STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Managed Client STIG Version: 5 Release: 21 Benchmark Date: 25 Oct 2019:

McAfee VirusScan On-Demand scan log file size must be restricted and be configured to at least 10MB.

DISA Rule

SV-55211r3_rule

Vulnerability Number

V-6620

Group Title

DTAM060-McAfee VirusScan log file limit parameter

Rule Version

DTAM060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Tasks on a Single System. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the client scan task under review, under the Task Type column, ensure it is an "On Demand scan" and in the Status column, ensure that the status is "Enabled". In the Task Name column, select the weekly on demand task. Under the Reports tab, locate the "Log file size:" label. Select the "Limit the size of log file" option. For the "Maximum log file size:", select a value of 10MB or more. Select Save.

Check Contents

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Tasks on a Single System. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the client scan task under review, under the Task Type column, ensure it is an "On Demand scan" and in the Status column, ensure that the status is "Enabled". In the Actions column, select "Edit Assignment". Locate the "Task to Schedule:" label. Verify the Product is "VirusScan Enterprise 8.8.0" and the Task Type is "On Demand Scan". In the Task name column, select "View Selected Task".

Under the Reports tab, locate the "Log file size:" label.
Criteria: If the "Limit the size of log file" option is selected and the "Maximum log file size:" is at least 10MB, this is not a finding.

Locally, on the client machine, use the Windows Explorer to navigate to the following folder: (This folder may be hidden.)
%SystemDrive%\ProgramData\McAfee\Common Framework\Task (64-Bit)

If folder(s) do not exist, an alternative method of validating is via the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks] and are referenced by a GUID for each task.

Multiple .ini files will be stored in this folder, one for each task defined on the ePO server for this client. The name for each task is identified in the first section of the file under the [Task] section on the TaskName= "" line. Additionally, a TaskType= line is provided to describe the type of scan. In this case, TaskType=VSC700_Scan_Task is expected. Information for this check is determined by examining the contents of this file.
Criteria: If the value of bLimitSize value is not 1, this is a finding.
If the uKilobytes is less than 10240 (Decimal), this is a finding.
If the bLimitSize value is 1 and the uKilobytes value is 10240 (Decimal) or more, this is not a finding.

Vulnerability Number

V-6620

Documentable

False

Rule Version

DTAM060

Severity Override Guidance

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Tasks on a Single System. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the client scan task under review, under the Task Type column, ensure it is an "On Demand scan" and in the Status column, ensure that the status is "Enabled". In the Actions column, select "Edit Assignment". Locate the "Task to Schedule:" label. Verify the Product is "VirusScan Enterprise 8.8.0" and the Task Type is "On Demand Scan". In the Task name column, select "View Selected Task".

Under the Reports tab, locate the "Log file size:" label.
Criteria: If the "Limit the size of log file" option is selected and the "Maximum log file size:" is at least 10MB, this is not a finding.

Locally, on the client machine, use the Windows Explorer to navigate to the following folder: (This folder may be hidden.)
%SystemDrive%\ProgramData\McAfee\Common Framework\Task (64-Bit)

If folder(s) do not exist, an alternative method of validating is via the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks] and are referenced by a GUID for each task.

Multiple .ini files will be stored in this folder, one for each task defined on the ePO server for this client. The name for each task is identified in the first section of the file under the [Task] section on the TaskName= "" line. Additionally, a TaskType= line is provided to describe the type of scan. In this case, TaskType=VSC700_Scan_Task is expected. Information for this check is determined by examining the contents of this file.
Criteria: If the value of bLimitSize value is not 1, this is a finding.
If the uKilobytes is less than 10240 (Decimal), this is a finding.
If the bLimitSize value is 1 and the uKilobytes value is 10240 (Decimal) or more, this is not a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2266

Comments