Up
Previous Next

Sheriff CSM™

PCI DSS 3.2 Requirement 5: Protect All Systems Against Malware and Regularly Update Anti-Virus Software or Programs

Testing Procedure How Sheriff CSM Delivers Sheriff CSM Instructions Sheriff CSM Documentation
5.1 For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. Sheriff CSM detects the presence of running processes such as anti-virus software. Enable the plugin for your anti-virus software, and enable forwarding of the syslog events from the anti-virus manager. Enable Plugins
Run the anti-virus Raw Logs report to verify the anti-virus software is running. How to Run Reports
5.2.b Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are
• Configured to perform automatic updates, and
• Configured to perform periodic scans.
The Vulnerability Scan in Sheriff CSM can test configurations to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
  • Family: Windows
Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.
Performing Vulnerability Scans
Export successful scan results and identify findings to determine if system is configured correctly. Viewing the Scan Results
View the anti-virus logs in SIEM Events. Security Events Views
5.2.c Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that
• The anti-virus software and definitions are current.
• Periodic scans are performed.
The Vulnerability Scan in Sheriff CSM can test configuration to make sure that antivirus settings are enabled to perform automatic updates and periodic scans. Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
  • Family: Windows
Creating a Custom Scan Profile
Run a Vulnerability Scan using the custom scan profile that was created. Creating Vulnerability Scan Jobs
Export successful scan results and identify findings to determine if system is configured correctly. Viewing the Scan Results
View the anti-virus logs in SIEM Events. Security Events Views
5.2.d Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that
• Anti-virus software log generation is enabled, and
• Logs are retained in accordance with PCI DSS Requirement 10.7.
Sheriff CSM detects the presence of running processes such as anti-virus software.

Sheriff CSM also collects and retains logs sent using Sheriff HIDS, in accordance with requirement 5.2.d
Run the anti-virus “Raw Logs” report to verify the anti-virus software is running and generating logs. How to Run Reports
View the anti-virus logs in SIEM Events. Security Events Views
5.3.a Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify the anti-virus software is actively running. Sheriff CSM detects the presence of running processes such as anti-virus software. Run the existing “Antivirus Disabled” PCI report to verify anti-virus software is actively running. How to Run Reports
5.3.b Examine anti-virus configurations, including the master installation of the software and a sample of system components, to verify that the anti-virus software cannot be disabled or altered by users. Sheriff CSM detects the presence of running processes such as anti-virus software. Run the existing “Antivirus Disabled” PCI report to verify anti-virus software has not been disabled by users. How to Run Reports
Topic revision: r10 - 29 Apr 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.