Symantec AntiVirus Locally Configured Client
Pick two releases to diff their requirements.
Open a previous version of this STIG.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS002
- Vuln IDs
-
- V-6359
- Rule IDs
-
- SV-6432r4_rule
Checks: C-1058r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of ConfigRestart is 1, this is not a finding.
Fix: F-5885r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of ConfigRestart is 1.
- RMF Control
- Severity
- H
- CCI
- Version
- DTAS003
- Vuln IDs
-
- V-6360
- Rule IDs
-
- SV-6433r5_rule
Checks: C-1059r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of OnOff is 1, this is not a finding.
Fix: F-5886r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of OnOff is 1.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS004
- Vuln IDs
-
- V-6361
- Rule IDs
-
- SV-6434r5_rule
Checks: C-1061r3_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of FileType is 0, this is not a finding.
Fix: F-5887r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of FileType is 0.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS006
- Vuln IDs
-
- V-6362
- Rule IDs
-
- SV-6435r4_rule
Checks: C-1087r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of MessageBox is 1, this is not a finding.
Fix: F-5888r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of MessageBox is 1.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS007
- Vuln IDs
-
- V-6363
- Rule IDs
-
- SV-6436r3_rule
Checks: C-1090r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of ExcludedByExtensions is 0, this is not a finding.
Fix: F-5889r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of ExcludedByExtensions is 0.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS012
- Vuln IDs
-
- V-6368
- Rule IDs
-
- SV-6441r4_rule
Checks: C-1168r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of Reads is 1, this is not a finding.
Fix: F-5894r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of Reads is 1.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS013
- Vuln IDs
-
- V-6369
- Rule IDs
-
- SV-6442r4_rule
Checks: C-1170r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of BackupToQuarantine is 1, this is not a finding.
Fix: F-5895r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of BackupToQuarantine is 1.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS014
- Vuln IDs
-
- V-6370
- Rule IDs
-
- SV-6443r4_rule
Checks: C-1174r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of APEOn is 1 and the value of APESleep is <=5 , this is not a finding. If APESleep is > 5 or APEOn is not 1, this is a finding.
Fix: F-5896r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of APEOn is 1 and the value of APESleep is<=5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS015
- Vuln IDs
-
- V-6371
- Rule IDs
-
- SV-6444r5_rule
Checks: C-1177r3_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan Criteria: If the value of ScanFloppyBRonAccess is 1, this is not a finding.
Fix: F-5897r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of ScanFloppyBRonAccess is 1
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS016
- Vuln IDs
-
- V-6372
- Rule IDs
-
- SV-6445r4_rule
Checks: C-1182r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of FloppyBRAction is 5, this is not a finding.
Fix: F-5898r2_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan so that the value of FloppyBRAction is 5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS017
- Vuln IDs
-
- V-6374
- Rule IDs
-
- SV-6447r4_rule
Checks: C-1240r3_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: For Version 9.x If the value of SkipFloppyBRonAccess is 0, this is not a finding. For Version 10.x If the value of SkipShutDownFloppyCheck is 0x0, this is not a finding.
Fix: F-5900r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Version 9.x : The value of SkipFloppyBRonAccess is 0. Version 10.x : The value of SkipShutDownFloppyCheck is 0x0.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS020
- Vuln IDs
-
- V-6375
- Rule IDs
-
- SV-6448r5_rule
Checks: C-1243r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of OnOff is 1, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-5901r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan so that the value of OnOff is 1. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS021
- Vuln IDs
-
- V-6376
- Rule IDs
-
- SV-6449r5_rule
Checks: C-1248r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of FileType is 0, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-5902r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan so that the value of FileType is 0. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS029
- Vuln IDs
-
- V-6383
- Rule IDs
-
- SV-6456r5_rule
Checks: C-1922r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of ZipFile is 1, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-5932r3_fix
Change the registry key HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan so that the value of ZipFile is 1.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS030
- Vuln IDs
-
- V-6384
- Rule IDs
-
- SV-6457r5_rule
Checks: C-1924r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\INTEL\LANDesk\VirusProtect6\CurrentVersion and determine the value data for the LogFileRollOverDays and LogFrequency values. Criteria: If the value data for the LogFileRollOverDays values is not 1e (the hex value for 30) or higher, this is a Finding. If the value data for the LogFrequency value is not 0 (the number zero), this is a Finding. Note: The LogFileRollOverDays and LogFrequency values are not created through a default product installation. The absence of these values is considered a Finding, because it allows the vendor default to be used and that value could be changed through vendor maintenance.
