SIMATIC Process Control System PCS 7 V7.0 SP1 Security ... · Scan engine (scanner module) The scan engine is a component of the virus scanner software that can examine data for harmful

SIMATIC Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software __________________________________________

____________________________

Preface 1

Using virus scanners 2

Trend Micro Office Scan configuration V7.3 including Patch 2

3

Symantec AntiVirus V10.2 configuration

4McAfee VirusScan V8.5i configuration

5

SIMATIC

Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software Security Information Note

12/2007 A5E01057949-02

Safety Guidelines Safety Guidelines This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION with a safety alert symbol, indicates that minor personal injury can result if proper precautions are not taken.

CAUTION without a safety alert symbol, indicates that property damage can result if proper precautions are not taken.

NOTICE indicates that an unintended result or situation can occur if the corresponding information is not taken into account.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified Personnel The device/system may only be set up and used in conjunction with this documentation. Commissioning and operation of a device/system may only be performed by qualified personnel. Within the context of the safety notes in this documentation qualified persons are defined as persons who are authorized to commission, ground and label devices, systems and circuits in accordance with established safety practices and standards.

Prescribed Usage Note the following:

WARNING This device may only be used for the applications described in the catalog or the technical description and only in connection with devices or components from other manufacturers which have been approved or recommended by Siemens. Correct, reliable operation of the product requires proper transport, storage, positioning and assembly as well as careful operation and maintenance.

Trademarks All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AG Automation and Drives Postfach 48 48 90327 NÜRNBERG GERMANY

Ordernumber: A5E01057949-02 Ⓟ 12/2007

Copyright © Siemens AG 2007. Technical data subject to change

Security Information Note: Setting up antivirus software Security Information Note, 12/2007, A5E01057949-02 3

Table of contents 1 Preface ...................................................................................................................................................... 7 2 Using virus scanners ................................................................................................................................. 9

2.1 Introduction ....................................................................................................................................9 2.2 Definitions and information ............................................................................................................9 2.3 Principle structure of the virus scanner architecture....................................................................10 2.4 Using virus scanners....................................................................................................................11 2.5 Approved virus scanners for PCS 7.............................................................................................12

3 Trend Micro Office Scan configuration V7.3 including Patch 2 ................................................................ 13 3.1 Introduction ..................................................................................................................................13 3.2 Integrated firewall.........................................................................................................................13 3.3 Manual search..............................................................................................................................14 3.4 Real-time Scan.............................................................................................................................15 3.5 Scheduled Clean..........................................................................................................................17 3.6 Client Privileges and Settings ......................................................................................................18 3.7 Global Client Settings ..................................................................................................................20 3.8 Client Update ...............................................................................................................................21 3.9 Logs .............................................................................................................................................24

4 Symantec AntiVirus V10.2 configuration.................................................................................................. 25 4.1 Introduction ..................................................................................................................................25 4.2 Local Windows firewall setting on the virus scan client ...............................................................25 4.3 Options in the Symantec System Center (SSC) ..........................................................................26 4.4 Virus Definition Manager..............................................................................................................27 4.5 Quarantine Options......................................................................................................................29 4.6 Client Auto-Protect Options .........................................................................................................30 4.6.1 File System ..................................................................................................................................30 4.6.2 Internet E-mail..............................................................................................................................35 4.6.3 Lotus Notes ..................................................................................................................................36 4.6.4 Microsoft Exchange .....................................................................................................................37 4.7 Client Administrator Only Options................................................................................................38 4.8 Client Tamper Protection Options................................................................................................40

Table of contents

Security Information Note: Setting up antivirus software 4 Security Information Note, 12/2007, A5E01057949-02

5 McAfee VirusScan V8.5i configuration..................................................................................................... 41 5.1 Introduction ................................................................................................................................. 41 5.2 Configuration of the policies........................................................................................................ 41 5.3 Central settings ........................................................................................................................... 42 5.3.1 "Settings" tab............................................................................................................................... 42 5.3.2 Tasks in process mode ............................................................................................................... 43 5.3.3 Deploying virus definition files..................................................................................................... 43 5.3.4 Checking the deployment of the virus definition files.................................................................. 45 5.4 On-Access General Policies ....................................................................................................... 46 5.4.1 "General" tab............................................................................................................................... 46 5.4.2 "ScriptScan" tab .......................................................................................................................... 47 5.4.3 "Blocking" tab .............................................................................................................................. 48 5.4.4 "Messages" tab ........................................................................................................................... 49 5.5 On-Access Default Processes Policies....................................................................................... 50 5.5.1 "Detection" tab ............................................................................................................................ 50 5.5.2 "Advanced" tab............................................................................................................................ 51 5.5.3 "Actions" tab................................................................................................................................ 52 5.5.4 "Unwanted Programs" tab........................................................................................................... 53 5.6 On-Access Low-Risk Processes Policies ................................................................................... 54 5.7 On-Access High-Risk Processes Policies................................................................................... 54 5.8 On Delivery E-Mail Scan Policies Policies .................................................................................. 54 5.9 User Interface Policies ................................................................................................................ 55 5.9.1 "Display Options" tab .................................................................................................................. 55 5.9.2 "Password Options" tab .............................................................................................................. 56 5.10 Warning guidelines...................................................................................................................... 56 5.11 Access Protection Policies.......................................................................................................... 57 5.12 Buffer overflow protection policies .............................................................................................. 57 5.13 Unwanted Programs Policies...................................................................................................... 57 5.14 Quarantine Manager Policies...................................................................................................... 57

Table of contents


Figures

Figure 3-1 Dialog box "Manual Scan Settings" .............................................................................................14 Figure 3-2 "Real-time Scan Settings" dialog box: Figure 1 of 2 ....................................................................15 Figure 3-3 "Real-time Scan Settings" dialog box: Figure 2 of 2 ....................................................................16 Figure 3-4 Dialog box "Scheduled search settings" ......................................................................................17 Figure 3-5 "Client Privileges and Settings" dialog box: Figure 1 of 2............................................................18 Figure 3-6 "Client Privileges and Settings" dialog box: Figure 2 of 2............................................................19 Figure 3-7 Dialog box "General client settings".............................................................................................20 Figure 3-8 "Client Update" dialog box: "Update Source" area ......................................................................21 Figure 3-9 "Client Update" dialog box: "Automatic Deployment" area..........................................................22 Figure 3-10 "Client Update" dialog box: "Manual Deployment" area ..............................................................23 Figure 3-11 "Client Update Logs" dialog box ..................................................................................................24 Figure 4-1 Setting in the "SSC Console Option Properties" dialog box: "Client Display" dialog box............26 Figure 4-2 "Virus Definition Manager" dialog box .........................................................................................27 Figure 4-3 "Configure Primary Server Updates" dialog box..........................................................................28 Figure 4-4 "Quarantine Options" dialog box..................................................................................................29 Figure 4-5 "Client Auto-Protect Options" dialog box: "File System" tab........................................................30 Figure 4-6 "Auto-Protect Advanced Options" dialog box ..............................................................................31 Figure 4-7 "Check Floppies" dialog box ........................................................................................................32 Figure 4-8 "Actions" dialog box .....................................................................................................................33 Figure 4-9 "Notification Options" dialog box..................................................................................................34 Figure 4-10 "Client Auto-Protect Options" dialog box: "Internet E-mail" tab ...................................................35 Figure 4-11 "Client Auto-Protect Options" dialog box: "Lotus Notes" tab .......................................................36 Figure 4-12 "Client Auto-Protect Options" dialog box: "Microsoft Exchange" tab...........................................37 Figure 4-13 "Client Administrator Only Options" dialog box: "General" tab ....................................................38 Figure 4-14 "Client Administrator Only Options" dialog box: "Security" tab....................................................39 Figure 4-15 "Client Tamper Protection Options" dialog box............................................................................40 Figure 5-1 "ePolicy Orchestrator" dialog box, "Server Settings" tab .............................................................42 Figure 5-2 "ePolicy orchestrator planner" dialog box, "Task" tab..................................................................43 Figure 5-3 "ePolicy orchestrator planner" dialog box, "Plan" tab ..................................................................44 Figure 5-4 Checking the deployment of the virus definition files...................................................................45 Figure 5-5 "On-Access General Policies" dialog box: "General" tab.............................................................46 Figure 5-6 "On-Access General Policies" dialog box: "ScriptScan" tab ........................................................47 Figure 5-7 "On-Access General Policies" dialog box: "Blocking" tab............................................................48 Figure 5-8 "On-Access General Policies" dialog box: "Messages" tab .........................................................49 Figure 5-9 "On-Access Default Processes Policies" dialog box: "Detection" tab..........................................50

Table of contents


Figure 5-10 "On-Access Default Processes Policies" dialog box: "Advanced" tab ........................................ 51 Figure 5-11 "On-Access Default Processes Policies" dialog box: "Actions" tab ............................................ 52 Figure 5-12 "On-Access Default Processes Policies" dialog box: "Unwanted Programs" tab ....................... 53 Figure 5-13 "User Interface Policies" dialog box: "Display Options" tab ........................................................ 55 Figure 5-14 "User Interface Policies" dialog box: "Password Options" tab .................................................... 56 Figure 5-15 "Buffer Overflow Protection Policies" dialog box: "Buffer Overflow Protection" tab.................... 57


Preface 1Important information about this whitepaper

The virus scanners described in this whitepaper have been tested for compatibility with PCS 7 V7.0 SP1. The recommended settings for these virus scanners have been chosen to ensure the reliable real time operation of PCS 7 is not adversely affected by the virus scanner software. These recommendations describe how to discover and make effective as comprehensively as possible the currently known, best possible compromise between the target, virus and damage software, and ensure an as determinable as possible time response of the PCS 7 control system can be achieved in all operating phases. If you choose different settings for the virus scanner, this could have negative effects on the real-time behavior of PCS 7.

Purpose of this documentation This document describes ● the virus scanners that have been cleared for use with the PCS 7 V7.0 SP1, ● the recommended adaptations of the virus scanner software after installation.

Required knowledge This documentation is aimed at anyone who is involved in configuring, commissioning and operating automated systems based on SIMATIC PCS 7. Knowledge of administration and IT techniques for Microsoft Windows operating systems is assumed.

Validity of the documentation The documentation PCS 7 V7.0 SP1 Process Control System; Security Information Note: Setting up antivirus software is valid for the process control systems that are realized with PCS 7 V7.0 SP1.

See also Security concept (http://support.automation.siemens.com/WW/view/en/22229786)

http://support.automation.siemens.com/WW/view/en/22229786

http://support.automation.siemens.com/WW/view/en/22229786

Preface

SIMATIC Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software 8 Security Information Note, 12/2007, A5E01057949-02


Using virus scanners 22.1 Introduction

Using virus scanners in a process control system is only effective when they are part of a comprehensive security concept. A virus scanner alone cannot protect a process control system against hostile attacks. The security concept PCS 7 / WinCC is available on the Internet under: http://support.automation.siemens.com (http://support.automation.siemens.com) Virus scanners should comply with the requirements described in the security concepts of PCS 7 / WinCC.

2.2 Definitions and information

Basic principle The use of a virus scanner should never inhibit a plant in runtime.

Virus scanners A virus scanner is a software that detects, blocks or eliminates harmful program routines (computer viruses, worms, etc.).

Scan engine (scanner module) The scan engine is a component of the virus scanner software that can examine data for harmful software.

Virus signature file (virus pattern file or virus definition file) This file provides the virus signatures to the scan engine, which uses it to search through data for harmful software.

Virus scan client The virus scan client is a computer which is examined for viruses and managed by the virus server.

Virus scan server The virus scan server is a computer which centrally manages virus scan clients, loads virus signature files and deploys them on the virus scan clients.

http://support.automation.siemens.com/

http://support.automation.siemens.com/

Using virus scanners 2.3 Principle structure of the virus scanner architecture


2.3 Principle structure of the virus scanner architecture A virus scan server receives its virus signatures from the update server of the respective virus scan manufacturer in the Internet or from an upstream virus scan server and manages its virus scan clients. Remote access to the virus scan server is available via web console.

Virus scan server Web console

Virus scan client Virus scan client Virus scan client

Internet

Using virus scanners 2.4 Using virus scanners


2.4 Using virus scanners

Information for configuration of local virus scanners ● Integrated firewall of the virus scanner

The local Windows firewall is used as of PCS 7 V7.0 and configured with the SIMATIC Security Control (SSC) component. The firewalls integrated in the virus scanners are therefore not installed.

