STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan Access Protection Properties must be configured to enable access protection.

DISA Rule

SV-55301r3_rule

Vulnerability Number

V-42573

Group Title

DTAM161-Access Protection enablement

Rule Version

DTAM161

Severity

CAT II

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, select the "Enable Access Protection" option.

Click OK to save.

Check Contents

NOTE: Access Protection must be enabled in order to afford protection identified in DTAM150 and DTAM151.

If HIPS signatures are enabled to provide the same protection as DTAM138, DTAM139, DTAM140, DTAM141, DTAM142, DTAM143, DTAM144, DTAM145, DTAM146, DTAM147, DTAM148 and DTAM149, those checks may be individually marked as not applicable.


Under the Access Protection tab, ensure the "Enable Access Protection" option is selected.

Criteria: If the "Enable Access Protection" option is not selected, this is a finding.

On the client machine use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value APEnabled is not set to "1", this is a finding.

Vulnerability Number

V-42573

Documentable

False

Rule Version

DTAM161

Severity Override Guidance

NOTE: Access Protection must be enabled in order to afford protection identified in DTAM150 and DTAM151.

If HIPS signatures are enabled to provide the same protection as DTAM138, DTAM139, DTAM140, DTAM141, DTAM142, DTAM143, DTAM144, DTAM145, DTAM146, DTAM147, DTAM148 and DTAM149, those checks may be individually marked as not applicable.


Under the Access Protection tab, ensure the "Enable Access Protection" option is selected.

Criteria: If the "Enable Access Protection" option is not selected, this is a finding.

On the client machine use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value APEnabled is not set to "1", this is a finding.

Check Content Reference

M

Target Key

605

Comments