The antivirus signature file age must not exceed 7 days.

From McAfee VirusScan 8.8 Managed Client STIG

Part of DTAG008 - The antivirus signature file age exceeds 7 days.

Associated with: CCI-001240

SV-55133r2_rule The antivirus signature file age must not exceed 7 days.

Vulnerability discussion

Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system.

Check content

Guidance in DTAM016 requires updates be run daily, automatically or manually. If compliant, the DAT date will be within 24-48 hours old. Since automated update tasks’ success is not guaranteed, the expectation is for update task success to be frequently monitored and corrected when unsuccessful. To allow for that correction, the minimum acceptable threshold for DAT date is not to exceed 7 days. On the client machine, right-click on the McAfee red shield icon in the taskbar. Choose "About". Scroll down to the "McAfee VirusScan Enterprise + AntiSpyware Enterprise" section. Review the date for "DAT Created On:". Criteria: If the "DAT Created On:" date is older than 7 days from the current date, this is a finding. From the ePO server console System Tree, select the "Systems" tab, select the asset to be checked, and double-click to open its properties. Under the System Information, scroll down to the VirusScan Enterprise section and click on the "More" link in the top-right portion of the VirusScan Enterprise section. Scroll down to the General section and confirm the DAT Date reflected is within the last 7 days. Criteria: If the DAT Date is older than 7 days from the current date, this is a finding. NOTE: If the vendor or trusted site's files are also older than 7 days and match the date of the signature files on the machine, this is not a finding.

Fix text

Update client machines via ePO client task. If this fails to update the client, update antivirus signature files as your local process describes (e.g., auto update or runtime executable.)

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer