DTAM160 - McAfee VirusScan On-Access Scanner All Processes settings must be configured to not exclude any script URLs from being scanned unless the URL exclusions have been documented with, and approved by the ISSO/ISSM/DAA.

Information

Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. All scripts should be scanned and none should be excluded from scanning.

Solution

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the ScriptScan tab, locate the 'ScriptScan exclusions' label. Ensure there are no exclusions listed in the URL field.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VirusScan88_Local_Client_V6R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001242, Rule-ID|SV-243433r722638_rule, STIG-ID|DTAM160, STIG-Legacy|SV-55301, STIG-Legacy|V-42573, Vuln-ID|V-243433

Plugin: Windows

Control ID: 245e7dbb7c38aaabe61ca195184b2ad3575193ebfcc3b2c4af575441ed29b8fb