STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan On-Access Scanner General Settings must be configured to log the scan sessions.

DISA Rule

SV-56371r1_rule

Vulnerability Number

V-6474

Group Title

DTAM009-McAfee VirusScan Control Panel log

Rule Version

DTAM009

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the Reports tab, locate the "Log file" label. Select the "Enable activity logging and accept the default location for the log file or specify a new location" option.

Click OK to Save.

Check Contents

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the Reports tab, locate the "Log file" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.

Criteria: If the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit)SystemCore\VSCore\On Access Scanner\McShield\Configuration

Criteria: If the value of bLogtoFile is 1, this is not a finding. If the value is 0, this is a finding.

Vulnerability Number

V-6474

Documentable

False

Rule Version

DTAM009

Severity Override Guidance

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the Reports tab, locate the "Log file" label. Ensure the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected.

Criteria: If the "Enable activity logging and accept the default location for the log file or specify a new location" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit)SystemCore\VSCore\On Access Scanner\McShield\Configuration

Criteria: If the value of bLogtoFile is 1, this is not a finding. If the value is 0, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

605

Comments