Cyber Trackr - Free Compliance Library
Cyber Trackr
The Free Compliance Library

McAfee VirusScan Locally Configured Client

  • Version/Release: V4R10
  • Published: 2014-01-03
  • Expand All:
  • Severity:
  • Sort:
Compare

Select any two versions of this STIG to compare the individual requirements

View

Select any old version/release of this STIG to view the previous requirements

c
The McAfee VirusScan Control Panel parameters are not configured as required.
SI-3 - High - CCI-001242 - V-6453 - SV-6538r1_rule
RMF Control
SI-3
Severity
High
CCI
CCI-001242
Version
DTAM001
Vuln IDs
  • V-6453
Rule IDs
  • SV-6538r1_rule
This parameter controls if the scan is started at startup.System AdministratorECSC-1
Checks: C-2147r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration Criteria: If the value of bStartDisabled is 0, this is not a finding. If the value is 1, this is a finding

Fix: F-6031r1_fix

Change the value of registry key HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration so that the value of bStartDisabled is 0.

b
The McAfee VirusScan on access scan parameter for Boot sectors is incorrect.
SI-3 - Medium - CCI-001242 - V-6467 - SV-6554r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM002
Vuln IDs
  • V-6467
Rule IDs
  • SV-6554r1_rule
This parameter controls if boot sectors are scanned at startup.System AdministratorECSC-1
Checks: C-2168r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration Criteria: If the value of bDontScanBootSectors is 0, this is not a finding. If the value is 1, this is a finding

Fix: F-6047r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration so that the value of bDontScanBootSectors is 0.

b
The McAfee VirusScan on access scan parameter for floppy disks is incorrect.
SI-3 - Medium - CCI-001242 - V-6468 - SV-6555r2_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM003
Vuln IDs
  • V-6468
Rule IDs
  • SV-6555r2_rule
This parameter controls the scanning of floppy disks.System AdministratorECSC-1
Checks: C-2169r2_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of bScanFloppyonShutdown is 1, this is not a finding. If the value is 0, this is a finding

Fix: F-6048r2_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of bScanFloppyonShutdown is 1.

b
The McAfee VirusScan message dialog parameters are not configured as required.
SI-3 - Medium - CCI-001242 - V-6469 - SV-6556r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM004
Vuln IDs
  • V-6469
Rule IDs
  • SV-6556r1_rule
This parameter notifies the user when a virus is detected.System AdministratorECSC-1
Checks: C-2170r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration Criteria: If the value of Alert_AutoShowList is 1, this is not a finding. If the value is 0, this is a finding

Fix: F-6049r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of Alert_AutoShowList is 1.

b
The McAfee VirusScan remove messages parameters are not configured as required.
SI-3 - Medium - CCI-001242 - V-6470 - SV-6557r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM005
Vuln IDs
  • V-6470
Rule IDs
  • SV-6557r1_rule
This parameter controls if users can remove virus alerts from the display.System AdministratorECSC-1
Checks: C-2171r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration Criteria: If the value of Alert_UsersCanRemove is 0, this is not a finding. If the value is 1, this is a finding

Fix: F-6050r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanRemove is 0.

b
The McAfee VirusScan Clean Infected file parameter is not configured as required.
Medium - V-6471 - SV-6558r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM006
Vuln IDs
  • V-6471
Rule IDs
  • SV-6558r1_rule
This parameter deteremines if infected files are cleaned.System AdministratorECSC-1
Checks: C-2172r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration Criteria: If the value of Alert_UsersCanClean is 1, this is not a finding. If the value is 0, this is a finding

Fix: F-6051r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanClean is 1.

b
The McAfee VirusScan delete infected file parameter is not configured as required.
Medium - V-6472 - SV-6559r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM007
Vuln IDs
  • V-6472
Rule IDs
  • SV-6559r1_rule
This parameter controls if infected files are deleted.System AdministratorECSC-1
Checks: C-2173r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of Alert_UsersCanDelete is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6052r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanDelete is 1.

b
The McAfee VirusScan quarantine parameter is not configured as required.
Medium - V-6473 - SV-6560r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM008
Vuln IDs
  • V-6473
Rule IDs
  • SV-6560r1_rule
This parameter controls if infected files are moved to a quarantine folder.System AdministratorECSC-1
Checks: C-2174r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of Alert_UsersCanQuarantine is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6053r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of Alert_UsersCanQuarantine to 1.

