5.2.2 The deployed anti-malware solution(s):

Original requirement from PCI DSS v4.0.1

Defined Approach Requirements

Detects all known types of malware.
Removes, blocks, or contains all known types of malware.

Customized Approach Objective

Malware cannot execute or infect other system components.

Defined Approach Testing Procedures

5.2.2 Examine vendor documentation and configurations of the anti-malware solution(s) to verify that the solution:

Detects all known types of malware.
Removes, blocks, or contains all known types of malware.

Purpose

It is important to protect against all types and forms of malware to prevent unauthorized access.

Good Practice

Anti-malware solutions may include a combination of network-based controls, host-based controls, and endpoint security solutions. In addition to signature-based tools, capabilities used by modern anti-malware solutions include sandboxing, privilege escalation controls, and machine learning.

Solution techniques include preventing malware from getting into the network and removing or containing malware that does get into the network.

Examples

Types of malware include, but are not limited to, viruses, Trojans, worms, spyware, ransomware, keyloggers, rootkits, malicious code, scripts, and links.

purpose

Ensure anti-malware mechanisms are kept current, perform periodic scans, and generate audit logs.

compliance strategies

Automated updates
Scheduled scans
Log monitoring

typical policies

Anti-Malware Maintenance Policy

common pitfalls

Outdated signatures
Missed scans
No log review

type

Technical Control

difficulty

Moderate

key risks

Outdated protection, undetected malware

recommendations

Enable auto-update and centralized log review

Eligible SAQ

SAQ-A-EP
SAQ-C
SAQ-C-VT
SAQ-D MERCHANT
SAQ-D SERVICE PROVIDER