Desktop Application Antispyware General

Details

Version / Release: V4R1

Published:

Updated At: 2018-09-23 02:00:06

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-15354r4_rule DTSG001 HIGH AntiSpyware software is not installed or not configured for on access and on demand detection. This setting is required for the antispyware software. Without on-access and on-demand scan enabled, the virus scan is not scanning files as they are being accessed. System Administrator
    SV-15355r2_rule DTSG002 HIGH The Antispyware software is not at a vendor supported level. This setting is required for the antispyware software. Installed software must be at a vendor supported level. System Administrator
    SV-15356r2_rule DTSG003 MEDIUM A migration plan does not exist for Antispyware software that is scheduled to go non-support by the vendor. This setting is required for the antispyware software. A migration plan must be in place for the antispyware that is planned for End-of-Life or the end of vendor support. System Administrator
    SV-15358r2_rule DTSG004 MEDIUM The Antispyware software does not have the latest maintenance rollup of software update applied This setting is required for the antispyware software. The software must be a supported vendor release and current with all maintenance patches and software updates. System Administrator
    SV-15362r2_rule DTSG005 MEDIUM The Antispyware software is not configured to download updates from a trusted source. This setting is required for the antispyware software. In addition to the vendor, the DoD provides multiple locations for the download of software updates and signature files. It is mandatory that the location from which software updates and signature fil
    SV-15416r2_rule DTSG006 MEDIUM The Antispyware definition/signature files are not automatically set to be updated at least weekly. This setting is required for the antispyware software. There must be a mechanism for the automatic update of antispyware signature files on at least a weekly basis. This mechanism must be enabled and configured. System Administrator
    SV-15417r2_rule DTSG007 HIGH The Antispyware signature files are older than 7 days. This setting is required for the antispyware software. Antispyware signatures files are updated on a daily basis by antispyware software vendors. It is mandatory that the antispyware signature file on the system be no older that 7 days. Note: If the vend
    SV-15418r2_rule DTSG008 MEDIUM Beta or non-production Antispyware definitions/signature files are being used on a production machine. This setting is required for the antispyware software. AntiSpyware signature or spyware definition files must be from a trusted source and in a production status. Beta or non-production files are prohibited. System Administrator
    SV-15422r2_rule DTSG009 HIGH The Antispyware software does not start on-access protection automatically when the machine is booted. This setting is required for the antispyware software. Without on-access protection enabled at system boot, the antispyware software is not scanning files as they are being accessed. System Administrator
    SV-15426r2_rule DTSG010 MEDIUM The Antispyware software is not configured to perform a scan of local hard drives at least weekly. This setting is required for the antispyware software. A weekly antispyware scan of all local hard drives is required. This scan must be performed on at least a weekly basis if not more frequently. System Administrator
    SV-15428r2_rule DTSG011 MEDIUM The Antispyware scheduled scan is not configured to scan memory and drives (with an indepth scan option). This setting is required for the antispyware software. A weekly scheduled antispyware scan is required to scan memory as well as all local hard drives. The indepth scan option must be enabled. System Administrator
    SV-15431r2_rule DTSG012 MEDIUM The Antispyware, when running in on access mode, is not configured to inform the user (or report or report to a central monitoring console) when malicious activity or spyware is found. This setting is required for the antispyware software. An automated reporting function is required to be enabled for the occurrence of any malicious activity or spyware. The SA or user is required to be informed via report, email, or report to a central
    SV-15433r2_rule DTSG013 MEDIUM The Antispyware, when running in a scheduled scan, is not configured to inform the user (or report to a central monitoring console) when malicious activity or spyware is found. This setting is required for the antispyware software. Whenever suspicious or malicious activity is found the SA or user must be notified of such an occurrence. This notification can take the form of a report, email, or central monitoring console. System
    SV-15436r2_rule DTSG014 MEDIUM The Antispyware, when running in on-demand mode, is not configured to inform the user (or report to a central monitoring console) when malicious activity or spyware is found. This setting is required for the antispyware software. Whenever suspicious or malicious activity is found the SA or user must be notified of such an occurrence. This notification can take the form of a report, email, or central monitoring console. System
    SV-15438r3_rule DTSG015 LOW The Antispyware software is not configured to maintain logs for at least 30 days. This setting is required for the antispyware software. Log files for antispyware activity must be maintained for at least 30 days. These logs can be archived locally or an a central log file repository. System Administrator
    SV-15439r2_rule DTSG016 LOW The Antispyware software is not configured to maintain logs for at least 30 days. This setting is required for the antispyware software. Antispyware log files must be reviewed. There must exist a formal plan for log file review detailing the process. System Administrator
    SV-15440r2_rule DTSG017 LOW The Antispyware software is included in the incident response procedures both for the user and the site. This setting is required for the antispyware software. Every site must maintain a incident response plan. Antispyware, as an integral part of any organizations security practice, must be included in the site's incident response plan. System Administrator