STIGQter STIGQter: STIG Summary: McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide

Version: 1

Release: 2 Benchmark Date: 27 Jul 2018

CheckedNameTitle
SV-93215r1_ruleThe McAfee MOVE AV Common Options policy must be configured to report all events to the Windows Event Log.
SV-93217r1_ruleThe McAfee MOVE AV Common Options policy must be configured to send all events to the HBSS ePO server.
SV-93219r1_ruleThe McAfee MOVE AV Common Options policy must be configured to not rotate log files until they reach at least 10 MB in size.
SV-93221r1_ruleThe McAfee MOVE AV Common Options policy must be configured to enable self-protection.
SV-93223r1_ruleAll other anti-virus products must be removed from the virtual machine while the McAfee AV Client is running.
SV-93225r1_ruleThe McAfee MOVE AV policies must be configured with and managed by the HBSS ePO server.
SV-93227r1_ruleThe admin password for the McAfee MOVE AV Security Virtual Machine (SVM) must be changed from the default.
SV-93229r1_ruleThe McAfee VirusScan Enterprise Access Protection rules must be used for self-protection of the files and folder of the McAfee Security Virtual Manager (SVM).
SV-93231r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured to enable protection.
SV-93233r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured with a scan timeout of 45 seconds or more.
SV-93235r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured to cache scan results for files smaller than 40 MB.
SV-93237r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured to scan when writing to disk.
SV-93239r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured to scan when reading from disk.
SV-93241r1_ruleThe McAfee MOVE AV On Access Scan Policy must be configured to scan all file types.
SV-93243r1_rulePath or file exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.
SV-93245r1_ruleProcess exclusions configured in McAfee MOVE AV On Access Scan Policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.
SV-93247r1_ruleThe McAfee MOVE AV On Access Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection.
SV-93249r1_ruleThe McAfee MOVE AV On Demand Scan policy must be configured to enable on-demand scan.
SV-93251r1_ruleThe McAfee MOVE AV On Demand Scan policy must be configured to enforce a maximum time for each file scan of no less than 45 seconds.
SV-93253r1_ruleThe McAfee MOVE AV On Demand Scan policy must be explicitly configured to stop an on-demand scan after an organization-specific period.
SV-93255r1_ruleThe McAfee MOVE AV On Demand Scan policy must be configured to cache scan results for files smaller than 40 MB.
SV-93257r1_ruleThe McAfee MOVE AV On Demand Scan policy must be configured to delete files automatically and quarantine as the first response of a threat detection.
SV-93259r1_ruleThe McAfee MOVE AV On Demand Scan policy must be configured to scan all file types.
SV-93261r1_rulePath Exclusions configured in the McAfee MOVE AV On Demand Scan policy must be formally documented by the System Administrator and approved by the ISSO/ISSM.
SV-93263r1_ruleThe McAfee MOVE AV On-Demand Scan interval must be set to no more than every seven days.
SV-93265r2_ruleThe McAfee MOVE AV Options Policy must be configured with the location of quarantine to ensure consistency across all systems.
SV-93267r1_ruleThe McAfee MOVE AV Options Policy must be configured to automatically delete quarantined data after a time period of no more than 28 days.
SV-93269r1_ruleThe McAfee MOVE AV SVM Settings policy ODS scan interval must be set to no more than every seven days.
SV-93271r1_ruleThe McAfee MOVE AV SVM must have McAfee VirusScan Enterprise installed.
SV-93273r1_ruleThe McAfee MOVE AV SVM must be managed by the HBSS ePO server.
SV-93275r1_ruleThe McAfee MOVE AV SVM must be configured with a static Internet Protocol (IP) address.
SV-93277r1_ruleThe McAfee MOVE AV SVM Settings policy must be configured to scan for potentially unwanted programs.
SV-93279r1_ruleThe McAfee MOVE AV SVM Settings policy must be configured to scan for Multipurpose Internet Mail Extensions (MIME)-encoded files.
SV-93281r1_ruleThe McAfee MOVE AV SVM Settings policy must be configured to use McAfee Global Threat Intelligence file reputation with a sensitivity level of medium or higher.