STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan On-Delivery Email Scanner must be configured to log session summary and failure to scan encrypted files.

DISA Rule

SV-55299r3_rule

Vulnerability Number

V-42571

Group Title

DTAM159-McAfee VirusScan Email on-delivery log session summary

Rule Version

DTAM159

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.

Under the “Task” column, select the “On-Delivery Email Scanner” Option, right-click, and select “Properties”.

Under the “Reports” tab, locate the "What to log in addition to scanning activity:" label.

Select the "Session summary" and "Failure to scan encrypted files" options.

Click “OK” to save.

Check Contents

Note: If an email client is not running on this system, this check can be marked as Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties.

Under the Reports tab, locate the "What to log in addition to scanning activity" label.
Ensure the "Session summary", and "Failure to scan encrypted files", options are both selected.

Criteria: If the "Session summary" and "Failure to scan encrypted files" options are selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions

Criteria: If the “dwLogEvent” value is not “0x000001a0 (416)”, this is a finding.

Vulnerability Number

V-42571

Documentable

False

Rule Version

DTAM159

Severity Override Guidance

Note: If an email client is not running on this system, this check can be marked as Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties.

Under the Reports tab, locate the "What to log in addition to scanning activity" label.
Ensure the "Session summary", and "Failure to scan encrypted files", options are both selected.

Criteria: If the "Session summary" and "Failure to scan encrypted files" options are selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions

Criteria: If the “dwLogEvent” value is not “0x000001a0 (416)”, this is a finding.

Check Content Reference

M

Target Key

605

Comments