STIGQter: STIG Summary: Symantec Endpoint Protection 12.1 Managed Client Antivirus Version: 1 Release: 4 Benchmark Date: 24 Jul 2015: The Symantec Endpoint Protection client Outlook Auto-Protect must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.

DISA Rule

SV-55459r1_rule

Vulnerability Number

V-42731

Group Title

DTASEP076

Rule Version

DTASEP076

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Email Scans -> Select Microsoft Outlook Auto-Protect -> Select the Notifications tab -> Under Email Notifications -> Select "Send email to others" -> select Others -> Add the IAO, IAM, and/or ePO administrator email addresses.

Check Contents

Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Email Scans -> Select Microsoft Outlook Auto-Protect -> Select the Notifications tab -> Under Email Notifications -> Ensure "Send email to others" is selected -> select Others -> Ensure the IAO, IAM, and/or ePO administrator are listed.

Criteria: If "Send email to others" is not selected, this is a finding.
If "Send email to others" is selected and the IAO, IAM, and/ or the ePO administrator email addresses are not listed, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient\RealTimeScan
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient\RealTimeScan

Criteria: If the value of NotifySelected is not 1, this is a finding.

Vulnerability Number

V-42731

Documentable

False

Rule Version

DTASEP076

Severity Override Guidance

Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Email Scans -> Select Microsoft Outlook Auto-Protect -> Select the Notifications tab -> Under Email Notifications -> Ensure "Send email to others" is selected -> select Others -> Ensure the IAO, IAM, and/or ePO administrator are listed.

Criteria: If "Send email to others" is not selected, this is a finding.
If "Send email to others" is selected and the IAO, IAM, and/ or the ePO administrator email addresses are not listed, this is a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
32 bit:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient\RealTimeScan
64 bit:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient\RealTimeScan

Criteria: If the value of NotifySelected is not 1, this is a finding.

Check Content Reference

M

Target Key

2566

Comments