b
The McAfee VirusScan Control Panel log parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-6474 - SV-6561r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM009
Vuln IDs
  • V-6474
Rule IDs
  • SV-6561r1_rule
This parameter controls the logging of the scan.System AdministratorECSC-1
Checks: C-2175r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of bLogtoFile is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6054r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of bLogtoFile is 1.

b
The McAfee VirusScan limit log size parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-6475 - SV-6562r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM010
Vuln IDs
  • V-6475
Rule IDs
  • SV-6562r1_rule
This parameter controls the log size.System AdministratorECSC-1
Checks: C-2176r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of bLimitSize is 1, and the dwMaxLogSizeMB is at least Hex 64 or bLimitSize is 0 this is not a finding. If the bLimitSize is 0 and dwMaxLogSizeMB is less than Hex 64, this is a finding.

Fix: F-6055r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration so that the value of bLimitSize is 1, and the value of dwMaxLogSizeMB is equal to or greater than Hex 64 or bLimitSize is 0.

b
The McAfee VirusScan log summary parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-6478 - SV-6565r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM012
Vuln IDs
  • V-6478
Rule IDs
  • SV-6565r1_rule
This parameter controls if the session summary is being logged.System AdministratorECSC-1
Checks: C-2179r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\mcshield\Configuration Criteria: If the value of bLogSummary is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6058r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\On Access Scanner\mcshield\Configuration so that the value of bLogSummary is 1.

b
The McAfee VirusScan log encrypted files parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-6583 - SV-6693r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM013
Vuln IDs
  • V-6583
Rule IDs
  • SV-6693r1_rule
This parameter controls if failure to scan encrypted files is logged.System AdministratorECSC-1
Checks: C-4014r1_chk

Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On Access Scanner\mcshield\Configuration Criteria: If the value ReportEncryptedFiles is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6161r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\On Access Scanner\mcshield\Configuration so that the value of ReportEncryptedFiles is 1.

b
The McAfee VirusScan log user name parameter is not configured as required.
Medium - V-6584 - SV-6694r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM014
Vuln IDs
  • V-6584
Rule IDs
  • SV-6694r1_rule
This parameter controls if the user name is logged.System AdministratorECSC-1
Checks: C-2395r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On Access Scanner\mcshield\Configuration Criteria: If the value bLogUserName is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6162r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\On Access Scanner\mcshield\Configuration so that the value of bLogUserName is 1.

b
The McAfee VirusScan autoupdate parameters are not configured as required.
SI-3 - Medium - CCI-001247 - V-6585 - SV-6695r2_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001247
Version
DTAM016
Vuln IDs
  • V-6585
Rule IDs
  • SV-6695r2_rule
This parameter ensure that the product is configured to get autoupdates.System AdministratorECVP-1
Checks: C-2396r4_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87BF-e3247CE382F5} Criteria: If bSchedEnabled=1 and eScheduleType=0 the schedule is daily, this is not a finding. If bSchedEnabled=1 and eScheduleType=1 the schedule is weekly, this is not a finding. If bSchedEnabled=0, no schedule is set, then this is a finding.

Fix: F-6163r1_fix

On the VirusScan console, Double click the AutoUpdate item, click the Schedule button. On the TASK tab, check the Enable box, and enable the schedule. On the Schedule tab, create a DAILY or WEEKLY schedule to run.

b
The McAfee VirusScan Exchange scanner is not enabled.
Medium - V-6586 - SV-6696r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM021
Vuln IDs
  • V-6586
Rule IDs
  • SV-6696r1_rule
This parameter controls if the email client scanner is active.System AdministratorECSC-1
Checks: C-2397r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\GeneralOptions Criteria: If the value bEnabled is 1, this is not a finding.

Fix: F-6164r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\GeneralOptions so that the value of bEnabled is 1.

b
The McAfee VirusScan find unknown programs email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6587 - SV-6697r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM022
Vuln IDs
  • V-6587
Rule IDs
  • SV-6697r1_rule
This parameter controls if scanning is performed for unknown program viruses.System AdministratorECSC-1
Checks: C-2398r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\DetectionOptions Criteria: If the value dwProgramHeuristicsLevel is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6165r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\DetectionOptions so that the value of dwProgramHeuristicsLevel is 1.

b
The McAfee VirusScan find unknown macro virus email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6588 - SV-6698r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM023
Vuln IDs
  • V-6588
Rule IDs
  • SV-6698r1_rule
This parameter controls the scanning for unknown macro viruses.System AdministratorECSC-1
Checks: C-2399r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\EMail scanner\Outlook\OnDelivery\DetectionOptions Criteria: If the value dwMacroHeuristicsLevel is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6166r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\EMail Scanner\Outlook\OnDelivery\DetectionOptions so that the value of dwMacroHeuristicsLevel is 1.

