STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured to display a dialog box when a buffer overflow is detected.

DISA Rule

SV-56424r1_rule

Vulnerability Number

V-14659

Group Title

DTAM132-McAfee VirusScan buffer overflow message

Rule Version

DTAM132

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the "Buffer overflow settings" label. Select the "Show the messages dialog box when a buffer overflow is detected" option.

Click OK to Save.

Check Contents

NOTE: Buffer Overflow Protection is not installed on 64-bit systems; this check would be Not Applicable to 64-bit systems.

NOTE: On 32-bit systems, when Host Intrusion Prevention is also installed, Buffer Overflow Protection will show as "Disabled because a Host Intrusion Prevention product is installed"; this check would be Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the "Buffer overflow settings" label. Ensure the "Show the messages dialog box when a buffer overflow is detected" option is selected.

Criteria: If the "Show the messages dialog box when a buffer overflow is detected" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value BOPShowMessages is 1, this is not a finding. If the value is 0, this is a finding.

Vulnerability Number

V-14659

Documentable

False

Rule Version

DTAM132

Severity Override Guidance

NOTE: Buffer Overflow Protection is not installed on 64-bit systems; this check would be Not Applicable to 64-bit systems.

NOTE: On 32-bit systems, when Host Intrusion Prevention is also installed, Buffer Overflow Protection will show as "Disabled because a Host Intrusion Prevention product is installed"; this check would be Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the "Buffer overflow settings" label. Ensure the "Show the messages dialog box when a buffer overflow is detected" option is selected.

Criteria: If the "Show the messages dialog box when a buffer overflow is detected" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
SystemCore\VSCore\On Access Scanner\BehaviourBlocking

Criteria: If the value BOPShowMessages is 1, this is not a finding. If the value is 0, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

605

Comments