The Trellix Application Control Options Inventory option must be configured to hide OS Files.

An XCCDF Rule

Description

<VulnDiscussion>By default, the Windows operating system files are excluded from the inventory. By selecting this option, the overwhelming the inventory with legitimate Windows Files in the <system drive>\Windows folder which are signed by the Microsoft certificate and all files in the <system drive>\Windows\winsxs folder will not be included in the inventory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213340r961479_rule
Severity: Medium
References: CCI-001774
Updated: 17 days ago

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".
Select the asset.
Select "Actions".
Select "Agent".Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control. 

From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)".

On the "Inventory" tab, place a check in the "Inventory: Hide Windows OS Files: Inventory items signed with Microsoft certificates will not be sent to Trellix ePO." check box.

Click "Save".

The Trellix Application Control Options Inventory option must be configured to hide OS Files.

Description

Remediation - Manual Procedure