STIGQter: STIG Summary: McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Dec 2017:

Path Exclusions configured in the McAfee MOVE AV On Demand Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.

DISA Rule

SV-93193r1_rule

Vulnerability Number

V-78487

Group Title

MV45-ODS-200007

Rule Version

MV45-ODS-200007

Severity

CAT II

CCI(s)

CCI-001241 - The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Weight

Fix Recommendation

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "Exclusions", remove any Path Exclusions, other than the following paths, that have not been formally documented by the System Administrator and approved by the ISSO/ISSM:

**\McAfee\Common Framework\
**\Program Files\McAfee\Agent\
*.log

Click "Save".

Check Contents

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "Exclusions", verify the Path Exclusions include only the following paths:

**\McAfee\Common Framework\
**\Program Files\McAfee\Agent\
*.log

If any Path Exclusions are included other than those specified above, and the exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

Vulnerability Number

V-78487

Documentable

False

Rule Version

MV45-ODS-200007

Severity Override Guidance

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Demand Scan".

Select each configured On Demand Scan policy.

Click "Show Advanced".

Under "Exclusions", verify the Path Exclusions include only the following paths:

**\McAfee\Common Framework\
**\Program Files\McAfee\Agent\
*.log

If any Path Exclusions are included other than those specified above, and the exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

Check Content Reference

Target Key

3227

Path Exclusions configured in the McAfee MOVE AV On Demand Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments