STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan Access Protection Rules Anti-Virus Standard Protection must be set to prevent mass mailing worms from sending mail.

DISA Rule

SV-55289r2_rule

Vulnerability Number

V-42561

Group Title

DTAM150-Access Protection mass mailing worms

Rule Version

DTAM150

Severity

CAT II

CCI(s)

• CCI-001170 - The information system prevents the automatic execution of mobile code in organization-defined software applications.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Select both "Prevent mass mailing worms from sending email" (Block and Report) options.

Click OK to save.

Check Contents

NOTE: If the system being reviewed has the function of sending email via the SMTP protocol, this setting is not applicable.

NOTE: Since there is no HIPS signature to provide this same protection, this check is applicable even if HIPS is enabled.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Ensure "Prevent mass mailing worms from sending email" (Block and Report) options are both selected. Click Edit. Under the "Processes to exclude:" section, verify no processes are listed. If any processes are listed, they must be documented with, and approved by, the IAO/IAM.

Criteria:
If "Prevent mass mailing worms from sending email" (Block and Report) options are not both selected. This is a finding.
If "Prevent mass mailing worms from sending email" (Block and Report) options are both selected, and any listed "Processes to exclude:" are approved by the IAO/IAM, this is not a finding.
If "Prevent mass mailing worms from sending email" (Block and Report) options are both selected, but listed "Processes to exclude:" have not been approved by the IAO/IAM, this is a finding.

Vulnerability Number

V-42561

Documentable

False

Rule Version

DTAM150

Severity Override Guidance

NOTE: If the system being reviewed has the function of sending email via the SMTP protocol, this setting is not applicable.

NOTE: Since there is no HIPS signature to provide this same protection, this check is applicable even if HIPS is enabled.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Virus Standard Protection". Ensure "Prevent mass mailing worms from sending email" (Block and Report) options are both selected. Click Edit. Under the "Processes to exclude:" section, verify no processes are listed. If any processes are listed, they must be documented with, and approved by, the IAO/IAM.

Criteria:
If "Prevent mass mailing worms from sending email" (Block and Report) options are not both selected. This is a finding.
If "Prevent mass mailing worms from sending email" (Block and Report) options are both selected, and any listed "Processes to exclude:" are approved by the IAO/IAM, this is not a finding.
If "Prevent mass mailing worms from sending email" (Block and Report) options are both selected, but listed "Processes to exclude:" have not been approved by the IAO/IAM, this is a finding.

Check Content Reference

M

Target Key

605

Comments