The configuration of features under Trellix Application Control Options policies Enforce feature control must be documented in the organizations written policy.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-213323	SRG-APP-000386	MCAC-PO-000108	SV-213323r961479_rule	2024-08-27	3

Description
By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints, and prevents MSI-installers from running on endpoints. The Feature Control allows for those safeguards to be bypassed and in doing so renders the Trellix Application Control less effective.

ℹ️ Check
Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting. Review the written policy for how the Solidcore client interface is used by the organization. Verify the written policy identifies whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy. If the written policy does not identify whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy, this is a finding.

ℹ️ Check

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting. Review the written policy for how the Solidcore client interface is used by the organization. Verify the written policy identifies whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy. If the written policy does not identify whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy, this is a finding.

✔️ Fix
Follow the formal change and acceptance process to document any features needing to be enabled.