b
The McAfee VirusScan scan inside archives email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6589 - SV-6699r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM026
Vuln IDs
  • V-6589
Rule IDs
  • SV-6699r1_rule
This parameter controls if the contents of archives are checked for viruses.System AdministratorECSC-1
Checks: C-2400r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\EMail scanner\Outlook\OnDelivery\DetectionOptions Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6167r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\eMail Scanner\Outlook\OnDelivery\DetectionOptions so that the value of ScanArchives is 1.

b
The McAfee VirusScan decode MIME email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6590 - SV-6700r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM027
Vuln IDs
  • V-6590
Rule IDs
  • SV-6700r1_rule
This parameter controls if encoded files should be decoded for virus scans.System AdministratorECSC-1
Checks: C-2401r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\DetectionOptions Criteria: If the value ScanMime is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6168r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\EMail Scanner\Outlook\OnDelivery\DetectionOptions so that the value of ScanMime is 1.

b
The McAfee VirusScan scan e-mail message body email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6591 - SV-6702r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM028
Vuln IDs
  • V-6591
Rule IDs
  • SV-6702r1_rule
This parameter ensures the email message contents is scanned for viruses.System AdministratorECSC-1
Checks: C-2403r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email scanner\outlook\onDelivery\DetectionOptions Criteria: If the value ScanMessageBodies is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6170r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\DetectionOptions so that the value of ScanMessageBodies is 1.

b
The McAfee VirusScan allowed actions email parameter is not configured as required.
SI-3 - Medium - CCI-001243 - V-6592 - SV-6704r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001243
Version
DTAM029
Vuln IDs
  • V-6592
Rule IDs
  • SV-6704r1_rule
This parameter controls what actions should happen when a virus is detected.System AdministratorECSC-1
Checks: C-2405r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ActionOptions Criteria: If the value uAction is 2, this is not a finding. If the value is other than 2, this is a finding.

Fix: F-6171r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email scanner\Outlook\Ondelivery\ActionOptions so that the value of uAction is 2.

b
The McAfee VirusScan action prompt email parameter is not configured as required.
Medium - V-6593 - SV-6706r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM030
Vuln IDs
  • V-6593
Rule IDs
  • SV-6706r1_rule
This parameter ensures appropriate actions are prompted for when a virus is found.System AdministratorECSC-1
Checks: C-2407r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email scanner\Outlook\OnDelivery\ActionOptions Criteria: If the value dwPromptButton is x1F (31), this is not a finding. If the value is not x1F (31), this is a finding.

Fix: F-6172r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email scanner\Outlook\OnDelivery\ActionOptions so that the value of dwPromptButton is x1F (31).

b
The McAfee VirusScan return reply email parameter is not configured as required.
Medium - V-6594 - SV-6707r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM033
Vuln IDs
  • V-6594
Rule IDs
  • SV-6707r1_rule
This parameter controls if an email is sent back to the original email sender indicating there was a virus detected.System AdministratorECSC-1
Checks: C-2408r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\AlertOptions Criteria: If the value bDisplayMessage is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6173r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\Ondelivery\AlertOptions so that the value of bDisplayMessage is 1.

b
The McAfee VirusScan prompt message email parameter is not configured as required.
Medium - V-6595 - SV-6708r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM034
Vuln IDs
  • V-6595
Rule IDs
  • SV-6708r1_rule
This parameter ensures an appropriate message is displayed for the user to indicate a virus was found within an email.System AdministratorECSC-1
Checks: C-2410r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\AlertOptions -- Criteria: If the value szCustomMessage contains an appropriate alert message, this is not a finding. If the value is blank or does not convey an alert, this is a finding.

