in versions v6 r1 through v5 r14)

Title

McAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent remote creation of autorun files. (Cat II impact)

Discussion

Autorun files are used to automatically launch program files, typically setup files from CDs. Preventing other computers from making a connection and creating or altering autorun.inf files can prevent spyware and adware from being executed. There are many spyware and virus programs distributed on CDs.

Check Content

Note: If the HIPS signature 3886 is enabled to provide this same protection, this check is Not Applicable. From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select the policy associated with the Access Protection Policies. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Ensure both "Prevent remote creation of autorun files" (Block and Report) options are selected. Criteria: If both "Prevent remote creation of autorun files" (Block and Report) options are selected, this is not a finding. Registry keys are not available for this setting. To validate from client side, access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Ensure "Prevent remote creation of autorun files" (Block and Report) options are both selected. Criteria: If "Prevent remote creation of autorun files" (Block and Report) options are both selected, this is not a finding.

Fix Text

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select the policy associated with the Access Protection Policies. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Select both "Prevent remote creation of autorun files" (Block and Report) options. Select Save.

Additional Identifiers

Rule ID: SV-216959r397870_rule

Vulnerability ID: V-216959

Group Title: SRG-APP-000278

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001242

The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection