Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
This STIG setting validates whether a virtual machine is protected by the McAfee MOVE Agentless 3.0. With the assistance of the System Administrator, log into the VMware vShield Manager via a web browser. Set View to "Host & Datacenters", select the ESX host that contains the virtual machine being configured/reviewed. In the right screen, select the Endpoint tab. Verify the virtual machine is listed and shows a "Type" of "Protected VM". If the organization is not using VMware vShield Manager or does not have vShield Endpoint installed and configured, this is a finding. If the organization does use VMware vShield Manager and has vShield Endpoint installed and configured but the virtual machine being reviewed is not listed, or not showing as "Protected VM", this is a finding.
If VMware vShield Manager is not being used or the vShield Endpoint is not installed and configured, install and configure vShield Manager. Add component and vShield Endpoint licenses in vCenter. Install vShield Endpoint on the hypervisor(s). If the virtual machine is not showing as a "Protected VM", install VMware Tools on the guest VM and select Custom install of VMware tools. In the vSphere Client, right-click the appropriate VM, select Guest | Install/Upgrade VMware Tools. In the Install/Upgrade Tools dialog box, select Interactive Tools Upgrade and click OK. Depending on the environment, select setup.exe or setup64.exe and run it as administrator. Select Custom then click Next. Expand VMware Device Drivers | VMCI Drivers, then select vShield Drivers | This feature will be installed on local hard drive. Access vShield Manager to confirm the virtual machine is showing as a "Protected VM".
NOTE: MOVE Agentless 3.0/3.61 Security Virtual Appliance (SVA) comes pre-installed with McAfee Agent 4.8 and requires that the McAfee Agent 4.8 Extension already be installed on the ePO 4.6 Server. ePO 4.6 environments must upgrade to the McAfee Agent 4.8 Extension prior to deployment of the MOVE Agentless 3.0/3.61 SVA. From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). If the system designated as the McAfee MOVE Security Virtual Appliance (SVA) is not in the ePO server System Tree, this is a finding. If the system designated as the McAfee MOVE Security Virtual Appliance (SVA) is in the ePO server System Tree, click on the system to open the System Information page. On the System Information page, verify "MOVE AV [Agentless]" is listed as an Installed Product. If the system does not show MOVE AV [Agentless] listed as an installed product, this is a finding.
Obtain the McAfee Agent install files from the McAfee ePO server and install onto the McAfee SVA, following the same procedures as for any other Linux system being managed by the McAfee ePO server. After installation, from the ePO server console System Tree, select "My Organization". Select the Systems tab. Find and double-click on the asset representing the McAfee MOVE Security Virtual Appliance (SVA) to open its properties. Under "System Information" section, verify the "Last communication" date and time is within the time period designated by the "Agent-to-Server Communication Interval:" under the "McAfee Agent" section. Under "System information" section, verify "MOVE AV [Agentless]" is listed as an installed product.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. For McAfee MOVE AV Agentless 3.0: From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0”. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “Authentication” tab in McAfee MOVE Agentless 3.0 and verify the "Protocol:" is set to “https”. If the "Protocol:" is not set to “https”, this is a finding. For McAfee MOVE AV Agentless 3.6.1 From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "SVM" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “General Settings” tab in McAfee MOVE Agentless 3.6.1 of the Policy Settings page, verify the "Protocol:" is set to “https”. If the "Protocol:" is not set to “https”, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. For McAfee MOVE AV Agentless 3.0: From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0”. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “Authentication” tab in McAfee MOVE Agentless 3.0 and select "https" from the drop-down list. For McAfee MOVE AV Agentless 3.6.1 From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "SVM" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “General Settings” tab in McAfee MOVE Agentless 3.6.1 of the Policy Settings page and select "https" from the drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on “Actions | Agent | Modify Policies on a Single System”. From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0.0/3.6.1”. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “Authentication” tab in McAfee MOVE Agentless 3.0.0 and verify the "User:" field is populated. On the Policy Settings page, select the “General Settings” tab in McAfee MOVE Agentless 3.6.1 of the Policy Settings page, verify the "User:" field is populated. Note: The "Password:" field will appear to be blank. Since the "User:" field cannot be populated and saved without a password, however, the "Password:" field requirement can be considered compliant provided the "User:" field is validated as populated. If the "User:" field is not populated, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on “Actions | Agent | Modify Policies on a Single System”. From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0.0/3.6.1”. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. On the Policy Settings page, select the “Authentication’ tab in McAfee MOVE Agentless 3.0 and populate the "User:" and "Password:" fields with a user/password combination which has authentication access to the hypervisor. Click on "Test the connection". On the Policy Settings page, select the “General Settings” tab in McAfee MOVE Agentless 3.6.1 of the Policy Settings page and populate the "User:" and "Password:" fields with a user/password combination which has authentication access to the hypervisor. Click on "Test the connection". