DTAM165 - McAfee VirusScan On-Access Default Processes Policies must be configured to detect unwanted programs.

Information

Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infections capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.

Solution

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the On-Access Default Processes Policies. Under the Scan Items tab, locate the 'Unwanted programs detection:' label. Place a check in the 'Detect unwanted programs' checkbox. Select Save.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VirusScan88_Managed_Client_V6R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001242, Rule-ID|SV-216974r397870_rule, STIG-ID|DTAM165, STIG-Legacy|SV-55269, STIG-Legacy|V-42541, Vuln-ID|V-216974

Plugin: Windows

Control ID: cb5af48d0e8fbcd4a02a1cf8bf5db12ab9484ecbe423fe9b291c8f526eaadbf6