Title

The McAfee VirusScan autoupdate parameters are not configured as required. (Cat II impact)

Discussion

This parameter ensure that the product is configured to get autoupdates.

Check Content

From the ePO server console, select Systems tab, select Client Tasks tab, select New Task. On the Description page, provide a descriptive Name, select "Product Update" from the Type: pull down menu, and select Next. On the Configuration page in the Signatures and engines: section,ensure that Engine and DAT are selected, and select Next. On the Schedule page in the Schedule status: section, ensure Enabled is selected; in the Schedule type: section, ensure that at least Weekly is selected, and select Next. On the Summary page, select Save. Update client machine. Criteria: If a Product update is Enabled with Engine and DAT selected, and scheduled for at least a weekly update, this is not a finding. On the client machine use the Windows Explorer to navigate to the following folder: %SystemDrive%:\Document and Settings\All Users\Application Data\McAfee\Common Framework\Task Multiple .ini files will be stored in this folder one for each task defined on the ePO server for this client. The name for each task is identified in the first section of the file under the [Task] section on the TaskName= “” line. Additionally, a TaskType= line in the [General] section of the file is provided to describe the task type. In this case TaskType=update is expected. Information for this check is determined by examining the contents of this file. Criteria:If [Settings] Enabled=1 and [Schedule] Type=0 the schedule is daily, this is not a finding.If [Settings] Enabled=1 and [Schedule] Type=1 the schedule is weekly, this is not a finding.

Fix Text

From the ePO server console, select Systems tab, select Client Tasks tab, select New Task. On the Description page, provide a descriptive Name, select "Product Update" from the Type: pull down menu, and select Next. On the Configuration page in the Signatures and engines: section, ensure that Engine and DAT are selected, and select Next. On the Schedule page in the Schedule status: section, ensure Enabled is selected; in the Schedule type: section, ensure that at least Weekly is selected, and select Next. On the Summary page, select Save. Update client machine.

Additional Identifiers

Rule ID:

Vulnerability ID: V-6585

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.