UCF STIG Viewer Logo

McAfee VirusScan 8.8 Managed Client STIG


Overview

Date Finding Count (87)
2017-01-18 CAT I (High): 3 CAT II (Med): 84 CAT III (Low): 0
STIG Description
The McAfee VirusScan Managed Client STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-6453 High McAfee VirusScan On-Access General Policies must be configured to enable on-access scanning at system startup.
V-42516 High McAfee VirusScan Access Protection Policies must be configured to prevent McAfee services from being stopped.
V-19910 High The antivirus signature file age must not exceed 7 days.
V-14618 Medium McAfee VirusScan On-Access General Policies must be configured to enable scanning of scripts.
V-14619 Medium McAfee VirusScan On-Access General Policies must be configured to block the connection when a threatened file is detected in a shared folder.
V-6618 Medium McAfee VirusScan On-Demand scan must be configured to record scanning activity in a log file.
V-6469 Medium McAfee VirusScan On-Access General Policies must be configured to notify local users when detections occur.
V-6468 Medium McAfee VirusScan On-Access General Policies must be configured to scan floppy during shutdown.
V-6612 Medium McAfee VirusScan On-Demand scan must be configured to decode MIME encoded files.
V-6467 Medium McAfee VirusScan On-Access General Policies must be configured to scan boot sectors.
V-6611 Medium McAfee VirusScan On-Demand scan must be configured to scan inside archives.
V-6616 Medium McAfee VirusScan On-Demand scan actions, When a threat is found must be configured to clean files automatically as first action.
V-6617 Medium McAfee VirusScan On-Demand scan actions, When a threat is found must be configured to delete files automatically if first action fails.
V-6614 Medium McAfee VirusScan On-Demand scan must be configured to find unknown program threats.
V-6615 Medium McAfee VirusScan On-Demand scan must be configured to find unknown macro threats.
V-6588 Medium McAfee VirusScan On Delivery Email Scan Policies must be configured to find unknown macro threats.
V-6583 Medium McAfee VirusScan On-Access General Policies must be configured to log any failure to scan encrypted files.
V-6586 Medium McAfee VirusScan On-Delivery Email Scan Policies must be configured to enable on-delivery email scanning.
V-6587 Medium McAfee VirusScan On-Delivery Email Scan Policies must be configured to find unknown program threats and Trojans.
V-6585 Medium McAfee VirusScan must be configured to receive DAT and Engine updates.
V-14663 Medium McAfee VirusScan Unwanted Programs Policies must be configured to detect adware.
V-14662 Medium McAfee VirusScan Unwanted Programs Policies must be configured to detect spyware.
V-14661 Medium McAfee VirusScan Buffer Overflow Protection Policies log file size must be restricted and be configured to at least 10MB.
V-14660 Medium McAfee VirusScan Buffer Overflow Protection Policies must be configured to record scanning activity in a log file.
V-42517 Medium McAfee VirusScan Access Protection Policies must be configured to record scanning activity in a log file.
V-6601 Medium McAfee VirusScan On-Demand scan must be configured to scan boot sectors.
V-6600 Medium McAfee VirusScan On-Demand scan must be configured to scan all subfolders.
V-6602 Medium McAfee VirusScan On-Demand scan must be configured to scan all files.
V-6604 Medium McAfee VirusScan On-Demand scan must be configured so there are no exclusions from the scan unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
V-42518 Medium McAfee VirusScan Access Protection log file size must be restricted and be configured to at least 10MB.
V-42519 Medium McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee files and settings.
V-6599 Medium McAfee VirusScan On-Demand scan must be configured to scan all fixed, or local, disks and running processes.
V-6591 Medium McAfee VirusScan On Delivery Email Scan Policies must be configured to scan email message body.
V-6590 Medium McAfee VirusScan On Delivery Email Scan Policies must be configured to decode MIME encoded files.
V-6592 Medium McAfee VirusScan On Delivery Email Scan Policies, when a threat is found, must be configured to clean attachments as the first action.
V-6597 Medium McAfee VirusScan On-Delivery Email Scan Policies log file size must be restricted and be configured to be at least 10MB.
V-6596 Medium McAfee VirusScan On-Delivery Email Scan Policies must be configured to record scanning activity in a log file.
V-59363 Medium McAfee VirusScan Access Protection Rules Anti-Spyware Maximum Protection must be set to block and report when common all programs are run from the Temp folder.
V-35027 Medium McAfee VirusScan On-Access General Policies Artemis sensitivity level must be configured to medium or higher.
V-6620 Medium McAfee VirusScan On-Demand scan log file size must be restricted and be configured to at least 10MB.
V-6627 Medium McAfee VirusScan On-Demand scan must be scheduled to be executed at least on a weekly basis.
V-6625 Medium McAfee VirusScan On-Demand scan must be configured to log any failure to scan encrypted files.
V-42500 Medium McAfee VirusScan On Delivery Email Scan Policies must be configured to delete attachments if the first action fails for when an unwanted program is found.
V-42541 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to detect unwanted programs.
V-42540 Medium McAfee VirusScan Access Protection Policies must be configured to enable access protection.
V-42543 Medium McAfee VirusScan On-Access Default Processes Policies actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
