STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018:

McAfee VirusScan Access Protection Rules Anti-spyware Maximum Protection must be set to block and report when block execution of all programs from temp folder.

DISA Rule

SV-73795r3_rule

Vulnerability Number

V-59365

Group Title

DTAM170--Access Protection block execution of all programs from temp folder

Rule Version

DTAM170

Severity

CAT II

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Select the "Prevent all programs from running files from the Temp folder"(Block and Report) option.

Click OK to save.

Check Contents

Note: If the HIPS signatures 7010, 7011, 7020 and 7035 are enabled to provide this same protection, this check is Not Applicable.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Ensure the "Prevent all programs from running files from the Temp folder" (Block and Report) option is selected.

Criteria: If the "Prevent all programs from running files from the Temp folder" (Block and Report) option is selected, this is not a finding.

Vulnerability Number

V-59365

Documentable

False

Rule Version

DTAM170

Severity Override Guidance

Note: If the HIPS signatures 7010, 7011, 7020 and 7035 are enabled to provide this same protection, this check is Not Applicable.

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console.
Under the Task column, select Access Protection, right-click, and select Properties.

Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Anti-Spyware Maximum Protection". Ensure the "Prevent all programs from running files from the Temp folder" (Block and Report) option is selected.

Criteria: If the "Prevent all programs from running files from the Temp folder" (Block and Report) option is selected, this is not a finding.

Check Content Reference

M

Target Key

605

Comments