The McAfee MOVE AV [Multi-Platform] Offload Scan Server General policy Scan Settings must be configured to scan for potentially unwanted programs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42974	AV-MOVE-OSS-008	SV-55703r1_rule		Medium

Description
Due to the ability of malware to mutate after infection, standard anti-virus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra, meaningless code. This method of detection is Heuristic detection.

Description

Due to the ability of malware to mutate after infection, standard anti-virus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra, meaningless code. This method of detection is Heuristic detection.

STIG	Date
McAfee MOVE 2.6 Multi-Platform OSS STIG	2015-10-05

Details

Check Text ( C-49151r1_chk )
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 2.x.x. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties. On the Scan Settings tab, ensure the "Scan for Unwanted Programs:" "Enable scanning for potentially unwanted programs" check box is selected. If the "Enable scanning for potentially unwanted programs." check box is not selected, this is a finding. On the system designated as the McAfee MOVE Offload Scan Server, access a cmd window, running as administrator. Navigate to the path to which the McAfee MOVE AV Server software has been installed (default is C:\Program Files (x86)\McAfee\MOVE AV Server). Execute the following command: mvadm config show From the displayed configuration, ensure the "ScanPUPS" value is set to 1. If the "ScanPUPS" is set to 0, this is a finding.

Check Text ( C-49151r1_chk )

From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System.

From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 2.x.x. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties.

On the Scan Settings tab, ensure the "Scan for Unwanted Programs:" "Enable scanning for potentially unwanted programs" check box is selected.

If the "Enable scanning for potentially unwanted programs." check box is not selected, this is a finding.

On the system designated as the McAfee MOVE Offload Scan Server, access a cmd window, running as administrator.
Navigate to the path to which the McAfee MOVE AV Server software has been installed (default is C:\Program Files (x86)\McAfee\MOVE AV Server).

Execute the following command:
mvadm config show

From the displayed configuration, ensure the "ScanPUPS" value is set to 1.
If the "ScanPUPS" is set to 0, this is a finding.

Fix Text (F-48554r1_fix)
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System. From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 2.x.x. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties. On the Scan Settings tab, place a check in the "Scan for Unwanted Programs: Enable scanning for potentially unwanted programs." check box. Click Save.

Fix Text (F-48554r1_fix)