DTAM131 - McAfee VirusScan Buffer Overflow Protection Buffer Overflow Settings must be configured for Protection mode.

Information

Buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This anomaly has been used maliciously, explicitly to craft exploits. Buffer overflow attacks compose greater than 25% of malware attacks. Without buffer overflow protection enabled, systems are more vulnerable to attacks that attempt to overwrite adjacent memory in the stack frame. Protection mode will ensure buffer overflow is detected and blocked. Otherwise, only a warning message will be logged. Buffer overflow protection is only configurable on non-64-bit systems.

Solution

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
In the console window, under Task, click Task->Buffer Overflow Protection, right-click, and select Properties.

Under the Buffer Overflow Protection tab, locate the 'Buffer Overflow settings:' label. Select the 'Protection mode' option.

Click OK to Save.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VirusScan88_Local_Client_V6R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001242, Rule-ID|SV-243405r722554_rule, STIG-ID|DTAM131, STIG-Legacy|SV-56434, STIG-Legacy|V-14657, Vuln-ID|V-243405

Plugin: Windows

Control ID: 942a04efa5da37f87ae69328d8fe4226c4b0d7620d33e3d747c4bd944b6f9d22