Rule ID
SV-213340r961479_rule
Version
V3R2
CCIs
By default, the Windows operating system files are excluded from the inventory. By selecting this option, the overwhelming the inventory with legitimate Windows Files in the <system drive>\Windows folder which are signed by the Microsoft certificate and all files in the <system drive>\Windows\winsxs folder will not be included in the inventory.
This requirement is only applicable to Windows platforms. For MAC and Linux platforms, this is Not Applicable. From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset to be validated. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 8.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, review options selected. If the "Hide Windows OS Files: Inventory items signed with Microsoft certificates will not be sent to Trellix ePO." option is not selected, this is a finding.
From the ePO server console System Tree, select the "Systems" tab. Select "This Group and All Subgroups". Select the asset. Select "Actions". Select "Agent". Select "Modify Policies on a Single System". From the product pull-down list, select Solidcore 8.x: Application Control. From the "Policy" column, select the policy associated with the Category "Application Control Options (Windows)". On the "Inventory" tab, place a check in the "Inventory: Hide Windows OS Files: Inventory items signed with Microsoft certificates will not be sent to Trellix ePO." check box. Click "Save".