DTAM130 - McAfee VirusScan Buffer Overflow Protection Policies must be configured to enable Buffer Overflow Protection.

Information

Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This anomaly has been used maliciously, explicitly to craft exploits. Buffer overflow attacks compose greater than 25% of malware attacks. Without buffer overflow protection enabled, systems are more vulnerable to attacks that attempt to overwrite adjacent memory in the stack frame. Buffer overflow protection is only configurable on non-64-bit systems.

Solution

From the ePO server console System Tree, select the Systems tab, select the asset to be checked, select Actions, select Agent, and select Modify Policies on a Single System. From the product pull down list, select VirusScan Enterprise 8.8.0. Select from the Policy column the policy associated with the Buffer Overflow Protection Policies. Under the Buffer Overflow Protection tab, locate the 'Buffer Overflow settings:' label. Select the 'Enable buffer overflow protection' option. Select Save.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VirusScan88_Managed_Client_V6R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001242, Rule-ID|SV-216940r397870_rule, STIG-ID|DTAM130, STIG-Legacy|SV-55235, STIG-Legacy|V-14657, Vuln-ID|V-216940

Plugin: Windows

Control ID: 2f678fb576f6198cbdfa7a586c37f5ac5c94e44b4ef90064150f5f2491e96b55