The Symantec Endpoint Protection client weekly scheduled scan must be configured for scanning well-known viruses and security risks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-42708	DTASEP054	SV-68099r1_rule		Medium

Description
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.

STIG	Date
Symantec Endpoint Protection 12.1 Managed Client Antivirus	2015-07-08

Details

Check Text ( C-48980r2_chk )
Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Scan Details tab, Scanning -> Ensure "Well-known virus and security risk locations" is selected. Criteria: If "Well-known virus and security risk locations" is not selected, this is a finding.

Check Text ( C-48980r2_chk )

Server check: From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Scan Details tab, Scanning -> Ensure "Well-known virus and security risk locations" is selected.

Criteria: If "Well-known virus and security risk locations" is not selected, this is a finding.

Fix Text (F-48294r1_fix)
From the Symantec Endpoint Protection Management Server, Symantec Endpoint Protection Management Console: Select Policies -> Double-click the applied policy -> Under Windows Settings, Scheduled Scans -> Select Administrator-Defined Scans -> Double-click the Weekly Scan -> Under the Scan Details tab, Scanning -> Select "Well-known virus and security risk locations".