Free DISA STIG and SRG Library | Vaulted

V-6467

McAfee VirusScan On-Access Scanner General Settings must be configured to scan boot sectors.

Finding ID
DTAM002
Rule ID
SV-56367r1_rule
Severity
Cat II
CCE
(None)
Group Title
DTAM002-McAfee VirusScan on access scan boot sectors
CCI
CCI-001242
Target Key
(None)
Documentable
No
Discussion

Boot sector viruses will install into the boot sector of a system, ensuring that they will execute when the user boots the system. This risk is mitigated by scanning boot sectors at each startup of the system.

Fix Text

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties. Select the General Settings. Under the General tab, locate the "Scan:" label. Select the "Boot Sectors" option. Click OK to Save.

Check Content

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console. On the menu bar, click Task->On-Access Scanner Properties Select the General Settings. Under the General tab, locate the "Scan:" label. Ensure the "Boot Sectors" option is selected. Criteria: If the "Boot Sectors" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) \SystemCore\VSCore\On Access Scanner\McShield\Configuration Criteria: If the value of bDontScanBootSectors is 0, this is not a finding. If the value is 1, this is a finding.

Responsibility

System Administrator