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. For McAfee MOVE AV Agentless 3.0: From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab MOVE AV Agentless version 3.0 of the Policy Settings page, next to the "SVA cache:", verify the checkbox for "Enabled" is selected. If the checkbox for "SVA cache: Enabled" is not selected, this is a finding. For McAfee MOVE AV Agentless 3.6.1: From the "Product:" drop-down list, select MOVE AV [Agentless] 3.6.1. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab MOVE AV Agentless version 3.6.1 of the Policy Settings page, next to the "SVM cache:", verify the checkbox for "Enabled" is selected. If the checkbox for "SVM cache: Enabled" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of MOVE AV Agentless version 3.0 of the Policy Settings page, next to the "SVA cache:", select the checkbox for "Enabled". Or From the "Product:" drop-down list, select MOVE AV [Agentless] 3.6.1. Locate "SVM" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of MOVE AV Agentless version 3.6.1 of the Policy Settings page, next to the "SVM cache:", select the checkbox for "Enabled". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on “Actions | Agent | Modify Policies on a Single System”. From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0.0/3.6.1”. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of the Policy Settings page, verify the "Cache scan result of file size up to (MB):" is configured for "1". If the "Cache scan result of file size up to (MB):" is not configured to "1", this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0. Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of the Policy Settings page, populate the "Cache scan result of file size up to (MB):" with a value of "1" Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on "Actions | Agent | Modify Policies on a Single System". From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of the Policy Settings page, verify the "On-Demand Scan time interval (days):" is set to "7" or less. If the "On-Demand Scan time interval (days):" is set to a value of more than "7", this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "SVA" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Settings tab of the Policy Settings page, configure the "On-Demand Scan time interval (days):" with a value of "7" or less. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Access Scanning:", verify the checkbox for "Enabled" is selected. If the checkbox for "On-Access Scanning: Enabled" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Access Scanning:", select the checkbox for "Enabled". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Access Scan timeout:", verify the "Enforce a maximum scanning time for all files (On-Access Scans only)" checkbox is selected. Verify the "On-Access Scan timeout: Maximum scan time (seconds):" has a value of 45 or more. If the checkbox for "On-Access Scan timeout: Enforce a maximum scanning time for all files (On-Access Scans only)"is not selected and/or the "On-Access Scan timeout: Maximum scan time (seconds):" does not have a value of 45 or more, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Access Scan timeout:", select the checkbox for "Enforce a maximum scanning time for all files (On-Access Scans only)". In the "On-Access Scan timeout: Maximum scan time (seconds):" place a value of 45 or more. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Demand Scanning:", verify the checkbox for "Enabled" is selected. If the checkbox for "On-Demand Scanning: Enabled" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the General tab of the Policy Settings page, next to the "On-Demand Scanning:", select the checkbox for "Enabled". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1 "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "On-Access Scan files:", verify the checkbox for "On Open" is selected. If the checkbox for "On-Access Scan files: On Open" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "On-Access Scan files:", select the checkbox for "On Open". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Files types to scan:", verify the radio button for "All files" is selected. If radio button for the "Files types to scan: All files" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Files types to scan:", select the radio button for "All files". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "On-Access Scan files:", verify the checkbox for "On Close" is selected. If the checkbox for "On-Access Scan files: On Close" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "On-Access Scan files:", select the checkbox for "On Close". Click on Save.
Note: If the regularly scheduled scan includes the scanning of archive files, this requirement can alternatively be not configured and marked as Not Applicable. From the ePO server console System Tree, select "My Organization". Select the "Systems" tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions >> Agent >> Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the "Scan Items" tab of the Policy Settings, next to the "Compressed files:" Verify the checkbox for "Scan inside archives (e.g., .ZIP)" is selected. If the checkbox for "Compressed files: Scan inside archives (e.g., .ZIP)" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Compressed files:", select the check box for "Scan inside archives (e.g., .ZIP)". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Compressed files:", verify the checkbox for "Decode MIME encoded files" is selected. If the checkbox for "Compressed files: Decode MIME encoded files" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Compressed files:", select the checkbox for "Decode MIME encoded files". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Heuristics:", verify the checkbox for "Find unknown macro threats" is selected. If the checkbox for "Heuristics: Find unknown macro threats" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Heuristics:", select the checkbox for "Find unknown macro threats". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Heuristics:", verify the checkbox for "Find unknown unwanted programs and trojans" is selected. If the checkbox for "Heuristics: Find unknown unwanted programs and trojans" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Heuristics:", select the checkbox for "Find unknown unwanted programs and trojans". Click on Save.
