STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan On-Access Scanner All Processes settings must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM.

DISA Rule

SV-56410r1_rule

Vulnerability Number

V-14622

Group Title

DTAM100-McAfee VirusScan scan default values

Rule Version

DTAM100

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Processes tab, select the "Configure one scanning policy for all processes" option.

Click OK to Save.

Check Contents

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Processes tab, ensure the "Configure one scanning policy for all processes" is selected.

Criteria: If the "Configure one scanning policy for all processes" option is selected, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has been documented with, and approved by, the IAO/IAM, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has not been documented/approved by the IAO/IAM, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration

Criteria: If the value OnlyUseDefaultConfig is 1, this is not a finding.
If the value is 0 and the use of Low-Risk Processes/High-Risk processes has not been documented and approved by the IAO/IAM, this is a finding.

Vulnerability Number

V-14622

Documentable

False

Rule Version

DTAM100

Severity Override Guidance

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Processes tab, ensure the "Configure one scanning policy for all processes" is selected.

Criteria: If the "Configure one scanning policy for all processes" option is selected, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has been documented with, and approved by, the IAO/IAM, this is not a finding.
If the "Configure one scanning policy for all processes" option is not selected, and the use of Low-Risk Processes/High-Risk processes has not been documented/approved by the IAO/IAM, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration

Criteria: If the value OnlyUseDefaultConfig is 1, this is not a finding.
If the value is 0 and the use of Low-Risk Processes/High-Risk processes has not been documented and approved by the IAO/IAM, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

605

Comments