STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG

Version: 5

Release: 16 Benchmark Date: 27 Jul 2018

CheckedNameTitle
SV-56365r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to enable on-access scanning at system startup.
SV-56367r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to scan boot sectors.
SV-56368r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to scan floppy during shutdown.
SV-56369r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to notify local users when detections occur.
SV-56370r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to prevent users from removing messages from the list.
SV-56371r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to log the scan sessions.
SV-56372r1_ruleMcAfee VirusScan On-Access Scanner General Settings log file size must be restricted and be configured to at least 10MB.
SV-56373r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to log the session summary.
SV-56374r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to log any failure to scan encrypted files.
SV-56375r2_ruleMcAfee VirusScan must be configured to receive DAT and Engine updates.
SV-56376r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to enable on-delivery email scanning.
SV-56386r2_ruleMcAfee VirusScan On-Delivery Email Scanner must be configured to find unknown program threats and trojans.
SV-56387r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to find unknown macro threats.
SV-56389r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to decode MIME encoded files.
SV-56390r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to scan email message body.
SV-56391r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties, When a threat is found, must be configured to clean attachments as the first action.
SV-56392r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to record scanning activity in a log file.
SV-56393r2_ruleMcAfee VirusScan On-Delivery Email Scanner log file size must be restricted and be configured to be at least 10MB.
SV-56396r2_ruleMcAfee VirusScan On-Demand scan must be configured to scan all fixed, or local, disks and running processes.
SV-56397r1_ruleMcAfee VirusScan On-Demand scan must be configured to scan all subfolders.
SV-56398r1_ruleMcAfee VirusScan On-Demand scan must be configured to scan boot sectors.
SV-56399r1_ruleMcAfee VirusScan On-Demand scan must be configured to scan all files.
SV-56401r2_ruleMcAfee VirusScan On-Demand scan must be configured so there are no exclusions from the scan unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-56403r2_ruleMcAfee VirusScan On-Demand scan must be configured to scan inside archives.
SV-56404r1_ruleMcAfee VirusScan On-Demand scan must be configured to decode MIME encoded files.
SV-56419r1_ruleMcAfee VirusScan On-Demand scan must be configured to find unknown program threats.
SV-56409r1_ruleMcAfee VirusScan On-Demand scan must be configured to find unknown macro threats.
SV-56420r1_ruleMcAfee VirusScan On-Demand scan actions, When a threat is found must be configured to clean files automatically as first action.
SV-56414r1_ruleMcAfee VirusScan On-Demand scan actions, When a threat is found must be configured to delete files automatically if first action fails.
SV-56422r1_ruleMcAfee VirusScan On-Demand scan must be configured to record scanning activity in a log file.
SV-56425r1_ruleMcAfee VirusScan On-Demand scan log file size must be restricted, but be configured to at least 10MB.
SV-56423r1_ruleMcAfee VirusScan On-Demand scan must be configured to log any failure to scan encrypted files.
SV-56426r1_ruleMcAfee VirusScan On-Demand scan must be scheduled to be executed at least on a weekly basis.
SV-56400r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to enable scanning of scripts.
SV-56402r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a threatened file is detected in a shared folder.
SV-56406r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to unblock connections after a minimum of 30 minutes.
SV-56408r1_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder.
SV-56410r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM.
SV-56413r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to scan when writing to disk.
SV-56429r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to scan when reading from disk.
SV-56430r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to scan all files.
SV-56431r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown unwanted programs and trojans.
SV-56432r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to find unknown macro viruses.
SV-56433r3_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to scan inside archive files.
SV-56427r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings actions, When a threat is found must be configured to clean files automatically as first action.
SV-56428r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings actions, When a threat is found must be configured to delete files automatically if first action fails.
SV-56394r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to clean attachments as the first action for When an unwanted program is found.
