UCF STIG Viewer Logo

The McAfee MOVE AV On Access Scan Policy must be configured with a scan timeout of 45 seconds or more.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78527 MV45-OAS-000002 SV-93233r1_rule Medium
Description
This setting configures the amount of time, in seconds, to wait for a scan to complete. The default setting is 45 seconds. This is the duration for which a McAfee MOVE AV Agent will wait for scan response of a file from the Security Virtual Machine (SVM). Typically, file scans are very fast. However, file scans may take longer due to large file size, file type, or heavy load on the SVM. If the file scan takes longer than the scan timeout limit, the file access is allowed and a scan timeout event is generated. Setting the timeout too low may result in scans of a file terminating before the scan is completed, resulting in malware potentially going undetected.
STIG Date
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide 2018-07-09

Details

Check Text ( C-78095r1_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select each configured On Access Scan policy.

Under "Scan", verify "Specify maximum time for each file scan" is set to "45" seconds or more.

If "Specify maximum time for each file scan" is not set to "45" seconds or more, this is a finding.
Fix Text (F-85261r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "On Access Scan".

Select the On Access Scan policy to be configured.

Under "Scan", set "Specify maximum time for each file scan" to "45" seconds or more.

Click "Save".