STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Managed Client STIG

Version: 5

Release: 21 Benchmark Date: 25 Oct 2019

CheckedNameTitle
SV-55134r1_ruleMcAfee VirusScan On-Access General Policies must be configured to enable on-access scanning at system startup.
SV-55135r1_ruleMcAfee VirusScan On-Access General Policies must be configured to scan boot sectors.
SV-55139r1_ruleMcAfee VirusScan On-Access General Policies must be configured to scan floppy during shutdown.
SV-55141r1_ruleMcAfee VirusScan On-Access General Policies must be configured to notify local users when detections occur.
SV-55144r1_ruleMcAfee VirusScan On-Access General Policies must be configured to prevent users from removing messages from the list.
SV-55145r1_ruleMcAfee VirusScan On-Access General Policies must be configured to log the scan sessions.
SV-55147r1_ruleMcAfee VirusScan On-Access General Policies log file size must be restricted and be configured to at least 10MB.
SV-55148r1_ruleMcAfee VirusScan On-Access General Policies must be configured to log the session summary.
SV-55149r1_ruleMcAfee VirusScan On-Access General Policies must be configured to log any failure to scan encrypted files.
SV-55151r4_ruleMcAfee VirusScan must be configured to receive DAT and Engine updates.
SV-55153r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies must be configured to enable on-delivery email scanning.
SV-55169r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies must be configured to find unknown program threats and Trojans.
SV-55171r2_ruleMcAfee VirusScan On Delivery Email Scan Policies must be configured to find unknown macro threats.
SV-55174r2_ruleMcAfee VirusScan On Delivery Email Scan Policies must be configured to decode MIME encoded files.
SV-55177r2_ruleMcAfee VirusScan On Delivery Email Scan Policies must be configured to scan email message body.
SV-55178r2_ruleMcAfee VirusScan On Delivery Email Scan Policies, when a threat is found, must be configured to clean attachments as the first action.
SV-55187r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies must be configured to record scanning activity in a log file.
SV-55188r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB.
SV-55191r4_ruleMcAfee VirusScan On-Demand scan must be configured to scan all fixed, or local, disks and running processes.
SV-55192r3_ruleMcAfee VirusScan On-Demand scan must be configured to scan all subfolders.
SV-55193r3_ruleMcAfee VirusScan On-Demand scan must be configured to scan boot sectors.
SV-55194r3_ruleMcAfee VirusScan On-Demand scan must be configured to scan all files.
SV-55195r4_ruleMcAfee VirusScan On-Demand scan must be configured so there are no exclusions from the scan unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-55196r4_ruleMcAfee VirusScan On-Demand scan must be configured to scan inside archives.
SV-55197r3_ruleMcAfee VirusScan On-Demand scan must be configured to decode MIME encoded files.
SV-55199r3_ruleMcAfee VirusScan On-Demand scan must be configured to find unknown program threats.
SV-55201r3_ruleMcAfee VirusScan On-Demand scan must be configured to find unknown macro threats.
SV-55203r3_ruleMcAfee VirusScan On-Demand scan actions, When a threat is found must be configured to clean files automatically as first action.
SV-55204r3_ruleMcAfee VirusScan On-Demand scan actions, When a threat is found must be configured to delete files automatically if first action fails.
SV-55209r3_ruleMcAfee VirusScan On-Demand scan must be configured to record scanning activity in a log file.
SV-55211r3_ruleMcAfee VirusScan On-Demand scan log file size must be restricted and be configured to at least 10MB.
SV-55212r3_ruleMcAfee VirusScan On-Demand scan must be configured to log any failure to scan encrypted files.
SV-55213r3_ruleMcAfee VirusScan On-Demand scan must be scheduled to be executed at least on a weekly basis.
SV-55214r1_ruleMcAfee VirusScan On-Access General Policies must be configured to enable scanning of scripts.
SV-55217r1_ruleMcAfee VirusScan On-Access General Policies must be configured to block the connection when a threatened file is detected in a shared folder.
SV-55219r1_ruleMcAfee VirusScan On-Access General Policies must be configured to unblock connections after a minimum of 30 minutes.
SV-55221r1_ruleMcAfee VirusScan On-Access General Policies must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder.
SV-55222r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM.
SV-55224r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to scan when writing to disk.
SV-55225r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to scan when reading from disk.
SV-55228r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to scan all files.
SV-55230r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to find unknown unwanted programs and trojans.
SV-55231r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to find unknown macro viruses.
SV-55232r3_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to scan inside archives.
SV-55233r1_ruleMcAfee VirusScan On-Access Default Processes Policies Actions for When a threat is found must be configured to clean files automatically as first action.