SV-56416r1_ruleMcAfee VirusScan On-Demand scan must be configured to detect for unwanted programs.
SV-56434r1_ruleMcAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured to enable Buffer Overflow Protection.
SV-56435r1_ruleMcAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured for Protection mode.
SV-56424r1_ruleMcAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured to display a dialog box when a buffer overflow is detected.
SV-56421r1_ruleMcAfee VirusScan Buffer Overflow Protection Reports Settings must be configured to log buffer overflow protection scan activity.
SV-56418r1_ruleMcAfee VirusScan Buffer Overflow Protection Reports Settings log file size must be restricted, but be configured to at least 10MB.
SV-56415r1_ruleMcAfee VirusScan Unwanted Programs Policy must be configured to detect spyware.
SV-56411r1_ruleMcAfee VirusScan Unwanted Programs Policy must be configured to detect adware.
SV-56366r2_ruleThe antivirus signature file age must not exceed 7 days.
SV-56405r1_ruleMcAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher.
SV-55227r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties, when a threat is found, must be configured to delete attachments if the first action fails.
SV-55229r2_ruleMcAfee VirusScan On Delivery Email Scanner Properties must be configured to delete attachments if the first action fails for when an unwanted attachment is found.
SV-55277r2_ruleMcAfee VirusScan Access Protection Rules must be configured to prevent McAfee services from being stopped.
SV-55278r2_ruleMcAfee VirusScan Access Protection Reports settings must be configured to record scanning activity in a log file.
SV-55279r2_ruleMcAfee VirusScan Access Protection Reports log file size must be restricted and be configured to at least 10MB.
SV-55280r2_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee files and settings.
SV-55281r2_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings.
SV-55282r2_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee Scan Engine files and settings.
SV-55283r2_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent termination of McAfee processes.
SV-55284r5_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to block and report when common programs are run from the Temp folder.
SV-55285r2_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent hooking of McAfee processes.
SV-55286r2_ruleMcAfee VirusScan Access Protection Rules Common Maximum Protection must be set to detect and log the launching of files from the Downloaded Programs Files folder.
SV-55287r6_ruleMcAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder.
SV-55288r2_ruleMcAfee VirusScan Access Protection Rules Anti-Virus Standard Protection must be set to prevent remote creation of autorun files.
SV-55289r2_ruleMcAfee VirusScan Access Protection Rules Anti-Virus Standard Protection must be set to prevent mass mailing worms from sending mail.
SV-55290r3_ruleMcAfee VirusScan Access Protection Rules Anti-Virus Standard Protection must be set to prevent IRC communication.
SV-55291r2_ruleMcAfee VirusScan On-Access Scanner General Settings must be configured to not exclude any script processes from being scanned unless the process exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-55292r3_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to not exclude any files from being scanned unless exclusions have been documented with, but also be approved by the ISSO/ISSM/AO.
SV-55293r1_ruleMcAfee VirusScan On-Demand scan must be configured to scan memory for rootkits.
SV-55294r1_ruleMcAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to clean files automatically as first action.
SV-55295r1_ruleMcAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
SV-55297r2_ruleMcAfee VirusScan On-Delivery Email Scanner Artemis sensitivity level must be configured to Medium or higher.
SV-55298r2_ruleMcAfee VirusScan On-Delivery Email Scanner must be configured to send a notification email to the IAO, IAM and/or ePO administrator when a threatening email message is detected.
SV-55299r3_ruleMcAfee VirusScan On-Delivery Email Scanner must be configured to log session summary and failure to scan encrypted files.
SV-55300r2_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to not exclude any script URLs from being scanned unless the URL exclusions have been documented with, and approved by the ISSO/ISSM/DAA.
SV-55301r3_ruleMcAfee VirusScan Access Protection Properties must be configured to enable access protection.
SV-55302r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings must be configured to detect unwanted programs.
SV-55303r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings actions, When an unwanted program is found must be configured to clean files automatically as first action.
SV-55304r1_ruleMcAfee VirusScan On-Access Scanner All Processes settings actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
SV-73795r3_ruleMcAfee VirusScan Access Protection Rules Anti-spyware Maximum Protection must be set to block and report when block execution of all programs from temp folder.