DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.
When scanning for malware, excluding specific files will increase the risk of a malware-infected file going undetected. By configuring anti-virus software without any exclusions, the scanner has a higher success rate at detecting and eradicating malware. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, under 'Configure', select 'On-Access Settings'. Click 'Edit'. Under 'Paths Excluded From Scanning', remove all entries other than the default '/var/log'. Click 'Apply'.