STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan On-Demand scan must be configured to record scanning activity in a log file.

DISA Rule

SV-56422r1_rule

Vulnerability Number

V-6618

Group Title

DTAM059-McAfee VirusScan log to file parameter

Rule Version

DTAM059

Severity

CAT II

CCI(s)

• CCI-001241 - The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log file" label. Select the "Enable activity logging and accept the default location for the log file or specify a new location" option.


Click OK to Save.

Check Contents

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log File" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.

Criteria: If "Enable activity logging and accept the default location for the log file or specify a new location" is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
DesktopProtection\Tasks

Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task.

Criteria: If, under the applicable GUID key, the bLogToFile does not have a value of 1, this is a finding.

Vulnerability Number

V-6618

Documentable

False

Rule Version

DTAM059

Severity Override Guidance

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log File" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.

Criteria: If "Enable activity logging and accept the default location for the log file or specify a new location" is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
DesktopProtection\Tasks

Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task.

Criteria: If, under the applicable GUID key, the bLogToFile does not have a value of 1, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

605

Comments