Check: DTASEP024
Symantec Endpoint Protection 12.1 Local Client Antivirus STIG:
DTASEP024
(in version v1 r4)
Title
The Symantec Endpoint Protection client Global Settings Bloodhound heuristic technology must be enabled. (Cat II impact)
Discussion
Bloodhound Virus detection scans of outgoing email messages helps to prevent the spread of threats such as worms that can use email clients to replicate and distribute themselves across a network.
Check Content
GUI check: Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Change settings -> Under Virus and Spyware Protection -> Select Configure Settings -> Under the Global Settings tab -> Under Scan Options -> Ensure "Enable Bloodhound heuristic virus detection" is selected. Criteria: If "Enable Bloodhound heuristic virus detection" is not selected, this is a finding.
Fix Text
Locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen. On the left hand side, select Change settings -> Under Virus and Spyware Protection -> Select Configure Settings -> Under the Global Settings tab -> Under Scan Options -> Select "Enable Bloodhound heuristic virus detection".
Additional Identifiers
Rule ID: SV-55416r1_rule
Vulnerability ID: V-42688
Group Title: DTASEP024
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001242 |
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
Controls
| Number | Title |
|---|---|
| SI-3 |
Malicious Code Protection |