STIGQter STIGQter: STIG Summary: McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Jul 2018:

The McAfee MOVE AV Common Options policy must be configured to report all events to the Windows Event Log.

DISA Rule

SV-93215r1_rule

Vulnerability Number

V-78509

Group Title

MV45-COP-000001

Rule Version

MV45-COP-000001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "Options".

Select each configured Options policy.

Click "Show Advanced".

Under "Events", select the "Log event to Windows Application log" check box.

Click "Save".

Check Contents

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus Common 4.5.0" from the Product list.

From the Category list, select "Options".

Select each configured Options policy.

Click "Show Advanced".

Under "Events", verify the "Log event to Windows Application log" check box is selected.

If the "Log event to Windows Application log" check box is not selected, this is a finding.

Vulnerability Number

V-78509

Documentable

False

Rule Version

MV45-COP-000001

Severity Override Guidance

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus Common 4.5.0" from the Product list.

From the Category list, select "Options".

Select each configured Options policy.

Click "Show Advanced".

Under "Events", verify the "Log event to Windows Application log" check box is selected.

If the "Log event to Windows Application log" check box is not selected, this is a finding.

Check Content Reference

M

Target Key

3233

Comments