STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Apr 2020:

A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes.

DISA Rule

SV-77559r2_rule

Vulnerability Number

V-63069

Group Title

SRG-APP-000276

Rule Version

DTAVSEL-205

Severity

CAT II

CCI(s)

• CCI-001240 - The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

Weight

10

Fix Recommendation

Configure Automatic Response to capture all required event descriptions and to send email notifications to the System Administrator(s).

Check Contents

The preferred method for notification is via ePO Automatic Responses using SMTP.

Consult with the System Administrator to determine whether ePO Automatic Responses are configured or whether some other notification mechanism (i.e., regular manual review of reports)is used.

If ePO Automatic Responses are not configured, some other notification mechanism must be configured.

For ePO Automatic Response using SMTP:

Log onto the ePO server console.

From Menu, select Automation >> Automatic Responses.

With the assistance of the System Administrator, determine the Automatic Responses configured for this requirement.

Click on Edit to review each of the designated Automatic Responses.

Automatic Responses must be configured for the following Event Descriptions, at a minimum, with a response of "Send Email" to System Administrator(s).

The DAT version was not new enough.
Boot record infection clean error.
Buffer overflow detected and NOT blocked.
Centralized Alerting-Scan reported an internal application error.
Centralized Alerting-Scan reports general system error.
Centralized Alerting-Scan reports memory allocation error.
File infected. Delete failed, quarantine failed.

If Automatic Response is not configured to detect the minimum Event Descriptions and/or is not configured to send an email notification to the System Administrator(s) or some other mechanism is not used to provide this notification to System Administrators, this is a finding.

Vulnerability Number

V-63069

Documentable

False

Rule Version

DTAVSEL-205

Severity Override Guidance

The preferred method for notification is via ePO Automatic Responses using SMTP.

Consult with the System Administrator to determine whether ePO Automatic Responses are configured or whether some other notification mechanism (i.e., regular manual review of reports)is used.

If ePO Automatic Responses are not configured, some other notification mechanism must be configured.

For ePO Automatic Response using SMTP:

Log onto the ePO server console.

From Menu, select Automation >> Automatic Responses.

With the assistance of the System Administrator, determine the Automatic Responses configured for this requirement.

Click on Edit to review each of the designated Automatic Responses.

Automatic Responses must be configured for the following Event Descriptions, at a minimum, with a response of "Send Email" to System Administrator(s).

The DAT version was not new enough.
Boot record infection clean error.
Buffer overflow detected and NOT blocked.
Centralized Alerting-Scan reported an internal application error.
Centralized Alerting-Scan reports general system error.
Centralized Alerting-Scan reports memory allocation error.
File infected. Delete failed, quarantine failed.

If Automatic Response is not configured to detect the minimum Event Descriptions and/or is not configured to send an email notification to the System Administrator(s) or some other mechanism is not used to provide this notification to System Administrators, this is a finding.

Check Content Reference

M

Target Key

2939

Comments