STIGQter: STIG Summary: McAfee VirusScan 8.8 Managed Client STIG Version: 5 Release: 21 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: McAfee VirusScan 8.8 Managed Client STIG Version: 5 Release: 21 Benchmark Date: 25 Oct 2019:SV-55222r1_rule
V-14622
DTAM100-McAfee VirusScan scan default values
DTAM100
CAT II
10
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Processes tab, locate the "Process Settings:" label. Select the "Configure one scanning policy for all processes" option. Select Save.
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Processes tab, locate the "Process Settings:" label. Ensure the "Configure one scanning policy for all processes" option is selected.
Criteria: If the "Configure one scanning policy for all processes" option is selected, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has been documented with, and approved by, the IAO/IAM, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk Processes has not been documented/approved by the IAO/IAM, this is a finding.
On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration
Criteria: If the value OnlyUseDefaultConfig is 1, this is not a finding.
If the value is 0 and the use of Low-Risk Processes/High-Risk Processes has not been documented and approved by the IAO/IAM, this is a finding.
V-14622
False
DTAM100
From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Processes tab, locate the "Process Settings:" label. Ensure the "Configure one scanning policy for all processes" option is selected.
Criteria: If the "Configure one scanning policy for all processes" option is selected, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has been documented with, and approved by, the IAO/IAM, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk Processes has not been documented/approved by the IAO/IAM, this is a finding.
On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration
Criteria: If the value OnlyUseDefaultConfig is 1, this is not a finding.
If the value is 0 and the use of Low-Risk Processes/High-Risk Processes has not been documented and approved by the IAO/IAM, this is a finding.
M
Information Assurance Officer
2266