Fix: F-6175r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\Ondelivery\AlertOptions so that the value of szCustomMessage contains an appropriate alert message.

b
The McAfee VirusScan log to file email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6596 - SV-6713r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM035
Vuln IDs
  • V-6596
Rule IDs
  • SV-6713r1_rule
This parameter ensures that virus scanning sessions for email are logged.System AdministratorECSC-1
Checks: C-2417r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions -- Criteria: If the value bLogToFile is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6178r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions so that the value of bLogToFile is 1.

b
The McAfee VirusScan limit log size email parameter is not configured as required.
SI-3 - Medium - CCI-001668 - V-6597 - SV-6715r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM036
Vuln IDs
  • V-6597
Rule IDs
  • SV-6715r1_rule
This parameter deteremines the size of the log file to ensure data is available for review.System AdministratorECSC-1
Checks: C-2419r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions -- Criteria: If the value of bLimitSize is 1, and the dwMaxLogSizeMB is at least Hex 64 (100) or bLimitSize is 0 this is not a finding. If the bLimitSize is 0 or if dwMaxLogSizeMB is less than Hex 64, (100) this is a finding.

Fix: F-6179r1_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions so that the value of bLimitSize is 1 and dwMaxLogSizeMB is at least Hex64 OR bLimitSize is 0.

b
The McAfee VirusScan log content email parameter is not configured as required.
Medium - V-6598 - SV-6716r2_rule
RMF Control
Severity
Medium
CCI
Version
DTAM037
Vuln IDs
  • V-6598
Rule IDs
  • SV-6716r2_rule
This setting controls the entries that are stored in the virus scanning log.System AdministratorECSC-1
Checks: C-2420r3_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions Criteria: If the value dwLogEvent is x120 (288), this is not a finding. If the value is not x120 (288), this is a finding.

Fix: F-6180r4_fix

Change the registry key HKLM\Software\McAfee\VSCore\Email Scanner\Outlook\OnDelivery\ReportOptions so that the value of dwLogEvent is x120 (288).

b
The McAfee VirusScan fixed disk and running processes are not configured as required.
SI-3 - Medium - CCI-001241 - V-6599 - SV-6717r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM045
Vuln IDs
  • V-6599
Rule IDs
  • SV-6717r1_rule
This parameter ensures that all fixed disks and running processes are scanned for viruses.System AdministratorECSC-1
Checks: C-2421r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\DesktopProtection\Tasks\{21221C11-A06D-4558-B833-98E8C7 F6C4D2} Criteria: For the values of szScanItemx (where x>=0), an entry for Fixed Drives and Special memory must exist. For example, if the following entries exist, this is not a finding. szScanItem0: FixedDrives szScanItem1: SpecialMemory The entries can be in any order and assigned to any number as long as the number is less than the value of UscanNumItems. If either of these entries are not present or the number of szScanItem is > UscanNumItems, this is a finding.

Fix: F-6181r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that entries exist for Fixed Drives and Special Memory. For example, szScanItem0: FixedDrives and szScanItem1: SpecialMemory. The entries can be in any order and assigned to any number as long as the number is less than the value of UscanNumItems.

b
The McAfee VirusScan include subfolders parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6600 - SV-6718r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM046
Vuln IDs
  • V-6600
Rule IDs
  • SV-6718r1_rule
This parameter ensures that subfolders are scanned for viruses.System AdministratorECSC-1
Checks: C-2422r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bScanSubDirs is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6182r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bScanSubDirs is 1.

b
The McAfee VirusScan include boot sectors parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6601 - SV-6719r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM047
Vuln IDs
  • V-6601
Rule IDs
  • SV-6719r1_rule
This parameter ensures that the boot sector is scanned for viruses.System AdministratorECSC-1
Checks: C-2423r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bSkipBootScan is 0, this is not a finding. If the value is 1, this is a finding.

Fix: F-6183r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bSkipBootScan is 0.

b
The McAfee VirusScan scan all files parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6602 - SV-6720r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM048
Vuln IDs
  • V-6602
Rule IDs
  • SV-6720r1_rule
This parameter ensures all files are scanned.System AdministratorECSC-1
Checks: C-2425r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bScanAllFiles is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6185r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so the value of bScanAllFiles is 1.

b
The McAfee VirusScan exclusions parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6604 - SV-6723r2_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM050
Vuln IDs
  • V-6604
Rule IDs
  • SV-6723r2_rule
This parameter ensures that there are no unapproved exclusions from the virus scanning.System AdministratorECSC-1
Checks: C-2428r3_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\ CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value is > 0 this is a finding. If the value is > 0, ensure the justification for exclusions found have been documented with the IAO/IAM. If exclusions are documented with the IAO/IAM, this is not a finding. If exclusions have not been documented, this is a finding.

Fix: F-6187r2_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of NumExcludeItems is 0. If not set to 0, all exclusions must be documented and approved with the IAO/IAM.

b
The McAfee VirusScan scan archives parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6611 - SV-6731r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM052
Vuln IDs
  • V-6611
Rule IDs
  • SV-6731r1_rule
This parameter ensures that archive files are checked for viruses.System AdministratorECSC-1
Checks: C-2452r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value ScanArchives is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6200r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of ScanArchives is 1.

b
The McAfee VirusScan decode MIME encoded files parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6612 - SV-6732r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM053
Vuln IDs
  • V-6612
Rule IDs
  • SV-6732r1_rule
This file ensures that MIME encoded files are scanned for viruses.System AdministratorECSC-1
Checks: C-2455r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value ScanMime is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6201r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of ScanMime is 1.

b
The McAfee VirusScan find unknown programs parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6614 - SV-6734r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM054
Vuln IDs
  • V-6614
Rule IDs
  • SV-6734r1_rule
This parameter will ensure the virus scanner checks for unknown program viruses.System AdministratorECSC-1
Checks: C-2456r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value dwProgramHeuristicsLevel is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6203r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of dwProgramHeuristicsLevel is 1.

b
The McAfee VirusScan find unknown macro viruses parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6615 - SV-6735r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM055
Vuln IDs
  • V-6615
Rule IDs
  • SV-6735r1_rule
This parameter controls checking for unknown macro viruses.System AdministratorECSC-1
Checks: C-2458r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value dwMacroHeuristicsLevel is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6204r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of dwMacroHeuristicsLevel is 1.

b
The McAfee VirusScan action for Virus parameter is not configured as required.
SI-3 - Medium - CCI-001243 - V-6616 - SV-6736r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001243
Version
DTAM056
Vuln IDs
  • V-6616
Rule IDs
  • SV-6736r1_rule
This parameter controls the action when a virus is found.System AdministratorECSC-1
Checks: C-2460r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value uAction is 5, this is not a finding. If the value is other than 5, this is a finding.

Fix: F-6205r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of uAction is 5.

b
The McAfee VirusScan secondary action for virus parameter is not configured as required.
SI-3 - Medium - CCI-001243 - V-6617 - SV-6737r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001243
Version
DTAM057
Vuln IDs
  • V-6617
Rule IDs
  • SV-6737r1_rule
This parameter controls the secondary action that is performed when a virus is found.System AdministratorECSC-1
Checks: C-2461r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value uSecAction is 3, this is not a finding. If the value is other than 3, this is a finding.

Fix: F-6206r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of uSecAction is 3.

b
The McAfee VirusScan log to file parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6618 - SV-6738r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM059
Vuln IDs
  • V-6618
Rule IDs
  • SV-6738r1_rule
This parameter ensures that virus scan activities are written to a log file.System AdministratorECSC-1
Checks: C-2465r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bLogToFile is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6208r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bLogToFile is 1.

b
The McAfee VirusScan log file limit parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6620 - SV-6740r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM060
Vuln IDs
  • V-6620
Rule IDs
  • SV-6740r1_rule
This parameter determines the minimum size for the log to ensure enough data is available for review.System AdministratorECSC-1
Checks: C-2467r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value of bLimitSize is 1, and the uKilobytes is at least 19000 or bLimitSize is 0 this is not a finding. If the bLimitSize is 0 and uKilobytes is less than 19000, this is a finding.

Fix: F-6209r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bLimitSize is 1 and uKilobytes is >= 19000 OR bLimitSize is 0.

b
The McAfee VirusScan log session summary parameter is not configured as required.
Medium - V-6624 - SV-6744r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM062
Vuln IDs
  • V-6624
Rule IDs
  • SV-6744r1_rule
This parameter ensures that session summary information is logged for future review if needed.System AdministratorECSC-1
Checks: C-2474r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bLogSummary is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6213r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bLogSummary is 1.

b
The McAfee VirusScan failure on encrypted files parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-6625 - SV-6745r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM063
Vuln IDs
  • V-6625
Rule IDs
  • SV-6745r1_rule
This parameter ensures that failures on encrypted files are logged.System AdministratorECSC-1
Checks: C-2477r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bLogScanEncryptFail is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6214r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bLogScanEncryptFail is 1.

b
The McAfee VirusScan log user name is not configured as required.
Medium - V-6626 - SV-6746r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM064
Vuln IDs
  • V-6626
Rule IDs
  • SV-6746r1_rule
This parameter controls the user name being logged as part of the log file.System AdministratorECSC-1
Checks: C-2478r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bLogUserName is 1, this is not a finding. If the value is 0, this is a finding.

Fix: F-6215r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bLogUserName is 1.

b
The McAfee VirusScan schedule is not configured as required.
SI-3 - Medium - CCI-001241 - V-6627 - SV-6747r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM070
Vuln IDs
  • V-6627
Rule IDs
  • SV-6747r1_rule
This parameter ensures that the virus scan is scheduled to be executed.System AdministratorECSC-1
Checks: C-2480r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value bSchedEnabled is 1 and eScheduletype is 0 or 1, this is not a finding. If the value bSchedEnabled is 0 or eScheduletype is not 0 or not 1 this is a finding.

Fix: F-6216r1_fix

Change the registry key HKLM\Software\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} so that the value of bSchedEnabled is 1 and eScheduletype is 0 or 1.

b
The McAfee VirusScan on access scan parameter for scipt scan is incorrect.
SI-3 - Medium - CCI-001242 - V-14618 - SV-15243r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM090
Vuln IDs
  • V-14618
Rule IDs
  • SV-15243r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12634r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\ScriptScan Criteria: If the value of ScriptScanEnabled is 1, this is not a finding. This finding applies to Version 8.0 only.

Fix: F-14080r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\ScriptScan Criteria: Set the value of ScriptScanEnabled to 1. This finding applies to Version 8.0 only.

b
The McAfee VirusScan on access scan parameter for connection blocking is incorrect.
SI-3 - Medium - CCI-001242 - V-14619 - SV-15244r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM091
Vuln IDs
  • V-14619
Rule IDs
  • SV-15244r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12635r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: If the value of VSIDBlock is 1, this is not a finding.

Fix: F-14081r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: Set the value of VSIDBlock to 1.

b
The McAfee VirusScan on access scan parameter for connection blocking time is incorrect.
SI-3 - Medium - CCI-001242 - V-14620 - SV-15245r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM092
Vuln IDs
  • V-14620
Rule IDs
  • SV-15245r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12636r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: If the value of VSIDBlockTimeout >= to HEX 1E, this is not a finding.

Fix: F-14082r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: Set the value of VSIDBlockTimeout >= to HEX 1E.

b
The McAfee VirusScan on access scan parameter for blocking unwanted programs is incorrect.
SI-3 - Medium - CCI-001242 - V-14621 - SV-15246r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM093
Vuln IDs
  • V-14621
Rule IDs
  • SV-15246r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12637r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: If the value of VSIDBlockOnNonVirus is 1, this is not a finding.

Fix: F-14083r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: Set the value of VSIDBlockOnNonVirus to 1.

b
The McAfee VirusScan scan default values for processes are not configured as required.
SI-3 - Medium - CCI-001242 - V-14622 - SV-15247r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM100
Vuln IDs
  • V-14622
Rule IDs
  • SV-15247r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12638r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration Criteria: If the value OnlyUseDefaultConfig is 1, this is not a finding.

Fix: F-14084r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration Criteria: Set the value OnlyUseDefaultConfig to 1.

b
The McAfee VirusScan scan when writing to disk is not configured as required.
SI-3 - Medium - CCI-001242 - V-14623 - SV-15248r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM101
Vuln IDs
  • V-14623
Rule IDs
  • SV-15248r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12639r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value bScanIncoming is 1, this is not a finding.

Fix: F-14085r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value bScanIncoming to 1.

b
The McAfee VirusScan scan when reading parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14624 - SV-15249r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM102
Vuln IDs
  • V-14624
Rule IDs
  • SV-15249r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12640r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value bScanOutgoing is 1, this is not a finding.

Fix: F-14086r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value bScanOutgoing to 1.

b
The McAfee VirusScan scan all files parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14625 - SV-15250r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM103
Vuln IDs
  • V-14625
Rule IDs
  • SV-15250r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12641r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value LocalExtensionMode is 1 and the value of NetworkExtensionMode is 1 this is not a finding. If either of these is not 1, this is a finding.

Fix: F-14087r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value LocalExtensionMode to 1and the value of NetworkExtensionMode to 1.

b
The McAfee VirusScan heuristics program viruses parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14626 - SV-15251r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM104
Vuln IDs
  • V-14626
Rule IDs
  • SV-15251r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12642r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value dwProgramHeuristicsLevel is 1, this is not a finding.

Fix: F-14088r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value dwProgramHeuristicsLevel to 1.

b
The McAfee VirusScan heuristics macro viruses parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14627 - SV-15252r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM105
Vuln IDs
  • V-14627
Rule IDs
  • SV-15252r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12643r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value dwMacroHeuristicsLevel is 1, this is not a finding.

Fix: F-14089r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value dwMacroHeuristicsLevel to 1.

b
The McAfee VirusScan scan inside archives parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14628 - SV-15253r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM106
Vuln IDs
  • V-14628
Rule IDs
  • SV-15253r1_rule
This setting is required for the virus software.Information Assurance OfficerECVP-1
Checks: C-12644r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value ScanArchives is 1, this is not a finding.

Fix: F-14090r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value ScanArchives to 1.

b
The McAfee VirusScan process primary action parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14630 - SV-15255r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM110
Vuln IDs
  • V-14630
Rule IDs
  • SV-15255r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12646r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value UAction_Program is 1, 3, 4, or 5, this is not a finding.

Fix: F-14092r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value UAction_Program to 1, 3, 4, or 5.

b
The McAfee VirusScan process secondary action parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14631 - SV-15256r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM111
Vuln IDs
  • V-14631
Rule IDs
  • SV-15256r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12647r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: If the value USecAction_Program is 1, 3, 4, or 5, this is not a finding. If the value is 0, this is a finding.

Fix: F-14093r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default Criteria: Set the value USecAction_Program to 1, 3, 4, or 5.

b
he McAfee VirusScan detects unwanted programs email parameter is not configured as required.
Medium - V-14651 - SV-15277r1_rule
RMF Control
Severity
Medium
CCI
Version
DTAM038
Vuln IDs
  • V-14651
Rule IDs
  • SV-15277r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12666r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\E-Mail Scan\DetectionOptions Criteria: If the value ApplyNVP is 1, this is not a finding.

Fix: F-14110r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\E-Mail Scan\DetectionOptions Criteria: Set the value ApplyNVP to 1.

b
The McAfee VirusScan unwanted programs action email parameter is not configured as required.
SI-3 - Medium - CCI-001243 - V-14652 - SV-15278r3_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001243
Version
DTAM039
Vuln IDs
  • V-14652
Rule IDs
  • SV-15278r3_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12668r8_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\E-Mail Scan\ActionOptions Criteria: If the value uAction_Program is 5, this is not a finding.

Fix: F-14112r4_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\E-Mail Scan\ActionOptions Criteria: Set the value uAction_Progam to 5.

b
The McAfee VirusScan check for unwanted programs parameter is not configured as required.
SI-3 - Medium - CCI-001241 - V-14654 - SV-15280r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001241
Version
DTAM058
Vuln IDs
  • V-14654
Rule IDs
  • SV-15280r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12669r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\ CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: If the value ApplyNVP is 1, this is not a finding.

Fix: F-14113r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\VirusScan Enterprise\ CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS} Criteria: Set the value ApplyNVP to 1.

b
The McAfee VirusScan buffer overflow protection is not configured as required.
SI-3 - Medium - CCI-001242 - V-14657 - SV-15283r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM130
Vuln IDs
  • V-14657
Rule IDs
  • SV-15283r1_rule
This setting is required for the virus software.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12673r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: If the value EnterceptEnabled is 1, this is not a finding.

Fix: F-14116r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: Set the value EnterceptEnabled to 1.

b
The McAfee VirusScan buffer overflow protection mode is not configured as required.
SI-3 - Medium - CCI-001242 - V-14658 - SV-15284r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM131
Vuln IDs
  • V-14658
Rule IDs
  • SV-15284r1_rule
This setting is required to ensure that buffer overflow protection is enabled and that "Protection mode" is enabled. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Protection mode" option is selected to ensure that the application is prevented from executing. System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12674r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: If the value EnterceptMode is 1, this is not a finding.

Fix: F-14117r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: Set the value EnterceptMode to 1.

b
The McAfee VirusScan buffer overflow message parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14659 - SV-15285r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM132
Vuln IDs
  • V-14659
Rule IDs
  • SV-15285r1_rule
This setting is required to ensure when buffer overflow protection is enabled that the "Show the messages dialog box when a buffer overflow is detected" is selected. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Show the messages dialog box when a buffer overflow is detected" option is selected to ensure that the user is notified . System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12675r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: If the value EnterceptShowMessages is 1, this is not a finding.

