STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan On-Demand scan log file size must be restricted, but be configured to at least 10MB.

DISA Rule

SV-56425r1_rule

Vulnerability Number

V-6620

Group Title

DTAM060-McAfee VirusScan log file limit parameter

Rule Version

DTAM060

Severity

CAT II

CCI(s)

• CCI-001241 - The organization configures malicious code protection mechanisms to perform periodic scans of the information system on an organization-defined frequency.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log file" label.
Select the "Limit the size of log file" option.
Under "Maximum log file size:", choose a value of at least 10MB.


Click OK to Save.

Check Contents

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log file" label.

Criteria: If the "Limit the size of log file" option is selected and the "Maximum log file size:" is at least 10MB, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
DesktopProtection\Tasks

Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task.

Criteria: If, under the applicable GUID key, the bLimitSize value is not 1, this is a finding.
If the uKilobytes is less than 10240 (Decimal), this is a finding.
If the bLimitSize value is 1 and the uKilobytes value is 10240 (Decimal) or more, this is not a finding.

Vulnerability Number

V-6620

Documentable

False

Rule Version

DTAM060

Severity Override Guidance

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, with the assistance of the System Administrator, identify the weekly on-demand client scan task.
Right-click the Task and select Properties.

Under the Reports tab, locate the "Log file" label.

Criteria: If the "Limit the size of log file" option is selected and the "Maximum log file size:" is at least 10MB, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
DesktopProtection\Tasks

Under the DesktopProtection\Tasks, and with the assistance of the System Administrator, review each GUID key's szTaskName to find the GUID key associated with weekly on-demand client scan task.

Criteria: If, under the applicable GUID key, the bLimitSize value is not 1, this is a finding.
If the uKilobytes is less than 10240 (Decimal), this is a finding.
If the bLimitSize value is 1 and the uKilobytes value is 10240 (Decimal) or more, this is not a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

605

Comments