An error occurred:

Check: TANS-AP-001420

Tanium 7.x Application on TanOS STIG: TANS-AP-001420 (in versions v2 r1 through v1 r1)

Title

Tanium endpoint files must be excluded from host-based intrusion prevention intervention. (Cat II impact)

Discussion

Similar to any other host-based applications, the Tanium Client is subject to the restrictions other system-level software may place on an operating environment. Antivirus, IPS, Encryption, or other security and management stack software may disallow the Tanium Server from working as expected. https://docs.tanium.com/client/client/requirements.html#Host_system_security_exceptions

Check Content

Consult with the Tanium System Administrator to determine the HIPS software used on the Tanium Clients. Review the settings of the HIPS software. Validate exclusions exist which exclude the Tanium program files from being restricted by HIPS. If exclusions do not exist, this is a finding.

Fix Text

In the host-based intrusion prevention system, ensure the following folders are excluded: Windows (64-bit OS versions) - \Program Files (x86)\Tanium\Tanium Client Windows (32-bit OS versions) - \Program Files\Tanium\Tanium Client macOS - /Library/Tanium/TaniumClient Linux, Solaris, AIX - /opt/Tanium/TaniumClient In the host-based intrusion prevention system, ensure the following processes are excluded: Windows, macOS, Linux - <Tanium Client>/Tools/StdUtils directory or all the files that it contains, including: Windows, macOS, Linux - 7za.exe (Windows) or 7za (macOS, Linux) Windows, macOS, Linux - runasuser.exe (Windows only) Windows, macOS, Linux - runasuser64.exe (Windows only) Windows, macOS, Linux - TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) Windows, macOS, Linux - TaniumFileInfo.exe (Windows only) Windows, macOS, Linux - TPowerShell.exe (Windows only) macOS, Linux, Solaris, AIX - <Tanium Client>/TaniumClient macOS, Linux, Solaris, AIX - <Tanium Client>/taniumclient macOS, Linux - <Tanium Client>/distribute-tools.sh macOS, Linux - <Tanium Client>/TaniumCX Windows - <Tanium Client>\TaniumClient.exe Windows - <Tanium Client>\TaniumCX.exe

Additional Identifiers

Rule ID: SV-254954r961863_rule

Vulnerability ID: V-254954

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings