An error occurred:

Check: DTAM056

McAfee VirusScan Managed Client: DTAM056 (in version v4 r10)

Title

The McAfee VirusScan action for Virus parameter is not configured as required. (Cat II impact)

Discussion

This parameter controls the action when a virus is found.

Check Content

From the ePO server console, select Systems tab, select the asset to be checked, select Client Tasks tab. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. A daily or weekly on demand client scan may also be identified by reviewing the Product Name, Status, and Schedule of each Task Name in the Client Tasks window. In the same row as the on demand client scan task under review, ensure that the Product Name column contains VirusScan Enterprise 8.7.0, in the Status column, ensure that the status is Enabled. Select Edit from the Actions column. In the Description tab, ensure that for “Type:” “On Demand Scan (VirusScan Enterprise 8.7.0)” is selected. Select the Configuration tab. Under the Actions tab, When a threat is found: area, ensure that for the “Perform this action first:” pull down menu, “Clean files” is selected. Criteria: If “Clean files” is selected, this is not a finding. On the client machine, use the Windows Explorer to navigate to the following folder: %SystemDrive%:\Document and Settings\All Users\Application Data\McAfee\Common Framework\Task\. Multiple .ini files will be stored in this folder one for each task defined on the ePO server for this client. The name for each task is identified in the first section of the file under the [Task] section on the TaskName= “” line. Additionally, a TaskType= line in the [General] section of the file is provided to describe the type of scan. In this case, TaskType=VSC700_Scan_Task is expected. Information for this check is determined by examining the contents of this file. Criteria: If [Actions] uAction=5, this is not a finding.

Fix Text

From the ePO server console, select Systems tab, select the asset to be checked, select Client Tasks tab. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the on demand client scan task, ensure that the Product Name column contains VirusScan Enterprise 8.7.0 and in the Status column, ensure that the status is Enabled. Select Edit from the Actions column. In the Description tab, ensure that for “Type:” “On Demand Scan (VirusScan Enterprise 8.7.0)” is selected. Select the Configuration tab. Under the Actions tab, When a threat is found: area, Perform this action first:, select “Clean files”. Select Save.

Additional Identifiers

Rule ID:

Vulnerability ID: V-6616

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001243

The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection