McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings.

From McAfee VirusScan 8.8 Local Client STIG

Part of DTAM142 - Access Protection preventing modification of McAfee CMA

Associated with: CCI-001813

SV-55281r2_rule McAfee VirusScan Access Protection Rules Common Standard Protection must be set to prevent modification of McAfee Common Management Agent files and settings.

Vulnerability discussion

Many malicious programs have attempted to disable VirusScan by stopping services and processes and leaving the system vulnerable to attack. Self-protection is an important feature of VSE that prevents malicious programs from disabling VirusScan or any of its services or processes. Many trojans and viruses will attempt to terminate or even delete security products. VSE's self-protection features protect VirusScan registry values and processes from being altered or deleted by malicious code. This rule protects the McAfee security product from modification by any process not listed in the policy's exclusion list.

Check content

Note: If the HIPS signature 3899 is enabled to provide this same protection, this check is not applicable. Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Common Standard Protection". Ensure "Prevent modification of McAfee Common Management Agent files and settings" (Block and Report) options are selected. Criteria: If "Prevent modification of McAfee Common Management Agent files and settings" (Block and Report) options are both selected, this is not a finding.

Fix text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. Under the Task column, select Access Protection, right-click, and select Properties. Under the Access Protection tab, locate the "Access protection rules:" label. In the "Categories" box, select "Common Standard Protection". Select "Prevent modification of McAfee Common Management Agent files and settings" (Block and Report) options. Click OK to Save.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer