Skip to content
Catalogs
XCCDF
Trellix Application Control 8.x Security Technical Implementation Guide
SRG-APP-000386
Enabled features under Trellix Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM.
Enabled features under Trellix Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM. An XCCDF Rule
Enabled features under Trellix Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM.
Medium Severity
<VulnDiscussion>By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints, and prevents MSI-installers from running on endpoints. The "Feature Control" allows for those safeguards to be bypassed and in doing so renders the Trellix Application Control less effective.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>