Details
When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring anti-virus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.
Solution
From the ePO server console System Tree, select ‘My Organization’. Select the ‘Systems’ tab. To show all systems in the System Tree, select ‘This Group and All Subgroups’ from the ‘Preset:’ drop-down list.
From the list of systems, locate the asset representing the Linux system being reviewed. Click on the system to open the System Information page.
Click on Actions >> Agent >> Modify Tasks on a Single System.
From the list of available tasks in the ‘Task Name’ column, with the assistance of the ePO SA, identify the weekly On Demand scan client task.
For the designated weekly On Demand scan client task, verify the ‘Task Type’ is listed as ‘On Demand Scan’.
Under the ‘Task Name’ column, click on the link for the designated task to review the task properties.
In the ‘Where’ tab, populate the ‘Specify where scanning will take place’ field with ‘/’.
Next to ‘Scan options’, select the check box for ‘Include sub-directories’.
Click ‘Save’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.
References
- 800-53|SI-3c.1.
- CAT|II
- CCI|CCI-001241
- Rule-ID|SV-77549r2_rule
- STIG-ID|DTAVSEL-113
- Vuln-ID|V-63059