Checklist Summary:

This McAfee Antivirus Technology Overview, along with the associated McAfee Antivirus STIG, provides the technical security policies, requirements, and implementation details for applying security concepts to Commercial-Off-The-Shelf (COTS) applications. Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations. Spyware malware's intention is to violate a user's privacy and has become a major concern to organizations. Although privacy violating malware has been in use for many years, it has become much more widespread recently, with spyware invading many systems to monitor personal activities and conduct financial fraud. Organizations also face similar threats from a few forms of non-malware threats that are often associated with malware. One of these forms that has become commonplace is phishing, which is using deceptive computer-based means to trick individuals into disclosing sensitive information. Another common form is virus hoaxes, which are false warnings of new malware threats. These requirements address several major forms of malware, including viruses, worms, Trojan horses, malicious mobile code, blended attacks, spyware tracking cookies, and attacker tools, such as backdoors and root kits. Even though this document addresses the security of COTS applications rather than an operating system, it is not possible to completely separate the security issues. Security is an attribute of the whole as well as of each of the parts. In accordance with this philosophy, the same policies and guidance that apply clearly to operating systems are also applicable to applications. 2. GENERAL ANTIVIRUS GUIDANCE 2.1 AntiVirus Information Next to properly configured operating system security controls, effective antivirus software is the most critical tool in securing desktop application systems. The value of updated software with current virus definition files cannot be underestimated. Malicious programs that result in a denial of service (DoS) or corruption of data can be thwarted with antivirus programs that look for signatures of known viruses and take preventative action. The use of products by DoD organizations, other than those available on the DoD Patches Repository website, is discouraged. DoD has special licensing agreements with both McAfee and Symantec. It must be noted that the guidelines in this section have been written to apply to clients whether on a server or workstation. Using these guidelines for mail servers does not provide appropriate or adequate protection for servers running complex applications (such as Microsoft Exchange or Lotus Notes). Additional antivirus measures need to be taken on mail servers. The following sub-sections provide general guidance that applies to all antivirus software. It is recommended that signatures files be updated daily. 2.2 General Guidance for Antivirus Software This section details general guidance for the configurations of antivirus products. Scans at boot time (or daily) are recommended when this would not cause a significant impact to operations. The following file types are particularly vulnerable as the host for a virus. These file types must be included in the antivirus scan: - Executable, service and driver files (i.e., files suffixed with .bat, .bin, .com, .dll, .exe, .sys, etc.) - Application data files that could contain a form of mobile code (i.e., files suffixed with .doc, .dot, .rtf, .xls, .xlt, .hta, scrap objects, .wsh, etc.) In the event that a virus is found, the user must be notified. This allows the user to take any additional action to reduce damage and halt propagation of the virus. The user should also exercise the appropriate computer security incident reporting requirements as defined by the site.

Checklist Role:

• Antivirus Software

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD administered systems and all systems connected to DoD networks. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1 and DoDI 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 5, Release 7 Overview - 03 August 2015
Version 5, Release 7 Managed Client - 03 August 2015
Version 5, release 6 Local Client - 03 August 2015
Changed status from "Under Review" to "Final" - 03 June 2015
Version 5, Release 3 - 25 July 2014
Version 5, Release 2 - 25 April 2014
Version 5, Release 1 - 9 January 2014
Version 5, Release 4 - 30 October 2014
Updated status to "Final" - 07 January 2015
Added Local Stig Version 5, Release 4 - 08 February 2015
Added Managed Client Stig Version 5, Release 5 - 08 February 2015
Version 5, Release 7 Overview - 03 August 2015
Version 5, Release 6 Local Client - 03 August 2015
Version 5, Release 7 Managed Client - 03 August 2015
Changed status from "under review" to "final" - 10 September 2015
Version 5, Release 7 Local Client - 28 October 2015
Version 5, Release 8 - 28 October 2015
Changed status from "Under Review" to "Final" - 04 December 2015
5/2/2016 - Version 5, Release 9
moved to FINAL - 6/7/2016
updated 8.8 managed client resouce to v5, r11 - 07/22/2016
Updated to FINAL - 09/12/2016
updated STIG to v5, r10 - 10/28/2016
updated - 12-02-2016
updated to FINAL - 1/3/2017
Updated to Version 5, Release 12 - 01/27/2017
Updated to FINAL - 03/08/2017
Updated to v5, r13 - 04/24/2017
Updated to FINAL - 05/22/2017
null
Updated URL to reflect change to the DISA website - http --> https
updated to v5,r14 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v5,r15 - 4/25/18
Corrected Title - 5/9/18
update to FINAL - 6/8/18
updated to v5,r16 - 7/24/18
Updated to FINAL - 8/24/18
updated to v5, r20 - 4/30/2019
Updated URLs - 6/6/19
Updated URLs - 6/25/19
updated URLs - 11/1/19
added SCC links per DISA guidance - 4/20/2021
Updated resources per DISA - 5/25/21
updated benchmark - 7/28/2021
updated SCC tool per DISA - 9/16/2021
sunset per DISA - 10/07/2021
updated URLs - 10/29/2021
updated URLs - 1/26/2022
SHA - 10/13/22
updated title
10/14/2022
null

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 10/27/2022