Fix: F-5934r3_fix
Change the registry key HKLM\Software\INTEL\LANDesk\VirusProtect6\CurrentVersion so that the values of LogFileRollOverDays is greather than or equal to 1e (the hex value for 30) and so that LogFrequency is 0. If these values are absent, add them.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS031
- Vuln IDs
-
- V-6385
- Rule IDs
-
- SV-6458r7_rule
Checks: C-1928r3_chk
Procedure: Use the File pull down menu – Schedule Updates dialog to see the frequency of the autoupdates. Criteria: If it is scheduled to run autoupdates on at least a weekly schedule, this is not a finding. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console this is a two part check. From the Symantec Enterprise Server- Symantec System Center Console - System Center Console on the Enterprise Server: System Hierarchy -> select (right click) Primary Server -> All Tasks -> Symantec Antivirus -> Virus Definition Manager -> Configure -> "Schedule for automatic updates" is checked -> Select Schedule: Ensure the update is scheduled on at least a weekly basis. SECOND, the client configuration must be checked. From the System Center Console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Virus Definition Manager -> If "Update virus definitions from parent server" is checked the Schedule is not necessary. If “Schedule for automated updates using LiveUpdate" is checked -> select Schedule: Ensure the update is scheduled on at least a weekly basis. Criteria: If the Schedule for Automatic Updates is defined for at least a weekly update this is not a finding.
Fix: F-5935r3_fix
Open the Symantec Antivirus program. Use the File - Schedule Updates dialog to set the autoupdates to run on at least a weekly schedule. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console this is a two part check. The primary server must be check to ensure that it is being updated as required. From the Symantec Enterprise Server- Symantec System Center Console - System Center Console on the Enterprise Server: System Hierarchy -> select (right click) Primary Server -> All Tasks -> Symantec Antivirus -> Virus Definition Manager -> Configure -> select "Schedule for automatic updates" -> select Schedule: select the update to be scheduled on at least a weekly basis. SECOND, the client configuration must be checked. From the System Center Console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Virus Definition Manager -> If "Update virus definitions from parent server" is checked checking the Schedule is not necessary. If “Schedule for automated updates using LiveUpdate" is checked -> select Schedule: ensure the update is scheduled on at least a weekly basis
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS032
- Vuln IDs
-
- V-6386
- Rule IDs
-
- SV-6459r5_rule
Checks: C-1932r3_chk
Procedure: navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks. Review the TaskPadScheduled and TaskPadStartup keys to determine if a task has been defined in subkey Scan Local HDD. The Scan Local HDD subkey defines a hexadecimal task ID that is the Registry subkey that holds the task settings. Make note of the task ID for the following checks. If there is no Scan Local HDD subkey, it is necessary to review all the defined subkeys in TaskPadScheduled and TaskPadStartup to determine if one identifies a hexadecimal task ID defining a task that conforms to the required settings. Criteria: If a task to scan the local hard drives is not configured to run or if an alternate procedure does not specify the required settings, this is a Finding. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: A determination of the existence of a weekly scan must be made. On the client machine navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans. Review the ClientServerScheduledScan_1\Schedule key. This key contains a value for Type that determines the frequency of the scan. If the value for this key is a 1 or a 2 this is a daily or weekly scan. note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check as each ClientServerScheduledScan_X may have a different frequency. Make note of the ClientServerScheduledScan_X weekly scan key as this will be the key used in following weekly scan checks. Criteria: if the value of Type is 1 or 2 and the value of Enabled is 1, this is not a finding.
Fix: F-6768r2_fix
Create a weekly or startup task to scan for viruses. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: A determination of the existence of a weekly scan must be made. From the System Center Console select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> In the Client Scans area if there are no scans (at least weekly) defined one must be created. Select New -> in the Name: “provide scan name” -> select Enable scan -> select Frequency of at least weekly.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS037
- Vuln IDs
-
- V-6387
- Rule IDs
-
- SV-6460r7_rule
Checks: C-1933r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of FileType is 0, this is not a finding. Criteria: If the option “All Types” is selected, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans. Review the ClientServerScheduledScan_1 key: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of FileType is 1, this is not a finding.
Fix: F-5937r3_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of FileType is 0. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: A determination of the existence of a weekly scan must be made. One option is to obtain this information from the System Administrator another option is to review each Scheduled Scan from the console on the Enterprise Server. From the Enterprise Console select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server “weekly scan” -> select Edit -> select Scan Settings -> select “All Types”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS040
- Vuln IDs
-
- V-6388
- Rule IDs
-
- SV-6461r7_rule
Checks: C-1935r5_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: For Version 9.x, if the value of ScanMemory is 1, this is not a finding. For Version 10.x the value of ScanProcesses is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check.
Fix: F-5939r4_fix
For Version 9: Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of ScanMemory is 1. For Version 10: Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of ScanProcesses is 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> select “Memory”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS041
- Vuln IDs
-
- V-6389
- Rule IDs
-
- SV-6462r5_rule
Checks: C-1938r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of MessageBox is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of MessageBox is 1, this is not a finding. Criteria: If “Display notification message on infected computer” is selected this is not a finding.
Fix: F-5940r2_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of MessageBox is 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> select Notifications -> select “Display notification message on infected computer”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS042
- Vuln IDs
-
- V-6390
- Rule IDs
-
- SV-6463r5_rule
Checks: C-1941r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of ExcludedByExtensions is 0, this is not a finding. Criteria – If the “Exclude files and folders” is not selected this is not a finding ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of ExcludeByExtensions, HaveExceptionDirs, and HaveExceptionFiles is 0, this is not a finding.
Fix: F-5941r2_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of ExcludedByExtensions is 0. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> check that “Exclude files and folders” is unchecked. Note: if “Exclude files and folders” is checked select the Exclusions tab File/Folders button and validate that no local drives are being excluded from the scan.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS047
- Vuln IDs
-
- V-6395
- Rule IDs
-
- SV-6468r5_rule
Checks: C-1954r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of ZipFile is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of ZipFiles is 1, this is not a finding.
Fix: F-5947r2_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\CustomTasks\{TaskID} so that the value of ZipFile is 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Advanced -> select “Scan files inside compressed files”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS048
- Vuln IDs
-
- V-6396
- Rule IDs
-
- SV-6469r5_rule
Checks: C-1956r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of BackupToQuarantine is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of BackupToQuarantine is 1.
Fix: F-5948r2_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of BackupToQuarantine is 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Advanced -> Remote Options area, Backup options, select “Backup file before attempting repair.”
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS050
- Vuln IDs
-
- V-6397
- Rule IDs
-
- SV-6470r6_rule
Checks: C-1958r3_chk
Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\CustomTasks\{TaskID} Criteria: If the value ScanLocked is 1, this is not a finding ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of ScanLocked is 1, this is not a finding.
Fix: F-5949r2_fix
Change the registry key HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} so that the value of ScanLocked is 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Advanced -> Remote Options area select “Allow user to stop scan” must be unchecked.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS060
- Vuln IDs
-
- V-14477
- Rule IDs
-
- SV-15095r2_rule
Checks: C-12398r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of APBlockingSecurityRisks is 1, this is not a finding. This check applies to version 10.x only.
Fix: F-13920r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of APBlockingSecurityRisks to 1. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS061
- Vuln IDs
-
- V-14481
- Rule IDs
-
- SV-15099r2_rule
Checks: C-12405r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of RespondToThreats is 3, this is not a finding. This check applies to version 10.x only.
Fix: F-13927r2_fix
Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of RespondToThreats to 3. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS062
- Vuln IDs
-
- V-14482
- Rule IDs
-
- SV-15100r2_rule
Checks: C-12406r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of DeleteInfectedOnCreate is 1, this is not a finding. This check applies to version 10.x only.
