U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

McAfee Antivirus 8.8 STIG Version 6, Release 1 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Mcafee Virusscan Enterprise 8.8.0 cpe:/a:mcafee:virusscan_enterprise:8.8.0 (View CVEs)

Checklist Highlights

Checklist Name:
McAfee Antivirus 8.8 STIG
Checklist ID:
Version 6, Release 1
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

This McAfee Antivirus Technology Overview, along with the associated McAfee Antivirus STIG, provides the technical security policies, requirements, and implementation details for applying security concepts to Commercial-Off-The-Shelf (COTS) applications. Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations. Spyware malware's intention is to violate a user's privacy and has become a major concern to organizations. Although privacy violating malware has been in use for many years, it has become much more widespread recently, with spyware invading many systems to monitor personal activities and conduct financial fraud. Organizations also face similar threats from a few forms of non-malware threats that are often associated with malware. One of these forms that has become commonplace is phishing, which is using deceptive computer-based means to trick individuals into disclosing sensitive information. Another common form is virus hoaxes, which are false warnings of new malware threats. These requirements address several major forms of malware, including viruses, worms, Trojan horses, malicious mobile code, blended attacks, spyware tracking cookies, and attacker tools, such as backdoors and root kits. Even though this document addresses the security of COTS applications rather than an operating system, it is not possible to completely separate the security issues. Security is an attribute of the whole as well as of each of the parts. In accordance with this philosophy, the same policies and guidance that apply clearly to operating systems are also applicable to applications. 2. GENERAL ANTIVIRUS GUIDANCE 2.1 AntiVirus Information Next to properly configured operating system security controls, effective antivirus software is the most critical tool in securing desktop application systems. The value of updated software with current virus definition files cannot be underestimated. Malicious programs that result in a denial of service (DoS) or corruption of data can be thwarted with antivirus programs that look for signatures of known viruses and take preventative action. The use of products by DoD organizations, other than those available on the DoD Patches Repository website, is discouraged. DoD has special licensing agreements with both McAfee and Symantec. It must be noted that the guidelines in this section have been written to apply to clients whether on a server or workstation. Using these guidelines for mail servers does not provide appropriate or adequate protection for servers running complex applications (such as Microsoft Exchange or Lotus Notes). Additional antivirus measures need to be taken on mail servers. The following sub-sections provide general guidance that applies to all antivirus software. It is recommended that signatures files be updated daily. 2.2 General Guidance for Antivirus Software This section details general guidance for the configurations of antivirus products. Scans at boot time (or daily) are recommended when this would not cause a significant impact to operations. The following file types are particularly vulnerable as the host for a virus. These file types must be included in the antivirus scan: - Executable, service and driver files (i.e., files suffixed with .bat, .bin, .com, .dll, .exe, .sys, etc.) - Application data files that could contain a form of mobile code (i.e., files suffixed with .doc, .dot, .rtf, .xls, .xlt, .hta, scrap objects, .wsh, etc.) In the event that a virus is found, the user must be notified. This allows the user to take any additional action to reduce damage and halt propagation of the virus. The user should also exercise the appropriate computer security incident reporting requirements as defined by the site.

Checklist Role:

  • Antivirus Software

Known Issues:

Not provided.

Target Audience:

This document is a requirement for all DoD administered systems and all systems connected to DoD networks. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD system design, development, implementation, certification, and accreditation efforts.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1 and DoDI 8500.2


Comments or proposed revisions to this document should be sent via email to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.


Not provided.

Product Support:

Not provided.

Point of Contact:



Not provided.


Not provided.

Change History:

Version 5, Release 1 - 9 January 2014


URL Description


Reference URL Description

NIST checklist record last modified on 03/28/2014