McAfee VirusScan Managed Client

U_McAfeeVirusScanManagedClient_V4R10_Manual-XCCDF.xml

Details

Version / Release: V4R10

Published: 2014-01-03

Updated At: 2018-09-23 04:05:55

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.
    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-21321r2_rule DTAM003 CCI-001242 MEDIUM The McAfee VirusScan on access scan parameter for floppy disks is incorrect. This parameter controls the scanning of floppy disks.System AdministratorECSC-1
    SV-25546r2_rule DTAM005 CCI-001242 MEDIUM The McAfee VirusScan remove messages parameters are not configured as required. This parameter controls if users can remove virus alerts from the display.System AdministratorECSC-1
    SV-21323r2_rule DTAM006 MEDIUM The McAfee VirusScan Clean Infected file parameter is not configured as required. This parameter determines if infected files are cleaned.System AdministratorECSC-1
    SV-21324r1_rule DTAM007 MEDIUM The McAfee VirusScan delete infected file parameter is not configured as required. This parameter controls if infected files are deleted.System AdministratorECSC-1
    SV-21325r1_rule DTAM009 CCI-001242 MEDIUM The McAfee VirusScan Control Panel log parameter is not configured as required. This parameter controls the logging of the scan.System AdministratorECSC-1
    SV-21326r1_rule DTAM010 CCI-001242 MEDIUM The McAfee VirusScan limit log size parameter is not configured as required. This parameter controls the log size.System AdministratorECSC-1
    SV-21328r1_rule DTAM012 CCI-001242 MEDIUM The McAfee VirusScan log summary parameter is not configured as required. This parameter controls if the session summary is being logged.System AdministratorECSC-1
    SV-21329r2_rule DTAM013 CCI-001242 MEDIUM The McAfee VirusScan log encrypted files parameter is not configured as required. This parameter controls if failure to scan encrypted files is logged.System AdministratorECSC-1
    SV-21337r2_rule DTAM016 CCI-001247 MEDIUM The McAfee VirusScan autoupdate parameters are not configured as required. This parameter ensure that the product is configured to get autoupdates.System AdministratorECVP-1
    SV-21339r1_rule DTAM021 MEDIUM The McAfee VirusScan Exchange scanner is not enabled. This parameter controls if the email client scanner is active.System AdministratorECSC-1
    SV-21341r1_rule DTAM022 CCI-001668 MEDIUM The McAfee VirusScan find unknown programs email parameter is not configured as required. This parameter controls if scanning is performed for unknown program viruses.System AdministratorECSC-1
    SV-21343r1_rule DTAM023 CCI-001668 MEDIUM The McAfee VirusScan find unknown macro virus email parameter is not configured as required. This parameter controls the scanning for unknown macro viruses.System AdministratorECSC-1
    SV-21344r1_rule DTAM026 CCI-001668 MEDIUM The McAfee VirusScan scan inside archives email parameter is not configured as required. This parameter controls if the contents of archives are checked for viruses.System AdministratorECSC-1
    SV-21345r1_rule DTAM027 CCI-001668 MEDIUM The McAfee VirusScan decode MIME email parameter is not configured as required. This parameter controls if encoded files should be decoded for virus scans.System AdministratorECSC-1
    SV-21346r1_rule DTAM028 CCI-001668 MEDIUM The McAfee VirusScan scan e-mail message body email parameter is not configured as required. This parameter ensures the email message contents is scanned for viruses.System AdministratorECSC-1
    SV-21347r1_rule DTAM029 CCI-001243 MEDIUM The McAfee VirusScan allowed actions email parameter is not configured as required. This parameter controls what actions should happen when a virus is detected.System AdministratorECSC-1
    SV-21348r2_rule DTAM030 MEDIUM The McAfee VirusScan action prompt email parameter is not configured as required. This parameter ensures appropriate actions are prompted for when a virus is found.System AdministratorECSC-1
    SV-21349r1_rule DTAM033 MEDIUM The McAfee VirusScan return reply email parameter is not configured as required. This parameter controls if an email is sent back to the original email sender indicating there was a virus detected.System AdministratorECSC-1
    SV-21350r2_rule DTAM034 MEDIUM The McAfee VirusScan prompt message email parameter is not configured as required. This parameter ensures an appropriate message is displayed for the user to indicate a virus was found within an email.System AdministratorECSC-1
    SV-21351r2_rule DTAM035 CCI-001668 MEDIUM The McAfee VirusScan log to file email parameter is not configured as required. This parameter ensures that virus scanning sessions for email are logged.System AdministratorECSC-1
    SV-21354r2_rule DTAM036 CCI-001668 MEDIUM The McAfee VirusScan limit log size email parameter is not configured as required. This parameter deteremines the size of the log file to ensure data is available for review.System AdministratorECSC-1
    SV-21352r3_rule DTAM037 MEDIUM The McAfee VirusScan log content email parameter is not configured as required. This setting controls the entries that are stored in the virus scanning log.System AdministratorECSC-1
    SV-21353r1_rule DTAM045 CCI-001241 MEDIUM The McAfee VirusScan fixed disk and running processes are not configured as required. This parameter ensures that all fixed disks and running processes are scanned for viruses.System AdministratorECSC-1
    SV-21355r1_rule DTAM046 CCI-001241 MEDIUM The McAfee VirusScan include subfolders parameter is not configured as required. This parameter ensures that subfolders are scanned for viruses.System AdministratorECSC-1
    SV-21356r1_rule DTAM047 CCI-001241 MEDIUM The McAfee VirusScan include boot sectors parameter is not configured as required. This parameter ensures that the boot sector is scanned for viruses.System AdministratorECSC-1
    SV-21357r1_rule DTAM048 CCI-001241 MEDIUM The McAfee VirusScan scan all files parameter is not configured as required. This parameter ensures all files are scanned.System AdministratorECSC-1
    SV-21358r2_rule DTAM050 CCI-001241 MEDIUM The McAfee VirusScan exclusions parameter is not configured as required. This parameter ensures that there are no unapproved exclusions from the virus scanning.System AdministratorECSC-1
    SV-21359r1_rule DTAM052 CCI-001241 MEDIUM The McAfee VirusScan scan archives parameter is not configured as required. This parameter ensures that archive files are checked for viruses.System AdministratorECSC-1
    SV-21360r1_rule DTAM053 CCI-001241 MEDIUM The McAfee VirusScan decode MIME encoded files parameter is not configured as required. This file ensures that MIME encoded files are scanned for viruses.System AdministratorECSC-1
    SV-21361r1_rule DTAM054 CCI-001241 MEDIUM The McAfee VirusScan find unknown programs parameter is not configured as required. This parameter will ensure the virus scanner checks for unknown program viruses.System AdministratorECSC-1
    SV-21362r1_rule DTAM055 CCI-001241 MEDIUM The McAfee VirusScan find unknown macro viruses parameter is not configured as required. This parameter controls checking for unknown macro viruses.System AdministratorECSC-1
    SV-21363r1_rule DTAM056 CCI-001243 MEDIUM The McAfee VirusScan action for Virus parameter is not configured as required. This parameter controls the action when a virus is found.System AdministratorECSC-1
    SV-21364r1_rule DTAM057 CCI-001243 MEDIUM The McAfee VirusScan secondary action for virus parameter is not configured as required. This parameter controls the secondary action that is performed when a virus is found.System AdministratorECSC-1
    SV-21365r1_rule DTAM059 CCI-001241 MEDIUM The McAfee VirusScan log to file parameter is not configured as required. This parameter ensures that virus scan activities are written to a log file.System AdministratorECSC-1
    SV-21366r1_rule DTAM060 CCI-001241 MEDIUM The McAfee VirusScan log file limit parameter is not configured as required. This parameter determines the minimum size for the log to ensure enough data is available for review.System AdministratorECSC-1
    SV-21369r1_rule DTAM062 MEDIUM The McAfee VirusScan log session summary parameter is not configured as required. This parameter ensures that session summary information is logged for future review if needed.System AdministratorECSC-1
    SV-21370r1_rule DTAM063 CCI-001241 MEDIUM The McAfee VirusScan failure on encrypted files parameter is not configured as required. This parameter ensures that failures on encrypted files are logged.System AdministratorECSC-1
    SV-21379r1_rule DTAM070 CCI-001241 MEDIUM The McAfee VirusScan schedule is not configured as required. This parameter ensures that a comprehensive On-Demand system virus scan is scheduled to be executed on at least a weekly basis. System AdministratorECSC-1
    SV-21382r1_rule DTAM090 CCI-001242 MEDIUM The McAfee VirusScan on access scan parameter for script scan is incorrect. ScriptScan analyzes each webpage opened on your computer via Outlook or a web browser for JavaScript and VBScript. If an unwanted script is found it is not allowed to execute.System AdministratorInformation Assurance OfficerECVP-1
    SV-21386r1_rule DTAM091 CCI-001242 MEDIUM The McAfee VirusScan on access scan parameter for connection blocking is incorrect. This setting is required to block connections from remote computers when a threat or unwanted program is detected in a shared folder.System AdministratorInformation Assurance OfficerECVP-1
    SV-21400r1_rule DTAM092 CCI-001242 MEDIUM The McAfee VirusScan on access scan parameter for connection blocking time is incorrect. This parameter unblocks suspected threats in a remote computer shared connection. If a threat is detected blocking blocks the connection. This parameter unblocks the connection after at minimum of 30 minutes.System AdministratorInformation Assurance OfficerECVP-1
    SV-21404r2_rule DTAM093 CCI-001242 MEDIUM The McAfee VirusScan on access scan parameter for blocking unwanted programs is incorrect. This setting blocks the connection to a remote computer share where an unwanted program is found in the remote share folder.System AdministratorInformation Assurance OfficerECVP-1
    SV-21405r1_rule DTAM100 CCI-001242 MEDIUM The McAfee VirusScan scan default values for processes are not configured as required. With this setting set to "Configure one scanning policy for all processes" one policy baseline for all on-access scanning is set using one set of policy options.System AdministratorInformation Assurance OfficerECVP-1
    SV-21406r2_rule DTAM101 CCI-001242 MEDIUM The McAfee VirusScan scan when writing to disk is not configured as required. This setting requires on-access scanning to be performed whenever a files is written to a non-networked disk drive.System AdministratorInformation Assurance OfficerECVP-1
    SV-21407r2_rule DTAM102 CCI-001242 MEDIUM The McAfee VirusScan scan when reading parameter is not configured as required. This setting requires on-access scanning to be performed whenever a files are read from a non-networked disk drive.System AdministratorInformation Assurance OfficerECVP-1
    SV-21409r2_rule DTAM103 CCI-001242 MEDIUM The McAfee VirusScan scan all files parameter is not configured as required. This setting requires on-access scanning to be performed whenever a file is read from or written to network drives.System AdministratorInformation Assurance OfficerECVP-1
    SV-21410r1_rule DTAM104 CCI-001242 MEDIUM The McAfee VirusScan heuristics program viruses parameter is not configured as required. This setting requires on-access scanning to "Find unknown program threats and trojans" based on heuristic problem solving techniques. System AdministratorInformation Assurance OfficerECVP-1
    SV-21411r1_rule DTAM105 CCI-001242 MEDIUM The McAfee VirusScan heuristics macro viruses parameter is not configured as required. This setting requires on-access scanning to "Find unknown macro threats" based on heuristic problem solving techniques. System AdministratorInformation Assurance OfficerECVP-1
    SV-21412r1_rule DTAM106 CCI-001242 MEDIUM The McAfee VirusScan scan inside archives parameter is not configured as required. This setting requires on-access scanning to scan inside archive files such as .ZIP files. This also enables on-access scanning to be perfomed on other compressed file types as well.System AdministratorECVP-1
    SV-21414r2_rule DTAM110 CCI-001242 MEDIUM The McAfee VirusScan process primary action parameter is not configured as required. This setting requires that for On-Access scanning the first response to a threat that is detected is to “Clean files automatically”.System AdministratorInformation Assurance OfficerECVP-1
    SV-21415r2_rule DTAM111 CCI-001242 MEDIUM The McAfee VirusScan process secondary action parameter is not configured as required. This setting is required in response to a threat that could not be cleaned by the On-Access "Clean Files Automatically" setting. In this event the On_access setting for "If the first action fails, then perform this action:" is "Delete Files Automatically". If the file cannot be repaired it should be deleted. System AdministratorInformation Assurance OfficerECVP-1
    SV-21416r1_rule DTAM038 MEDIUM The McAfee VirusScan detects unwanted programs email parameter is not configured as required. This setting is required for the On-Delivery Email scan. This settings enables the detection of unwanted programs to include Malware and Spyware.System AdministratorInformation Assurance OfficerECVP-1
    SV-21417r2_rule DTAM039 CCI-001243 MEDIUM The McAfee VirusScan unwanted programs action email parameter is not configured as required. This setting is required for the On Delivery Email Scan Policies. When an unwanted program is found the first action to be performed is the "Prompt for action” option. At that time the option to delete, clean, or archive the program is presented to the user. System AdministratorInformation Assurance OfficerECVP-1
    SV-21418r1_rule DTAM058 CCI-001241 MEDIUM The McAfee VirusScan check for unwanted programs parameter is not configured as required. This setting enables the detection of unwanted programs during a scheduled, On-Demand Scan, scan. The “Detect unwanted programs” option is required to be selected in the configuration for the daily or weekly On Demand Scan.System AdministratorInformation Assurance OfficerECVP-1
    SV-21419r1_rule DTAM130 CCI-001242 MEDIUM The McAfee VirusScan buffer overflow protection is not configured as required. This setting is required to ensure that buffer overflow protection is enabled. Buffer overflow protection prevents tampered with application code from being executed on the computer.System AdministratorInformation Assurance OfficerECVP-1
    SV-21420r2_rule DTAM131 CCI-001242 MEDIUM The McAfee VirusScan buffer overflow protection mode is not configured as required. This setting is required to ensure that buffer overflow protection is enabled and that "Protection mode" is enabled. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Protection mode" option is selected to ensure that the application is prevented from executing. System AdministratorInformation Assurance OfficerECVP-1
    SV-21421r1_rule DTAM132 CCI-001242 MEDIUM The McAfee VirusScan buffer overflow message parameter is not configured as required. This setting is required to ensure when buffer overflow protection is enabled that the "Show the messages dialog box when a buffer overflow is detected" is selected. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Show the messages dialog box when a buffer overflow is detected" option is selected to ensure that the user is notified . System AdministratorInformation Assurance OfficerECVP-1
    SV-21423r2_rule DTAM134 CCI-001242 MEDIUM The McAfee VirusScan log size limitation parameters are not configured as required. This setting is required to ensure when buffer overflow protection is enabled that the "Log file size" is selected. Buffer overflow protection prevents tampered with application code from being executed on the computer. The "Log file size" option is selected to ensure that buffer overflow log file size does not excced 100mb.System AdministratorInformation Assurance OfficerECVP-1
    SV-21424r1_rule DTAM135 CCI-001668 MEDIUM The McAfee VirusScan detection of Spyware is not configured as required. This setting is required to ensure that under the Unwanted Programs Policies, Spyware is selected. This enables the detection of Spyware on the system.System AdministratorInformation Assurance OfficerECVP-1
    SV-21426r1_rule DTAM136 CCI-001668 MEDIUM The McAfee VirusScan detection of Adware is not configured as required. This setting is required to ensure that under the Unwanted Programs Policies, Adware is selected. This enables the detection of Adware on the system.System AdministratorInformation Assurance OfficerECVP-1
    SV-22090r1_rule DTAG008 CCI-001240 HIGH The antivirus signature file age exceeds 7 days. Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. Note: If the vendor or trusted site’s files match the date of the signature files on the machine, this is not a finding. System AdministratorECVP-1
    SV-46287r1_rule DTAM137 CCI-001242 MEDIUM The McAfee VirusScan File Reputation Service setting is not configured as required. This parameter controls setting the Heuristic network check for suspicious files in the File Reputation Service.System AdministratorECSC-1