STIGQter: STIG Summary: McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Jul 2018:

Process exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.

DISA Rule

SV-93245r1_rule

Vulnerability Number

V-78539

Group Title

MV45-OAS-000008

Rule Version

MV45-OAS-000008

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Under "Exclusions", remove any Process Exclusions that have been configured other than the following:

%WINDIR%\system32\mssearch.exe
UserProfileManager.exe
%WINDIR%\system32\searchindexer.exe
%WINDIR%\system32\mssdmn.exe
%WINDIR%\system32\winfs\winfs.exe
%WINDIR%\system32\mssfh.exe

Click "Save".

Check Contents

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Under "Exclusions", verify no Process Exclusions have been configured other than the following:

%WINDIR%\system32\mssearch.exe
UserProfileManager.exe
%WINDIR%\system32\searchindexer.exe
%WINDIR%\system32\mssdmn.exe
%WINDIR%\system32\winfs\winfs.exe
%WINDIR%\system32\mssfh.exe

If any Process Exclusions are configured and those Process Exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

Vulnerability Number

V-78539

Documentable

False

Rule Version

MV45-OAS-000008

Severity Override Guidance

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Under "Exclusions", verify no Process Exclusions have been configured other than the following:

%WINDIR%\system32\mssearch.exe
UserProfileManager.exe
%WINDIR%\system32\searchindexer.exe
%WINDIR%\system32\mssdmn.exe
%WINDIR%\system32\winfs\winfs.exe
%WINDIR%\system32\mssfh.exe

If any Process Exclusions are configured and those Process Exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

Check Content Reference

Target Key

3233

Process exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments