UCF STIG Viewer Logo

The McAfee MOVE AV Options Policy must be configured with the location of quarantine to ensure consistency across all systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78559 MV45-OPT-000001 SV-93265r2_rule Medium
Description
The quarantine on each system represents a potential danger should the files contained within the quarantine be executed inadvertently. To centrally manage the quarantine on all systems, the quarantine should always be configured the same across all systems, which will allow management to better control access to those locations.
STIG Date
McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide 2018-07-09

Details

Check Text ( C-78129r2_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "Options".

Select each configured Options policy.

Under "Quarantine Manager", verify the Quarantine Directory is set to \Quarantine or another location authorized by the ISSM.

If the Quarantine Directory is not set to \Quarantine, or another location authorized by the ISSM, this is a finding.".
Fix Text (F-85295r2_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "Options".

Select each configured Options policy.

Under "Quarantine Manager", configure the Quarantine Directory to \Quarantine, or another location authorized by the ISSM.

Click "Save".