Title

The McAfee VirusScan File Reputation Service setting is not configured as required. (Cat II impact)

Discussion

This parameter controls setting the Heuristic network check for suspicious files in the File Reputation Service.

Check Content

- 8.7 Managed Client: From the ePO server console, select Systems tab, select the asset to be checked, select the Policies tab, select from the product pull down list VirusScan Enterprise 8.7.0. Locate in the Category column the On-Access General Policies. Select from the Policy column the policy associated with the On-Access General Policies. Under the General tab, locate the " Heuristic network check for suspicious files:" label. Ensure the "Medium" option is selected. Criteria: If the "Medium" option is selected this is not a finding. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On access scanner Criteria: If the value of ArtemisEnabled is REG_DWORD = 1, this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On access scanner Criteria: If the value of ArtemisLevel is REG_DWORD = 2, this is not a finding. NOTE: This setting applies to product versions of 8.7i and above only.

Fix Text

- 8.7 Managed Client: From the ePO server console, select Systems Tab, select the asset to be checked, select the Policies tab, select from the product pull down list VirusScan Enterprise 8.7.0. Locate in the Category column the On-Access General Policies. Select from the Policy column, the policy associated with the On-Access General Policies. Under the General tab, locate the "Heuristic network check for suspicious files:" label. Select the "Medium" option. Select Save. NOTE: This setting applies to product versions of 8.7i and above only.

Additional Identifiers

Rule ID:

Vulnerability ID: V-35027

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.