The Trellix Application Control Options policies Enforce feature control memory protection must be enabled.

An XCCDF Rule

Description

<VulnDiscussion>By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints, and prevents MSI-installers from running on endpoints. The Feature Control allows for those safeguards to be bypassed and in doing so renders the Trellix Application Control less effective. Because ENS and HIPs have many more types of memory protection techniques than Trellix Application Control, memory protection must be explicitly disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213338r961479_rule
Severity: Medium
References: CCI-001774
Updated: 17 days ago

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".
Select the asset.
Select "Actions".
Select "Agent".Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)".

On the "Features" tab, place a check in the "Enforce feature control" check box.

Remove the check in the "Memory protection" check box.

Select or de-select remaining features, based upon written policy.

Click "Save".

The Trellix Application Control Options policies Enforce feature control memory protection must be enabled.

Description

Remediation - Manual Procedure