5 – Use and Regularly Update Antivirus Software or Programs
In the Reports Portal, select > > > Reports or Dashboards > .
PCI Requirement 5 focuses on preventing malware, such as worms, viruses, and trojans, from infecting the cardholder data environment (CDE). This type of malware can enter the network through common business activities and processes: employee email, Internet usage, cell phones, or storage devices. Malware can then damage systems by exploiting system security vulnerabilities or trying to steal confidential information. Your enterprise should install and maintain antivirus software on all devices frequently affected by malware to protect networks from existing and emerging threats.
To assess your enterprise's compliance with this requirement, use the following dashboards and reports:
| Dashboards | Reports |
|---|---|
|
Failed Antivirus and EDR Updates |
Provides charts for an overview of antivirus activities in the CDE. You can view the trends of antivirus cleaning/quarantining attempts and failures over time, a trend of failed cleaning and the number of times antivirus has failed to update and the associated agent, and the number of events by device vendor.
Reports events associated with disabling antivirus and EDR programs by target host. The table provides results by the target host, the antivirus or EDR program affected, the user that disabled the program, the number of events, and when the event occurred.
Failed Antivirus and EDR Updates
Reports events where antivirus and EDR programs failed to update by target host. The table provides results by the target host, the antivirus or EDR program affected, the name and userID that disabled the program, the number of events, and when the event occurred.
Reports events where antivirus and EDR programs are installed by type of program. The table provides results by the type of antivirus or EDR product, the location of the program, and the number of events.
Malicious Code Activities from CDE
Reports malicious code activity sent from the CDE. The table provides results by the source and target addresses, the type of event, the product, and the number of events.
Provides an overview of all malware activity in the CDE. You can view the trends of malware activities over time, top signature IDs, top affected systems, and the top reporting products.
Reports the malware detected in the CDE. The table provides results by the type of malware, the target asset, the number of events, and the when the event occurred.
Reports the malware activity by target host. The table provides results by the type of malware, the target asset, the number of events, and the when the event occurred.
Reports target hosts where spyware or adware has been detected. The table provides results by the affected asset, the type of spyware or adware, the event class, the number of events, and when the event occurred.