STIGQter STIGQter: STIG Summary: McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Jul 2018: The McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection.

DISA Rule

SV-93247r1_rule

Vulnerability Number

V-78541

Group Title

MV45-OAS-000009

Rule Version

MV45-OAS-000009

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured "On Access Scan" policy.

Click "Actions".

Under "Threat detection first response", select "Delete files automatically and quarantine" from the drop-down list.

Click "Save".

Check Contents

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Click "Actions".

Under "Threat detection first response", verify "Delete files automatically and quarantine" is selected.

If "Threat detection first response" is not set to "Delete files automatically and quarantine", this is a finding.

Vulnerability Number

V-78541

Documentable

False

Rule Version

MV45-OAS-000009

Severity Override Guidance

Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Click "Actions".

Under "Threat detection first response", verify "Delete files automatically and quarantine" is selected.

If "Threat detection first response" is not set to "Delete files automatically and quarantine", this is a finding.

Check Content Reference

M

Target Key

3233

Comments