STIGQter: STIG Summary: McAfee MOVE Agentless 3.6.1 Security Virtual Appliance STIG Version: 1 Release: 5 Benchmark Date: 28 Oct 2016:

The Virtual Machine must have VMware vShield Endpoint thin client installed and shown as protected in the vShield Manager.

DISA Rule

SV-56609r2_rule

Vulnerability Number

V-43788

Group Title

AV-MOVE-VM-001 Virtual Machine protected status

Rule Version

AV-MOVE-VM-001

Severity

CAT I

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

If the virtual machine is not showing as a "Protected VM", install VMware Tools on the guest VM and select Custom install of VMware tools. In the vSphere Client, right-click the appropriate VM, select Guest | Install/Upgrade VMware Tools.
In the Install/Upgrade Tools dialog box, select Interactive Tools Upgrade and click OK.
Depending on the environment, select setup.exe or setup64.exe and run it as administrator.
Select Custom then click Next.
Expand VMware Device Drivers | VMCI Drivers, then select vShield Drivers | This feature will be installed on local hard drive.
Access vShield Manager to confirm the virtual machine is showing as a "Protected VM".

Check Contents

This STIG setting validates whether a virtual machine is protected by the McAfee MOVE Agentless 3.6.1.

With the assistance of the System Administrator, verify the client is reporting to the endpoint solution in vShield:

a. Log in to vShield Manager
b. Browse to Datacenters | <yourdatacenter> | <esx host of vm> | Endpoint tab.

Virtual machines should be listed with a description of Thin Agent Enabled.

If virtual machines are not listed with a description of Thin Agent Enabled, this is a finding.

Vulnerability Number

V-43788

Documentable

False

Rule Version

AV-MOVE-VM-001

Severity Override Guidance

This STIG setting validates whether a virtual machine is protected by the McAfee MOVE Agentless 3.6.1.

With the assistance of the System Administrator, verify the client is reporting to the endpoint solution in vShield:

a. Log in to vShield Manager
b. Browse to Datacenters | <yourdatacenter> | <esx host of vm> | Endpoint tab.

Virtual machines should be listed with a description of Thin Agent Enabled.

If virtual machines are not listed with a description of Thin Agent Enabled, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2579

Comments