UCF STIG Viewer Logo

The Symantec Endpoint Protection client User-defined Exceptions option must not be configured to exclude any files from scanning unless exclusions have been documented with, and approved by, the IAO/IAM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42610 DTASEP002 SV-55338r1_rule Medium
Description
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
STIG Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus 2015-07-08

Details

Check Text ( C-48891r1_chk )
On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions -> Ensure there are not any User-defined Exceptions listed that are not documented with, and approved by, the IAO/IAM.

Criteria: If any User-defined Exceptions are listed, and not documented with, and approved by, the IAO/IAM, this is a finding.
Fix Text (F-48192r1_fix)
On the client machine, locate the Symantec Endpoint Protection icon in the system tray. Double-click the icon to open the Symantec Endpoint Protection configuration screen -> Select the "Change Settings" on the left side of the screen -> Select "Configure Settings" for Exceptions. Remove any User-defined Exceptions that are not documented with, and approved by, the IAO/IAM.