SV-56421r1_rule
V-14660
DTAM133-McAfee VirusScan buffer overflow log
DTAM133
CAT II
10
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.
Under the Reports tab, locate the "Log file" label. Select the "Enable activity logging and accept the default location for the log file or specify a new location" option.
Click OK to Save.
NOTE: Buffer Overflow Protection is not installed on 64-bit systems; this check would be Not Applicable to 64-bit systems.
NOTE: On 32-bit systems, when Host Intrusion Prevention is also installed, Buffer Overflow Protection will show as "Disabled because a Host Intrusion Prevention product is installed"; this check would be Not Applicable.
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.
Under the Reports tab, locate the "Log file" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.
Criteria: If the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected, this is not a finding.
On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking
Criteria: If the value bLogToFile_Ent is 1, this is not a finding. If the value is 0, this is a finding.
V-14660
False
DTAM133
NOTE: Buffer Overflow Protection is not installed on 64-bit systems; this check would be Not Applicable to 64-bit systems.
NOTE: On 32-bit systems, when Host Intrusion Prevention is also installed, Buffer Overflow Protection will show as "Disabled because a Host Intrusion Prevention product is installed"; this check would be Not Applicable.
Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.
Under the Reports tab, locate the "Log file" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.
Criteria: If the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected, this is not a finding.
On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking
Criteria: If the value bLogToFile_Ent is 1, this is not a finding. If the value is 0, this is a finding.
M
Information Assurance Officer
605