Fix: F-13928r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan Criteria: Set the value of DeleteInfectedOnCreate to 1. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS063
- Vuln IDs
-
- V-14591
- Rule IDs
-
- SV-15209r2_rule
Checks: C-12540r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of ThreatTracerOnOff is 1, this is not a finding. This check applies to version 10.x only.
Fix: F-14048r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of ThreatTracerOnOff to 1. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS064
- Vuln IDs
-
- V-14592
- Rule IDs
-
- SV-15210r2_rule
Checks: C-12541r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of Heuristics is 1, this is not a finding. This check applies to version 10.x only.
Fix: F-14049r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of Heuristics to 1. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS065
- Vuln IDs
-
- V-14593
- Rule IDs
-
- SV-15211r2_rule
Checks: C-12542r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of HeuristicsLevel is 2 or 3, this is not a finding. This check applies to version 10.x only.
Fix: F-14050r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of HeuristicsLevel to 2 or 3. This check applies to version 10.x only.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS066
- Vuln IDs
-
- V-14594
- Rule IDs
-
- SV-15212r5_rule
Checks: C-12543r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of FirstMacroAction is 1, 3 or 5, this is not a finding.
Fix: F-14051r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of FirstMacroAction to 1, 3 or 5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS067
- Vuln IDs
-
- V-14595
- Rule IDs
-
- SV-15213r3_rule
Checks: C-12544r3_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of SecondMacroAction is 1,3 or 5, this is not a finding.
Fix: F-14052r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of SecondMacroAction to 1,3 or 5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS068
- Vuln IDs
-
- V-14596
- Rule IDs
-
- SV-15214r3_rule
Checks: C-12545r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of FirstAction is 1,3, or 5, this is not a finding
Fix: F-19870r1_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of FirstAction to 1,3, or 5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS069
- Vuln IDs
-
- V-14597
- Rule IDs
-
- SV-15215r3_rule
Checks: C-12546r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: If the value of SecondAction is 1,3, or 5, this is not a finding.
Fix: F-14054r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan Criteria: Set the value of SecondAction to 1,3, or 5.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS070
- Vuln IDs
-
- V-14598
- Rule IDs
-
- SV-15216r3_rule
Checks: C-12547r3_chk
Procedure: This is a multiple step process to ensure compliance. Non-compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3, then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction value within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14055r2_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. VL04 Page 31 of 59 https://vms.disa.mil/VL04.aspx 3/26/2009 If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS071
- Vuln IDs
-
- V-14600
- Rule IDs
-
- SV-15222r3_rule
Checks: C-12615r3_chk
Procedure: This is a multiple step process to ensure compliance. Non-compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14061r2_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\Filesystem\RealTimeScan\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS080
- Vuln IDs
-
- V-14601
- Rule IDs
-
- SV-15223r6_rule
Checks: C-12616r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of InsertWarning is 1, this is not a finding. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed this check is NA.
Fix: F-14062r3_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: Set the value of InsertWarning to 1. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS081
- Vuln IDs
-
- V-14602
- Rule IDs
-
- SV-15224r5_rule
Checks: C-12617r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of FirstMacroAction is 1, 3 or 5, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-14063r4_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: Set the value of FirstMacroAction to 1, 3 or 5. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS082
- Vuln IDs
-
- V-14603
- Rule IDs
-
- SV-15225r5_rule
Checks: C-12618r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: If the value of SecondMacroAction is 1,3 or 5, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA. .
Fix: F-14064r3_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: Set the value of SecondMacroAction to 1,3 or 5. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS083
- Vuln IDs
-
- V-14604
- Rule IDs
-
- SV-15226r5_rule
Checks: C-12619r4_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName\RealTimeScan Criteria: If the value of FirstAction is 1,3, or 5, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-14065r3_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName\RealTimeScan Criteria: Set the value of FirstAction to 1,3, or 5. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS084
- Vuln IDs
-
- V-14605
- Rule IDs
-
- SV-15227r6_rule
Checks: C-12620r5_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan Criteria: If the value of SecondAction is 1,3, or 5, this is not a finding. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA.
