STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.

DISA Rule

SV-80437r1_rule

Vulnerability Number

V-65947

Group Title

SRG-APP-000279

Rule Version

TMDS-00-000220

Severity

CAT II

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.

Configure the “Custom remediation actions” for “Recognized Malware” under the Policy settings for Anti-Malware.
- Under “Policies” tab right click any of the selected policies and click “Details.”
- Choose “Anti-Malware” and deselect “Default Real-Time Scan Configuration.” Be sure to re-enable this option once the review is complete.
- Click “Edit” and select “Actions.”
- Under the “Recognized Malware” configure the following settings:
- For Virus: Clean
- For Trojans: Quarantine
- For Packer: Quarantine
- For Spyware: Quarantine
- For Other Threats: Clean
- Under “Possible Malware” select “Quarantine.”

Check Contents

Review the Trend Deep Security server configuration to ensure malicious code is blocked and quarantined upon detection, then send an immediate alert to appropriate individuals.

Verify the “Custom remediation actions” for “Recognized Malware” under the Policy settings for Anti-Malware.
- Under “Policies” tab right click any of the selected policies and click “Details.”
- Choose “Anti-Malware” and deselect “Default Real-Time Scan Configuration.” Be sure to re-enable this option once the review is complete.
- Click “Edit” and select “Actions.”
- Under the “Recognized Malware” verify the following settings:
- For Virus: Clean
- For Trojans: Quarantine
- For Packer: Quarantine
- For Spyware: Quarantine
- For Other Threats: Clean
- Under “Possible Malware” verify “Quarantine” is selected.

If any of the settings are not configured accordingly, this is a finding.

Vulnerability Number

V-65947

Documentable

False

Rule Version

TMDS-00-000220

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure malicious code is blocked and quarantined upon detection, then send an immediate alert to appropriate individuals.

Verify the “Custom remediation actions” for “Recognized Malware” under the Policy settings for Anti-Malware.
- Under “Policies” tab right click any of the selected policies and click “Details.”
- Choose “Anti-Malware” and deselect “Default Real-Time Scan Configuration.” Be sure to re-enable this option once the review is complete.
- Click “Edit” and select “Actions.”
- Under the “Recognized Malware” verify the following settings:
- For Virus: Clean
- For Trojans: Quarantine
- For Packer: Quarantine
- For Spyware: Quarantine
- For Other Threats: Clean
- Under “Possible Malware” verify “Quarantine” is selected.

If any of the settings are not configured accordingly, this is a finding.

Check Content Reference

M

Target Key

2955

Comments