McAfee VirusScan On-Demand scan must be configured to detect for unwanted programs.

From McAfee VirusScan 8.8 Managed Client STIG

Part of DTAM058-McAfee VirusScan check unwanted programs

Associated with: CCI-001241

SV-55207r2_rule McAfee VirusScan On-Demand scan must be configured to detect for unwanted programs.

Vulnerability discussion

Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infections capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.

Check content

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Tasks on a Single System. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the client scan task under review, under the Task Type column, ensure it is an "On Demand scan" and in the Status column, ensure that the status is "Enabled". In the Actions column, select "Edit Assignment". In the Task to Schedule: area, verify the Product is "VirusScan Enterprise 8.8.0" and the Task Type is "On Demand Scan". In the Task name column, select "View Selected Task". Under the Scan Items tab, locate the "Options:" label. Ensure the "Detect unwanted programs" option is selected. Criteria: If "Detect unwanted programs" is selected, this is not a finding. Locally, on the client machine, use the Windows Explorer to navigate to the following folder: (This folder may be hidden.) %SystemDrive%\ProgramData\McAfee\Common Framework\Task (64-Bit) If folder(s) do not exist, an alternative method of validating is via the following registry key. [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks] and are referenced by a GUID for each task. Multiple .ini files will be stored in this folder, one for each task defined on the ePO server for this client. The name for each task is identified in the first section of the file under the [Task] section on the TaskName= "" line. Additionally, a TaskType= line is provided to describe the type of scan. In this case, TaskType=VSC700_Scan_Task is expected. Information for this check is determined by examining the contents of this file. Criteria: If [Spyware] ApplyNVP=1 is present, this is not a finding.

Fix text

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Tasks on a Single System. From the list of available tasks in the Task Name column, with the assistance of the ePO SA, identify the weekly on demand client scan task. In the same row as the client scan task under review, under the Task Type column, ensure it is an "On Demand scan" and in the Status column, ensure that the status is "Enabled". In the Task Name column, select the weekly on demand task. Under the Scan Items tab, locate the "Options:" label. Select the "Detect unwanted programs" option. Select Save.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer