Antivirus/Antimalware

From attackics
Revision as of 14:17, 10 April 2021 by Oalexander (talk | contribs) (Oalexander moved page Antivirus/Antimalware to Antivirus/Antimalware)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Antivirus/Antimalware
Mitigation
ID M0949
NIST SP 800-53 Rev. 4 SI-3
IEC 62443-3-3:2013 SR 3.2
IEC 62443-4-2:2019 CR 3.2

Description

Use signatures or heuristics to detect malicious software.

Within industrial control environments, antivirus/antimalware installations should be limited to assets that are not involved in critical or real-time operations. To minimize the impact to system availability, all products should first be validated within a representative test environment before deployment to production systems.1


Techniques Addressed by Mitigation

NameUse
Spearphishing AttachmentDeploy anti-virus on all systems that support external email.
Transient Cyber AssetInstall anti-virus software on all workstation and transient assets that may have external access, such as to web, email, or remote file shares.
User ExecutionEnsure anti-virus solution can detect malicious files that allow user execution (e.g., Microsoft Office Macros, program installers).