DTAM005 - McAfee VirusScan On-Access Scanner General Settings must be configured to prevent users from removing messages from the list.

Information

Good incident response analysis includes reviewing all logs and alerts on the system reporting the infection. If users were permitted to remove alerts from the display, incident response forensic analysis would be inhibited.

Solution

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click on Task->On-Access Scanner Properties.
Select the General Settings.

Under the Messages tab, locate the 'Actions available to user:' label. Uncheck the 'Remove messages from the list' option.

Click OK to Save.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VirusScan88_Local_Client_V6R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001242, Rule-ID|SV-243360r722419_rule, STIG-ID|DTAM005, STIG-Legacy|SV-55283, STIG-Legacy|V-42555, Vuln-ID|V-243360

Plugin: Windows

Control ID: e25928d905e7e2119625bc1aa4dcb414ad02240d46ca1767dcc199ea09579ea7