Organization-specific Trellix Applications Control Options policies must be created and applied to all endpoints.

An XCCDF Rule

Description

<VulnDiscussion>To ensure Solidcore clients are only configured to STIG and organization-specific settings, organization-specific ePO policies must be applied to all organization workstation endpoints rather than resorting to the Trellix Applications Control (Default) policy.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213335r944844_rule
Severity: Medium
References: CCI-001774
Updated: 9 months ago

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".
Select the asset.
Select "Actions".
Select "Agent".Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

From the "Actions" column, select "Edit Assignment" for the "Application Control Options (Windows) Category".

Next to "Assigned policy:", click on drop-down selection box and choose an organization-specific Application Control Options policy for the asset being reviewed.

Click "Save".

If no organization-specific Application Control Options policy exist, click on "New Policy".

Choose "Trellix Default" for "Create a policy based on this existing policy".

Type a unique Policy Name.

Click "OK".

Configure the "Self-Approval", "End User Notifications", "Features", "Inventory", and "Reputation" tabs according to the organization's written policy and remaining STIG settings.

Organization-specific Trellix Applications Control Options policies must be created and applied to all endpoints.

Description

Remediation - Manual Procedure