STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan Access Protection Rules must be configured to prevent McAfee services from being stopped.

DISA Rule

SV-55277r2_rule

Vulnerability Number

V-42549

Group Title

DTAM138 - Access Protection McAfee services protection

Rule Version

DTAM138

Severity

CAT I

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, select the "Prevent McAfee services from being stopped" option.

Click OK to save.

Check Contents

Note: If the HIPS signature 3892 is enabled to provide the "Prevent termination of McAfee processes" protection, this check is not applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, ensure the "Prevent McAfee services from being stopped" option is selected.

Criteria: If the "Prevent McAfee services from being stopped" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value of PVSPTEnabled is REG_DWORD = 1, this is not a finding.

Vulnerability Number

V-42549

Documentable

False

Rule Version

DTAM138

Severity Override Guidance

Note: If the HIPS signature 3892 is enabled to provide the "Prevent termination of McAfee processes" protection, this check is not applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, ensure the "Prevent McAfee services from being stopped" option is selected.

Criteria: If the "Prevent McAfee services from being stopped" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value of PVSPTEnabled is REG_DWORD = 1, this is not a finding.

Check Content Reference

M

Target Key

605

Comments