STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Apr 2020:

The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed.

DISA Rule

SV-77521r1_rule

Vulnerability Number

V-63031

Group Title

SRG-APP-000278

Rule Version

DTAVSEL-019

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list.

From the list of systems, locate the asset representing the Linux system being reviewed. Click on the system to open the System Information page.

Click on Actions >> Agent >> Modify Policies on a Single System.
From the "Product:" drop-down list, select "VirusScan Enterprise for Linux 1.9.x/2.0.x".
From the "Policy" column, click on the policy for the "On-Access Scanning Policy".
In the "Detections" tab, next to "Scan files:", select the check box for "On network mounted volume".

Click "Apply".

Check Contents

With the System Administrator's assistance, determine network mounted volumes on the Linux system being reviewed.

If network mounted volumes are mounted, verify whether anti-virus protection is locally installed on, and configured to protect, the network servers to which the mounted volumes connect.

If all network servers to which mounted volumes connect are protected by locally installed and configured anti-virus protection, this check for the Linux system being reviewed is Not Applicable.

If no network mounted volumes are configured on the Linux system being reviewed, this check is Not Applicable.

If mounted volumes exist on the Linux system being reviewed which are connecting to network servers which lack locally installed and configured anti-virus protection, this check must be validated.

From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list.

From the list of systems, locate the asset representing the Linux system being reviewed. Click on the system to open the System Information page.

Click on Actions >> Agent >> Modify Policies on a Single System.
From the "Product:" drop-down list, select "VirusScan Enterprise for Linux 1.9.x/2.0.x".
From the "Policy" column, click on the policy for the "On-Access Scanning Policy"
In the "Detections" tab, next to "Scan files:", verify the check box for "On network mounted volumes" is selected.

If the check box for "On network mounted volumes" is not selected, this is a finding.

Vulnerability Number

V-63031

Documentable

False

Rule Version

DTAVSEL-019

Severity Override Guidance

With the System Administrator's assistance, determine network mounted volumes on the Linux system being reviewed.

If network mounted volumes are mounted, verify whether anti-virus protection is locally installed on, and configured to protect, the network servers to which the mounted volumes connect.

If all network servers to which mounted volumes connect are protected by locally installed and configured anti-virus protection, this check for the Linux system being reviewed is Not Applicable.

If no network mounted volumes are configured on the Linux system being reviewed, this check is Not Applicable.

If mounted volumes exist on the Linux system being reviewed which are connecting to network servers which lack locally installed and configured anti-virus protection, this check must be validated.

From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list.

From the list of systems, locate the asset representing the Linux system being reviewed. Click on the system to open the System Information page.

Click on Actions >> Agent >> Modify Policies on a Single System.
From the "Product:" drop-down list, select "VirusScan Enterprise for Linux 1.9.x/2.0.x".
From the "Policy" column, click on the policy for the "On-Access Scanning Policy"
In the "Detections" tab, next to "Scan files:", verify the check box for "On network mounted volumes" is selected.

If the check box for "On network mounted volumes" is not selected, this is a finding.

Check Content Reference

M

Target Key

2939

Comments