Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
If the McAfee SVM was deployed manually, physically log into the McAfee SVM and confirm password has been changed from default. If the password has not been changed from the default, this is a finding. If the McAfee SVM was deployed with VMware vCNS or VMWare NSX, access the McAfee ePO console. From the Menu, select Automation >> MOVE AntiVirus Deployment. Under General >> General Configuration >> SVM Configuration (Agentless Only), verify the "Password" shows as configured. It will be masked. Verify with the System Administrator that the password has been changed from the default password. If "Password" does not show as configured and has not been changed from the default password, this is a finding.
If the McAfee SVM was deployed manually, physically log into the McAfee SVM and change the password from the default. If the McAfee SVM was deployed with VMware vCNS or VMWare NSX, access the McAfee ePO console. From the Menu, select Automation >> MOVE AntiVirus Deployment. Under General >> General Configuration >> SVM Configuration (Agentless Only), populate the "Password" with a unique password. Confirm the password. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "On-access scan", verify the "Enable on-access scan" check box is selected. If the "Enable on-access scan" check box is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "On-access scan", select the "Enable on-access scan" check box. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Show Advanced". Under "On-access Scan", verify the "Specify maximum time for each file scan" is configured for "45" seconds or more. If "Specify maximum time for each file scan" is not configured for "45" seconds or more, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Show Advanced". Under "On-access Scan", set the "Specify maximum time for each file scan" for "45" seconds or more. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", verify the "When writing to disk" check box is selected. If the "When writing to disk" check box is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", select the "When writing to disk" check box. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under On-access Scan >> Scan, verify the "When reading from disk" check box is selected. If the "When reading from disk" check box is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Scan", select the "When reading from disk" check box. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "File Types to Scan", verify the "All files" radio button is selected. If the File Types to Scan "All files" radio button is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "File Types to Scan", select the "All files" radio button. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Exclusions", verify no Path Exclusions have been configured other than the following: **\McAfee\Common Framework\ **\Program Files\McAfee\Agent\ *.log If any Path Exclusions are configured and those Path Exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Under "Exclusions", remove any Path Exclusions that have been configured other than the following and that have not been formally documented by the System Administrator and approved by the ISSO/ISSM: **\McAfee\Common Framework\ **\Program Files\McAfee\Agent\ *.log Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Actions". Under "Threat detection first response", verify "Delete files automatically and quarantine" is selected. If "Threat detection first response" is not set to "Delete files automatically and quarantine", this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Access Scan". Select each configured On Access Scan policy. Click "Actions". Under "Threat detection first response", select "Delete files automatically and quarantine" from the drop-down list. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", verify the "Enable on-demand scan" check box is selected. If the "Enable on-demand scan" check box is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", select the "Enable on-demand scan" check box. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", verify the "Specify maximum time for each file scan" is configured for 45 seconds or more. If the "Specify maximum time for each file scan" is not configured for 45 seconds or more, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", configure the "Specify maximum time for each file scan" for 45 seconds or more. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", verify "On-demand scan will stop after" is configured for 150 minutes or less. If "On-demand scan will stop after" is not configured for 150 minutes or less, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", configure "On-demand scan will stop after" for 150 minutes or less. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "Actions", verify "Threat detection first response" is configured for "Delete files automatically and quarantine". If "Threat detection first response" is not configured for "Delete files automatically and quarantine", this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "Actions", configure "Threat detection first response" for "Delete files automatically and quarantine". Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "File Type to Scan", verify "All files" is selected. If "All files" is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "File Type to Scan", select the "All files" radio button. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "Exclusions", verify the Path Exclusions include only the following paths: **\McAfee\Common Framework\ **\Program Files\McAfee\Agent\ *.log If any Path Exclusions are included other than those specified above, and the exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "Exclusions", remove any Path Exclusions, other than the following paths, that have not been formally documented by the System Administrator and approved by the ISSO/ISSM: **\McAfee\Common Framework\ **\Program Files\McAfee\Agent\ *.log Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", verify the "Run on-demand scan for every _ days" is configured to "7" days or less. If the "Run on-demand scan for every _ days" is not configured to "7" days or less, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "On Demand Scan". Select each configured On Demand Scan policy. Click "Show Advanced". Under "On-demand Scan", configure the "Run on-demand scan for every _ days" to "7" days or less. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), verify the "Quarantine network share" is populated. If the "Quarantine network share" is not populated, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), populate the "Quarantine network share" field with a valid location for storing the quarantine. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), verify the "Network domain and username", "Network password", and "Confirm password" fields are populated. The "Network password" and "Confirm password" will be masked if populated. If the "Network domain and username", "Network password", and "Confirm password" fields are not populated, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "Options". Select each configured Options policy. Under "Quarantine Manager" (Agentless only), configure the quarantine with “Network domain and username" and "Network password" for accessing the quarantine network share. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "ODS Scheduler", verify the "Scan" option is selected. Review the schedule and verify a schedule of at least weekly is configured. If the ODS Scheduler "Scan" option is not selected or the schedule is not configured for at least weekly, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "ODS Scheduler", select the "Scan" option. In the schedule, configure scan dates to accomplish at least weekly scanning. Click "Save".
Access the ePO server. From the system tree, select the "Systems" tab and then find and click on the asset representing the McAfee MOVE SVM to open its properties. If the SVM is not listed as an asset in the ePO system tree, this is a finding.
In the McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 Installation Guide, follow the Agentless installation and configuration sections for Deploying the McAfee MOVE AntiVirus service (NSX), Register vCenter Server with NXS Manager and Register a VMware vCenter account with McAfee ePO.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", verify the check box for "Enable scanning for potentially unwanted programs" is selected. If the check box for "Enable scanning for potentially unwanted programs" is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", select the check box for "Enable scanning for potentially unwanted programs". Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", verify "Enabled scanning for MIME-encoded files" check box is selected. If "Enabled scanning for MIME-encoded files" is not selected, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", select the "Enabled scanning for MIME-encoded files" check box. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "McAfee GTI", verify the "Enable McAfee GTI" check box is selected with a sensitivity level of "Medium" or higher. If the "Enable McAfee GTI" check box is not selected or the sensitivity level is lower than "Medium", this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "McAfee GTI", select the "Enable McAfee GTI" check box. Select "Medium" or higher for sensitivity level. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "SVM Configuration" (Agentless only), verify the "Protocol" option is set for "HTTPS". If the "Protocol" option is not set to "HTTPS", this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "SVM Configuration" (Agentless only), select "HTTPS" for the "Protocol" option. Click "Save".
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "SVM Configuration" (Agentless only), verify the "Username:" field is populated. Note: The "Password:" field will appear to be blank. Since the "Username:" field cannot be populated and saved without a password, the "Password:" field requirement can be considered compliant provided the "Username:" field is validated as populated. If the "Username:" field is not populated, this is a finding.
Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "SVM Configuration" (Agentless only), populate the "Username:" and "Password:" fields with a user/password combination that has authentication access to the hypervisor. Click "Test connection settings". Click "Save".