Fix: F-14066r4_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan Criteria: Set the value of SecondAction to 1,3, or 5. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS085
- Vuln IDs
-
- V-14606
- Rule IDs
-
- SV-15228r4_rule
Checks: C-12621r4_chk
Procedure: This is a multiple step process to ensure compliance. Non-compliance points are identified throughout the procedures. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14067r3_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS086
- Vuln IDs
-
- V-14607
- Rule IDs
-
- SV-15229r4_rule
Checks: C-12622r4_chk
Procedure: This is a multiple step process to ensure compliance. Non-compliance points are identified throughout the procedures. Note: This check is for email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. If email client is not installed, this check is NA. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14068r3_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Note: This check is for Email clients. Substitute your email application name (InternetMail, LotusNotes, or MicrosoftExchangeClient) into the registry string indicated by EmailName. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\ Storages\EmailName \RealTimeScan\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\ INTEL\LANDesk\VirusProtect6 \CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\ INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\EmailName \RealTimeScan\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS091
- Vuln IDs
-
- V-14609
- Rule IDs
-
- SV-15231r4_rule
Checks: C-12624r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of ScanLoadpoints is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of ScanLoadPoints is 1, this not a finding.
Fix: F-14070r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: Set the value of ScanLoadpoints to 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> select “Common infection locations (load points)”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS092
- Vuln IDs
-
- V-14610
- Rule IDs
-
- SV-15232r4_rule
Checks: C-12625r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of ScanERASERDEFS is 1, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of ScanERASERDEFS is 1, this is not a finding.
Fix: F-14071r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: Set the value of ScanERASERDEFS to 1. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> select “Locations of well known viruses and security risks”.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS093
- Vuln IDs
-
- V-14611
- Rule IDs
-
- SV-15233r2_rule
Checks: C-12626r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of FirstMacroAction is 1, 3 or 5, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of FirstMacroAction is 1, 3, or 5, this is not a finding.
Fix: F-14072r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: Set the value of FirstMacroAction to 1, 3 or 5. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Setings -> Actions -> Highlight Macro virus: First action: Clean risk, Quarantine risk, or Delete risk.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS094
- Vuln IDs
-
- V-14612
- Rule IDs
-
- SV-15234r4_rule
Checks: C-12627r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of SecondMacroAction is 1,3 or 5, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of SeconMacroAction is 1, 3, or 5, this is not a finding..
Fix: F-14073r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: Set the value of SecondMacroAction to 1,3 or 5. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Actions -> Highlight Macro virus: If first action fails: Clean risk, Quarantine risk, or Delete risk.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS095
- Vuln IDs
-
- V-14613
- Rule IDs
-
- SV-15235r4_rule
Checks: C-12628r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: If the value of FirstAction is 1,3, or 5, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of FirstAction is 1, 3, or 5, this is not a finding.
Fix: F-14074r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID} Criteria: Set the value of FirstAction to 1,3, or 5. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Actions -> Highlight Non-Macro Virus: First Action: Clean risk, Quarantine risk, or Delete risk
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS096
- Vuln IDs
-
- V-14615
- Rule IDs
-
- SV-15240r4_rule
Checks: C-13712r2_chk
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{T askID} Criteria: If the value of SecondAction is 1,3, or 5, this is not a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Criteria: if the value of SecondAction is 1, 3, or 5, this is not a finding.
Fix: F-14077r2_fix
Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{T askID} Criteria: Set the value of SecondAction to 1,3, or 5. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Actions -> Highlight Non-macro virus: If first action fails: Clean risk, Quarantine risk, or Delete risk
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS097
- Vuln IDs
-
- V-14616
- Rule IDs
-
- SV-15241r3_rule
Checks: C-12632r2_chk
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID}\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. This key will indicate the weekly scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14078r2_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID}\Expanded Criteria: If the value of FirstAction is not 1 or 3, this is a finding. If the value FirstAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the FirstAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 1 or 3, this is compliant. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Actions -> Highlight Security Risks: under the Actions tab First action: select one of the following “Quarantine risk” or “Delete risk”. If the selection for First action is “Quarantine risk” or “Delete risk”, continue with each of the following steps. Each of the 8 parts (A – H) must be in compliance for the vulnerability to be considered not a finding. A. Highlight Adware - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. B. Highlight Dialers - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. C. Highlight Hack Tools – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. D. Highlight Joke Programs – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. E. Highlight Other – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. F. Highlight Remote Access – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. G. Highlight Spyware – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. H. Highlight Trackware - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk.
