UCF STIG Viewer Logo

The McAfee MOVE AV [Multi-Platform] Client General policy must be configured with the listening port of the secondary Offload Scan Server used by all virtual machines using this policy.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42957 AV-MOVE-CLT-023 SV-55686r1_rule Medium
Description
Organizations should use centrally managed antivirus software that is controlled and monitored regularly by antivirus administrators, who are also typically responsible for acquiring, testing, approving, and delivering antivirus signature and software updates throughout the organization.
STIG Date
McAfee MOVE 2.6/3.6.1 Multi-Platform Client STIG 2016-04-05

Details

Check Text ( C-49143r1_chk )
NOTE: Best practices suggest implementing a secondary McAfee MOVE AV [Multi-Platform] Offload Scan Server. If the organization does not use a secondary McAfee MOVE AV [Multi-Platform] Offload Scan Server, this check is not applicable.

From the ePO server console System Tree, select the Systems tab, find and click on the asset to which the McAfee MOVE AV Client has been deployed. Select Actions, select Agent, and select Modify Policies on a Single System.

From the product drop-down list, select MOVE AV [Multi-Platform] Client. Click on the MOVE AV [Multi-Platform] Client policy to open the properties.

Under the General tab, locate the "Offload Scan Server 2 Port:" label. In the "Client sends requests to Server 2 port:" box, ensure the port number the MOVE AV Clients use to communicate with the secondary Offload Scan Server is listed.

If the "Client sends requests to Server 2 port:" box is not configured with the required value, this is a finding.

On the local client, access a cmd window, running as administrator.
Navigate to the path to which the McAfee AV Client has been installed (default is C:\Program Files\McAfee\MOVE AV Client on 32-bit systems or C:\Program Files(x86)\McAfee\MOVE AV Client on 64-bit systems).

Execute the following command:
mvadm config show

If the "ServerPort2" does not have a value representing the port MOVE AV Clients use to communicate with the secondary Offload Scan Server , this is a finding.
Fix Text (F-48536r1_fix)
From the ePO server console System Tree, select the Systems tab, find and click on the asset to which the McAfee MOVE AV Client has been deployed. Select Actions, select Agent, and select Modify Policies on a Single System.

From the product drop-down list, select MOVE AV [Multi-Platform] Client. Click on the MOVE AV [Multi-Platform] Client policy to open the properties.

Under the General tab, locate the "Offload Scan Server 2 Port:" label. In the "Client sends requests to Server 2 port:" box, enter the port number the MOVE AV Clients use to communicate with the Offload Scan Server.

Click Save.