STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018: McAfee VirusScan On-Access Scanner All Processes settings must be configured to scan inside archive files.

DISA Rule

SV-56433r3_rule

Vulnerability Number

V-14628

Group Title

DTAM106-McAfee VirusScan scan inside archive

Rule Version

DTAM106

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Scan Items tab, locate the "Compressed files:" label. Select the "Scan inside archives (e.g., .ZIP)" option.

Click OK to Save.

Check Contents

NOTE: This requirement can be left not configured and marked as Not Applicable if the regularly scheduled on-demand scan, validated under V-6611, DTAM052, includes the scanning of archive files.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Scan Items tab, locate the "Compressed files:" label. Ensure the "Scan inside archives (e.g., .ZIP)" option is selected.

Criteria: If the "Scan inside archives (e.g., .ZIP)" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default

Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding.

Vulnerability Number

V-14628

Documentable

False

Rule Version

DTAM106

Severity Override Guidance

NOTE: This requirement can be left not configured and marked as Not Applicable if the regularly scheduled on-demand scan, validated under V-6611, DTAM052, includes the scanning of archive files.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select All Processes.

Under the Scan Items tab, locate the "Compressed files:" label. Ensure the "Scan inside archives (e.g., .ZIP)" option is selected.

Criteria: If the "Scan inside archives (e.g., .ZIP)" option is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner\McShield\Configuration\Default

Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

605

Comments