Fix: F-14118r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\ On Access Scanner\BehaviourBlocking Criteria: Set the value EnterceptShowMessages to 1.

b
The McAfee VirusScan buffer overflow log parameter is not configured as required.
SI-3 - Medium - CCI-001242 - V-14660 - SV-15286r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM133
Vuln IDs
  • V-14660
Rule IDs
  • SV-15286r1_rule
This setting is required to ensure when buffer overflow protection is enabled that the "Enable activity logging and accept the default location for the log file or specify a new location" is selected. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Enable activity logging and accept the default location for the log file or specify a new location" option is selected to ensure that buffer overflow logging is being performed .System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12676r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: If the value bLogToFile_Ent is 1, this is not a finding.

Fix: F-14119r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: Set the value bLogToFile_Ent to 1.

b
The McAfee VirusScan log size limitation parameters are not configured as required.
SI-3 - Medium - CCI-001242 - V-14661 - SV-15287r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM134
Vuln IDs
  • V-14661
Rule IDs
  • SV-15287r1_rule
This setting is required to ensure when buffer overflow protection is enabled that the "Log file size" is selected. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Log file size" option is selected to ensure that buffer overflow log file size does not excced 100mb.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12677r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: If the value bLimitSize_Ent is 1 and the value of dwMaxLogSizeMB_Ent is at least hex 64, this is not a finding.

Fix: F-14120r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking Criteria: Set the value bLimitSize_Ent to 1and the value of dwMaxLogSizeMB_Ent to at least hex 64.

b
The McAfee VirusScan detection of Spyware is not configured as required.
SI-3 - Medium - CCI-001668 - V-14662 - SV-15288r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM135
Vuln IDs
  • V-14662
Rule IDs
  • SV-15288r1_rule
This setting is required to ensure that under the Unwanted Programs Policies, Spyware is selected. This enables the detection of Spyware on the system.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12678r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\NVP Criteria: If the value DetectSpyware is 1, this is not a finding.

Fix: F-14121r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\NVP Criteria: Set the value DetectSpyware to 1.

b
The McAfee VirusScan detection of Adware is not configured as required.
SI-3 - Medium - CCI-001668 - V-14663 - SV-15289r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001668
Version
DTAM136
Vuln IDs
  • V-14663
Rule IDs
  • SV-15289r1_rule
This setting is required to ensure that under the Unwanted Programs Policies, Adware is selected. This enables the detection of Adware on the system.System AdministratorInformation Assurance OfficerECVP-1
Checks: C-12976r1_chk

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\NVP Criteria: If the value DetectAdware is 1, this is not a finding.

Fix: F-14228r1_fix

Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Network Associates\TVD\Shared Components\NVP Criteria :Set the value DetectAdware to 1.

c
The antivirus signature file age exceeds 7 days.
SI-3 - High - CCI-001240 - V-19910 - SV-22081r1_rule
RMF Control
SI-3
Severity
High
CCI
CCI-001240
Version
DTAG008
Vuln IDs
  • V-19910
Rule IDs
  • SV-22081r1_rule
Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. Note: If the vendor or trusted site’s files match the date of the signature files on the machine, this is not a finding. System AdministratorECVP-1
Checks: C-25621r1_chk

Locate McAfee icon in system tray. Right click to open and choose VirusScan Console. Select Help then choose About VirusScan Enterprise. Displayed will be a date for "DAT Created On:. Criteria: If the "DAT Created On:" date is older than 7 calendar days from the current date, this is a finding. Note: If the vendor or trusted site’s files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.

Fix: F-20633r1_fix

Update antivirus signature file as your local process describes e.g autoupdate or runtime executable.

b
The McAfee VirusScan File Reputation Service setting is not configured as required.
SI-3 - Medium - CCI-001242 - V-35027 - SV-46286r1_rule
RMF Control
SI-3
Severity
Medium
CCI
CCI-001242
Version
DTAM137
Vuln IDs
  • V-35027
Rule IDs
  • SV-46286r1_rule
This parameter controls setting the Heuristic network check for suspicious files in the File Reputation Service.System AdministratorECSC-1
Checks: C-43437r4_chk

-8.7 Local Configured Client: Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On access scanner Criteria: If the value of ArtemisEnabled is REG_DWORD = 1, this is not a finding. AND Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\VSCore\On access scanner Criteria: If the value of ArtemisLevel is REG_DWORD = 2, this is not a finding. NOTE: This setting applies to product versions of 8.7i and above only.

Fix: F-39580r3_fix

-8.7 Local Configured Client: Change the registry keys HKLM\Software\McAfee\VSCore\On Access Scanner so that the value of ArtemisEnabled is REG_DWORD = 1 and ArtemisLevel is REG_DWORD = 2. NOTE: This setting applies to product versions of 8.7i and above only.