The Symantec Endpoint Protection client weekly scheduled scan actions for handling File Reputation lookup detections must be set to Leave alone (log only) if first action fails.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-42703 | DTASEP048 | SV-55431r2_rule | Medium |
| Description |
|---|
| This setting is required for the weekly scan parameter Security Risks First Action policy. When a Security Risk is detected, the if the first action fails, the second action must be set to "Leave alone (log only)". |
| STIG | Date |
|---|---|
| Symantec Endpoint Protection 12.1 Managed Client Antivirus | 2015-07-08 |
Details
| Check Text ( C-48974r4_chk ) |
|---|
| Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Insight Lookup tab, Malicious files -> Ensure If first action fails is set to "Leave alone (log only)". Criteria: If first action fails is not set to "Leave alone (log only)", this is a finding. |
| Fix Text (F-48288r2_fix) |
|---|
| From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Insight Lookup tab, Malicious files -> Set If first action fails to "Leave alone (log only)". |