NOTE: This check is Not Applicable for SIPRNet systems. From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "McAfee Global Threat Intelligence file reputation:", verify the "Sensitivity level:" is set to Medium, or higher. If the "Sensitivity level:" for the "McAfee Global Threat Intelligence file reputation:" is not set to Medium, or higher, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "McAfee Global Threat Intelligence file reputation:", select Medium or higher from the "Sensitivity level:" drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Unwanted programs detection:", verify the checkbox for "Detect unwanted programs" is selected. In the Scan Items tab of the Policy Settings, next to the "Unwanted programs detection:", verify the checkboxes for "Spyware", "Adware", "Remote Administration Tools", "Dialers", "Password Crackers", "Jokes", "Key Loggers", and "Other Potentially Unwanted Programs" are all selected. If the checkbox for "Unwanted programs detection: Detect unwanted programs", or the checkbox for any of "Spyware", "Adware", "Remote Administration Tools", "Dialers", "Password Crackers", "Jokes", "Key Loggers", and "Other Potentially Unwanted Programs" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Scan Items tab of the Policy Settings, next to the "Unwanted programs detection:", select the checkbox for "Detect unwanted programs". In the Scan Items tab of the Policy Settings, next to the "Unwanted programs detection:", select the checkboxes for "Spyware", "Adware", "Remote Administration Tools", "Dialers", "Password Crackers", "Jokes", "Key Loggers", and "Other Potentially Unwanted Programs". Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. For McAfee MOVE AV Agentless 3.0: From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.0.0”. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the “Exclusions” tab, verify the "Path exclusions:" does not have any entry other than the default "**\McAfee\Common Framework\". If any entries other than the default "**\McAfee\Common Framework\" do exist, verify those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM. If there are entries in the "Path exclusions:" other than the default "**\McAfee\Common Framework\" and those exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding. If the "Path Exclusions:" has been populated with any exclusions other than the default, and those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM, this is not a finding. For McAfee MOVE AV Agentless 3.6.1: From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the “Exclusions” tab, verify the "Path and File Exclusion:" does not have any entry other than the default "**\McAfee\Common Framework\". If any entries other than the default "**\McAfee\Common Framework\" do exist, verify those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM. If there are entries in the "Path and File Exclusion:" other than the default "**\McAfee\Common Framework\" and those exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding. If the "Path and File Exclusion:" has been populated with any exclusions other than the default, and those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM, this is not a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Exclusions tab, remove any entries from the "Path exclusions:" which have not been documented by the System Administrator and approved by the IAO/IAM. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Access Scan: When a threat is found:", verify "Delete files automatically" is selected from the drop-down list for the "Perform this action first". If the "On-Access Scan: When a threat is found: Perform this action first:" does not have "Delete files automatically" selected from the drop-down list, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Access Scan: When a threat is found:", select "Delete files automatically" from the "Perform this action first:" drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Access Scan: When a threat is found:", verify "Deny access to files" is selected from the drop-down list for "If the first action fails, then perform this action". If the "On-Access Scan: When a threat is found: If the first action fails, then perform this action:" does not have "Deny access to files" selected from the drop-down list, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Access Scan: When a threat is found:", select "Deny access to files" from the "If the first action fails, then perform this action:" drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Demand Scan: When a threat is found:", verify "Delete files automatically" is selected from the drop-down list for "Perform this action first". If the "On-Demand Scan: When a threat is found: Perform this action first:" does not have "Delete files automatically" selected from the drop-down list, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Demand Scan: When a threat is found:", select "Delete files automatically" from the "Perform this action first:" drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Demand Scan: When a threat is found:", verify "Notify Only" is selected from the drop-down list for "If the first action fails, then perform this action". If the "On-Demand Scan: When a threat is found: If the first action fails, then perform this action:" does not have "Notify Only" selected from the drop-down list, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Actions tab, next to the "On-Demand Scan: When a threat is found:", select the "Notify Only" from the "If the first action fails, then perform this action:" drop-down list. Click on Save.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select MOVE AV [Agentless] 3.0.0/3.6.1. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Quarantine tab, next to Quarantine configuration, verify the checkbox for "Enabled" is selected. If the checkbox for "Quarantine configuration: Enabled" is not selected, this is a finding.
From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page. Click on Actions | Agent | Modify Policies on a Single System. From the "Product:" drop-down list, select "MOVE AV [Agentless] 3.0.0/3.6.1". Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column. In the Quarantine tab, next to the "Quarantine configuration:", select the checkbox for "Enabled". Click on Save.
Have the System Administrator confirm the default SVAadmin password has been change from the default of "admin". If the SVAadmin password has not been changed from the default of "admin", this is a finding.
Following local password change procedures for Linux systems, change the SVAadmin password from the default of "admin".