SV-55234r1_ruleMcAfee VirusScan On-Access Default Processes Policies actions for When a threat is found must be configured delete files automatically if first action fails.
SV-55189r2_ruleMcAfee VirusScan On Delivery Email Scan Policies must be configured to clean attachments as the first action for when an unwanted program is found.
SV-55207r3_ruleMcAfee VirusScan On-Demand scan must be configured to detect for unwanted programs.
SV-55235r1_ruleMcAfee VirusScan Buffer Overflow Protection Policies must be configured to enable Buffer Overflow Protection.
SV-55236r1_ruleMcAfee VirusScan Buffer Overflow Protection Policies must be configured for Protection mode.
SV-55237r1_ruleMcAfee VirusScan Buffer Overflow Protection Policies must be configured to display a dialog box when a buffer overflow is detected.
SV-55239r1_ruleMcAfee VirusScan Buffer Overflow Protection Policies must be configured to record scanning activity in a log file.
SV-55238r1_ruleMcAfee VirusScan Buffer Overflow Protection Policies log file size must be restricted and be configured to at least 10MB.
SV-55241r1_ruleMcAfee VirusScan Unwanted Programs Policies must be configured to detect spyware.
SV-55242r1_ruleMcAfee VirusScan Unwanted Programs Policies must be configured to detect adware.
SV-55133r2_ruleThe antivirus signature file age must not exceed 7 days.
SV-55243r1_ruleMcAfee VirusScan On-Access General Policies Artemis sensitivity level must be configured to medium or higher.
SV-55180r2_ruleMcAfee VirusScan On Delivery Email Scan Policies, When a threat is found, must be configured to clean attachments as the first action and delete attachments if the first action fails.
SV-55190r2_ruleMcAfee VirusScan On Delivery Email Scan Policies must be configured to delete attachments if the first action fails for when an unwanted program is found.
SV-55244r2_ruleMcAfee VirusScan Access Protection Policies must be configured to prevent McAfee services from being stopped.
SV-55245r2_ruleMcAfee VirusScan Access Protection Policies must be configured to record scanning activity in a log file.
SV-55246r2_ruleMcAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB.
SV-55247r2_ruleMcAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee files and settings.
SV-55248r2_ruleMcAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings.
SV-55249r2_ruleMcAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee Scan Engine files and settings.
SV-55250r2_ruleMcAfee VirusScan Access Protection: Common Standard Protection must be set to prevent termination of McAfee processes.
SV-55251r5_ruleMcAfee VirusScan Access Protection Rules Common Standard Protection must be set to block and report when common programs are run from the Temp folder.
SV-55252r2_ruleMcAfee VirusScan Access Protection: Common Standard Protection must be set to prevent hooking of McAfee processes.
SV-55253r2_ruleMcAfee VirusScan Access Protection: Common Maximum Protection must be set to detect and log launching of files from the Downloaded Programs Files folder.
SV-55254r6_ruleMcAfee VirusScan Access Protection: Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder.
SV-55255r2_ruleMcAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent remote creation of autorun files.
SV-55256r2_ruleMcAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent mass mailing worms from sending mail.
SV-55257r3_ruleMcAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent IRC communication.
SV-55258r2_ruleMcAfee VirusScan On-Access General Policies must be configured to not exclude any script processes from being scanned unless the process exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-55259r5_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to not exclude any files from being scanned unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-55260r3_ruleMcAfee VirusScan On-Demand scan must be configured to scan memory for rootkits.
SV-55261r3_ruleMcAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to clean files automatically as first action.
SV-55262r3_ruleMcAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
SV-55264r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies Artemis sensitivity level must be configured to medium or higher.
SV-55265r2_ruleMcAfee VirusScan On-Delivery Email Scan Policies must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.
SV-55266r4_ruleMcAfee VirusScan On-Delivery Email Scan Policies must be configured to log session summary and failure to scan encrypted files.
SV-55267r3_ruleMcAfee VirusScan On-Access General Policies must be configured to not exclude any URL scripts from being scanned unless the URL exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
SV-55268r3_ruleMcAfee VirusScan Access Protection Policies must be configured to enable access protection.
SV-55269r1_ruleMcAfee VirusScan On-Access Default Processes Policies must be configured to detect unwanted programs.
SV-55270r1_ruleMcAfee VirusScan On-Access Default Processes Policies actions, When an unwanted program is found must be configured to clean files automatically as first action.
SV-55271r2_ruleMcAfee VirusScan On-Access Default Processes Policies actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
SV-73793r3_ruleMcAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder.