STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan must be configured to receive DAT and Engine updates.

DISA Rule

SV-56375r2_rule

Vulnerability Number

V-6585

Group Title

DTAM016-McAfee VirusScan autoupdate parameters

Rule Version

DTAM016

Severity

CAT II

CCI(s)

• CCI-001247 - The information system automatically updates malicious code protection mechanisms.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.

Under the Task column, find the AutoUpdate option, right-click, and choose Properties.
Click the Schedule button.
On the Task tab, select "Enable (scheduled task runs at specified time)".
On the Schedule tab, the "Run task:" option must be configured with Daily.

Click OK to save.

Check Contents

NOTE: Automatic updates to antivirus signature definitions are to be performed once every 24 hours for hosts connected to the network. Hosts not connected to the network must be updated manually.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.

Under the “Task” column, right-click on the “AutoUpdate” option, select “Properties”.
Click the “Schedule” button.
On the “Task” tab, the selection for "Enable (scheduled task runs at specified time)" must be selected.
On the “Schedule” tab, the "Run task:" option must be configured with “Daily”.

Alternative Registry method:
Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee for 32-bit systems
HKLM\Software\Wow6432Node\McAfee for 64-bit systems
\DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87BF-e3247CE382F5}

Criteria:
If “bSchedEnabled=1” (indicates Scheduling is enabled) and “eScheduleType=0” (indicates Daily), this is not a finding.

If “bSchedEnabled=0” (indicates Scheduling is not enabled), this is a finding.

If the “AutoUpdate” task schedule is not enabled, or is not configured to run at a frequency of “Daily”, this is a finding.

Vulnerability Number

V-6585

Documentable

False

Rule Version

DTAM016

Severity Override Guidance

NOTE: Automatic updates to antivirus signature definitions are to be performed once every 24 hours for hosts connected to the network. Hosts not connected to the network must be updated manually.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.

Under the “Task” column, right-click on the “AutoUpdate” option, select “Properties”.
Click the “Schedule” button.
On the “Task” tab, the selection for "Enable (scheduled task runs at specified time)" must be selected.
On the “Schedule” tab, the "Run task:" option must be configured with “Daily”.

Alternative Registry method:
Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee for 32-bit systems
HKLM\Software\Wow6432Node\McAfee for 64-bit systems
\DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87BF-e3247CE382F5}

Criteria:
If “bSchedEnabled=1” (indicates Scheduling is enabled) and “eScheduleType=0” (indicates Daily), this is not a finding.

If “bSchedEnabled=0” (indicates Scheduling is not enabled), this is a finding.

If the “AutoUpdate” task schedule is not enabled, or is not configured to run at a frequency of “Daily”, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

605

Comments