- RMF Control
- Severity
- M
- CCI
- Version
- DTAS098
- Vuln IDs
-
- V-14617
- Rule IDs
-
- SV-15242r4_rule
Checks: C-12633r2_chk
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID}\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding. ** For clients managed by a Symantec Enterprise Server: navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1: note: in the key ClientServerScheduledScan_1 the 1 indicates the entry number for the scan. This key will indicate the weekly scan. It may be necessary to review all ClientServerScheduledScan_X keys in the LocalScans branch to evaluate this check. Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKLM\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\ClientServerScheduledScan_1\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding.
Fix: F-14079r2_fix
Procedure: This is a multiple step process to ensure compliance. Non-Compliance points are identified throughout the procedures. Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Intel\Landesk\VirusProtect6\CurrentVersion\Custom Tasks\{TaskID}\Expanded Criteria: If the value of SecondAction is not 1 or 3, this is a finding. If the value SecondAction is 1 or 3 then check each of the following steps. Each of the 8 parts (A-H) must be in compliance for the vulnerability to be considered not a finding. A - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-10 If the value is 1 or 3, this is compliant, otherwise this is a finding. B - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-11 If the value is 1 or 3, this is compliant, otherwise this is a finding. C - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-4 If the value is 1 or 3, this is compliant, otherwise this is a finding. D - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-5 If the value is 1 or 3, this is compliant, otherwise this is a finding. E - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-6 If the value is 1 or 3, this is compliant, otherwise this is a finding. F - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-7 If the value is 1 or 3, this is compliant, otherwise this is a finding. G - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-8 If the value is 1 or 3, this is compliant, otherwise this is a finding. H - If the value of OverrideDefaultActions within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 0 or the value is not there, this part is compliant. If the value is 1, then check the SecondAction within HKCU\Software\Intel\Landesk\VirusProtect6 \CurrentVersion\Custom Tasks\{TaskID}\Expanded\TCID-9 If the value is 1 or 3, this is compliant, otherwise this is a finding. ** For clients managed by a Symantec Enterprise Server, Symantec System Center Console: From the console on the Enterprise Server select System Hierarchy -> select [applicable "Server Group"] -> select [applicable "Client Group"] (right click) -> All Tasks -> Symantec Antivirus -> Scheduled Scans -> Highlight the client server weekly scan -> select Edit -> select Scan Settings -> Actions -> Highlight Security Risks: under the Actions tab If first action fails: select one of the following “Quarantine risk” or “Delete risk”. If the selection for If first action fails is “Quarantine risk” or “Delete risk”, continue with each of the following steps. Each of the 8 parts (A – H) must be in compliance for the vulnerability to be considered not a finding. A. Highlight Adware - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. B. Highlight Dialers - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. C. Highlight Hack Tools – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. D. Highlight Joke Programs – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. E. Highlight Other – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. F. Highlight Remote Access – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. G. Highlight Spyware – if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk. H. Highlight Trackware - if Override actions configured for Security Risks is checked, for First action: select Quarantine risk or Delete risk.
- RMF Control
- Severity
- H
- CCI
- Version
- DTAG008
- Vuln IDs
-
- V-19910
- Rule IDs
-
- SV-22086r1_rule
Checks: C-25626r1_chk
Locate Symantec AntiVirus icon in system tray. Click icon to open Symantec AntiVirus configuration screen. Observe "Virus Definitions File" area. Criteria: If the "Version:" date is older than 7 calendar Note: If the vendor or trusted site’s files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.
Fix: F-20638r1_fix
Update antivirus signature file as your local process describes e.g autoupdate or LiveUpdate.