V-42542 Medium McAfee VirusScan On-Access Default Processes Policies actions, When an unwanted program is found must be configured to clean files automatically as first action.
V-14627 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown macro viruses.
V-14626 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to find unknown unwanted programs and trojans.
V-14625 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to scan all files.
V-14624 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to scan when reading from disk.
V-14623 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to scan when writing to disk.
V-14622 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to use only one scanning policy for all processes, unless the use of Low-Risk Processes/High-Risk Processes has been documented with, and approved by, the IAO/IAM.
V-14621 Medium McAfee VirusScan On-Access General Policies must be configured to block the connection when a file with a potentially unwanted program is detected in a shared folder.
V-14620 Medium McAfee VirusScan On-Access General Policies must be configured to unblock connections after a minimum of 30 minutes.
V-14628 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to scan inside archives.
V-14652 Medium McAfee VirusScan On Delivery Email Scan Policies must be configured to clean attachments as the first action for when an unwanted program is found.
V-14657 Medium McAfee VirusScan Buffer Overflow Protection Policies must be configured to enable Buffer Overflow Protection.
V-14654 Medium McAfee VirusScan On-Demand scan must be configured to detect for unwanted programs.
V-42493 Medium McAfee VirusScan On Delivery Email Scan Policies, When a threat is found, must be configured to clean attachments as the first action and delete attachments if the first action fails.
V-14658 Medium McAfee VirusScan Buffer Overflow Protection Policies must be configured for Protection mode.
V-14659 Medium McAfee VirusScan Buffer Overflow Protection Policies must be configured to display a dialog box when a buffer overflow is detected.
V-14630 Medium McAfee VirusScan On-Access Default Processes Policies Actions for When a threat is found must be configured to clean files automatically as first action.
V-14631 Medium McAfee VirusScan On-Access Default Processes Policies actions for When a threat is found must be configured delete files automatically if first action fails.
V-42529 Medium McAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent IRC communication.
V-42528 Medium McAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent mass mailing worms from sending mail.
V-42527 Medium McAfee VirusScan Access Protection: Anti-Virus Standard Protection must be set to prevent remote creation of autorun files.
V-42526 Medium McAfee VirusScan Access Protection: Anti-Spyware Maximum Protection must be set to block and log execution of scripts from the Temp folder.
V-42525 Medium McAfee VirusScan Access Protection: Common Maximum Protection must be set to detect and log launching of files from the Downloaded Programs Files folder.
V-42524 Medium McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent hooking of McAfee processes.
V-42523 Medium McAfee VirusScan Access Protection Rules Common Standard Protection must be set to block and report when common programs are run from the Temp folder.
V-42522 Medium McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent termination of McAfee processes.
V-42521 Medium McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee Scan Engine files and settings.
V-42520 Medium McAfee VirusScan Access Protection: Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings.
V-6478 Medium McAfee VirusScan On-Access General Policies must be configured to log the session summary.
V-6474 Medium McAfee VirusScan On-Access General Policies must be configured to log the scan sessions.
V-6475 Medium McAfee VirusScan On-Access General Policies log file size must be restricted and be configured to at least 10MB.
V-6470 Medium McAfee VirusScan On-Access General Policies must be configured to prevent users from removing messages from the list.
V-42538 Medium McAfee VirusScan On-Delivery Email Scan Policies must be configured to log session summary and failure to scan encrypted files.
V-42539 Medium McAfee VirusScan On-Access General Policies must be configured to not exclude any URL scripts from being scanned unless the URL exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
V-42534 Medium McAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to delete files automatically if first action fails.
V-42536 Medium McAfee VirusScan On-Delivery Email Scan Policies Artemis sensitivity level must be configured to medium or higher.
V-42537 Medium McAfee VirusScan On-Delivery Email Scan Policies must be configured to send a notification email to the IAO, IAM, and/or ePO administrator when a threatened email message is detected.
V-42530 Medium McAfee VirusScan On-Access General Policies must be configured to not exclude any script processes from being scanned unless the process exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
V-42531 Medium McAfee VirusScan On-Access Default Processes Policies must be configured to not exclude any files from being scanned unless exclusions have been documented with, and approved by, the ISSO/ISSM/DAA.
V-42532 Medium McAfee VirusScan On-Demand scan must be configured to scan memory for rootkits.
V-42533 Medium McAfee VirusScan On-Demand scan actions, When an unwanted program is found must be configured to clean files automatically as first action.