Title

Tanium Server files must be protected from file encryption actions. (Cat II impact)

Discussion

Similar to any other host-based applications, the Tanium Server is subject to the restrictions other System-level software may place on an operating environment. Antivirus, Encryption, or other security and management stack software may disallow the Tanium Server from working as expected. https://docs.tanium.com/platform_install/platform_install/reference_host_system_security_exceptions.html.

Check Content

Consult with the Tanium System Administrator to determine the file-level encryption software used on the Tanium Server. Review the settings for the file-level encryption software. Validate exclusions exist which exclude the Tanium program files from being encrypted by the file-level encryption software. If exclusions do not exist, this is a finding.

Fix Text

Implement excluding policies within the file-level encryption software solution to exclude encryption of the Tanium Server program files.

Additional Identifiers

Rule ID: SV-234109r612749_rule

Vulnerability ID: V-234109

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.