● Manual scan (manual scan, on demand scan) A manual scan should never be performed on virus scan clients during process mode (runtime). This should take place at regular intervals, e.g. during maintenance, on all computers of the system.

● Automatic scan (auto-protect, on-access scanning) With automatic scanning, it is sufficient to check the incoming data traffic.

● Scheduled scan (planned search, on demand scan) A scheduled scan should never be performed on virus scan clients during process mode (runtime).

● Displaying messages To ensure that process mode is not inhibited, no messages should be displayed on the virus scan clients.

● Drives To avoid overlapping scanning of network drives, only local drives are scanned.

● E-mail scan Scanning of e-mail can be disabled except on the engineering station which receives e-mails.

● Division into groups Organize your virus scan clients in groups.

● Deployment of the virus signature (pattern update) The deployment of the virus signatures to the virus scan clients is performed by the upstream virus scan server. Test the virus signatures in a test system before deploying them in process mode to ensure that work correctly. Distribute the virus signatures manually to the respective groups.

● Update the virus scan engine Do not conduct the virus scan engine update in runtime as these updates will probably require you to restart the virus scan client.

Note on installation The software installation must be carried out from a virus-free storage location (e.g. from a file server with its own virus scanner or from a certified DVD). During the software installation, automatic changes are often carried out in the operating system. An enabled virus scanner must not obstruct or falsify the software installation.

Using virus scanners 2.5 Approved virus scanners for PCS 7


2.5 Approved virus scanners for PCS 7

The following virus scanners are authorized for use with PCS version 7.0 SP 1: ● Trend Micro Office Scan Corporate Edition V7.3 including Patch 2 ● Symantec AntiVirusTM Corporate Edition V10.2 (Norton Antivirus) ● McAfee® VirusScan® Enterprise V8.5.


Trend Micro Office Scan configuration V7.3 including Patch 2 33.1 Introduction

For PCS 7 V7.0 SP1, only the corporate edition V7.3 of the virus scanner Trend Micro "OFFICE Scan" has been authorized for use. The settings shown in the following represent an excerpt of the settings that were used in the compatibility test with PCS 7 V7.0 SP1.

3.2 Integrated firewall The "Install Enterprise Client Firewall" option can be disabled at the time of installation.

Trend Micro Office Scan configuration V7.3 including Patch 2 3.3 Manual search


3.3 Manual search

Settings in the "Manual Scan Settings" dialog box "Scan Target" area ● "Scan mapped drives and shared folders on the network" check box: Disabled

Figure 3-1 Dialog box "Manual Scan Settings"

Trend Micro Office Scan configuration V7.3 including Patch 2 3.4 Real-time Scan


3.4 Real-time Scan

Settings in the "Real-time Scan Settings" dialog box "Scan Target" area ● Check box "Enable Real-time scan": Enabled ● "Scan incoming file" check box: Activated ● Option button "Use IntelliScan – Detect true file type": activated ● "Scan mapped drives and shared folders on the network" check box: Disabled

Figure 3-2 "Real-time Scan Settings" dialog box: Figure 1 of 2

Trend Micro Office Scan configuration V7.3 including Patch 2 3.4 Real-time Scan


"Scan Action" area ● "Display an alert message on the client when a virus is detected" check box: Disabled ● "Use the same action for all types" check box: activated;

Setting selected for the "All Types" type in the "Action1" column: Pass

Figure 3-3 "Real-time Scan Settings" dialog box: Figure 2 of 2

Trend Micro Office Scan configuration V7.3 including Patch 2 3.5 Scheduled Clean


3.5 Scheduled Clean The "Enabled scheduled clean" check box must be disabled during runtime for PC stations operating in process mode (runtime). ● Check box "Enable scheduled search": Disabled

Figure 3-4 Dialog box "Scheduled search settings"

Trend Micro Office Scan configuration V7.3 including Patch 2 3.6 Client Privileges and Settings


3.6 Client Privileges and Settings

Setting in the "Client Privileges and Settings" dialog box The following areas must be disabled: "Antivirus", "Mail Scan", "Toolbox", "Proxy Settings" and "Update Privileges" ● "Display mail scan tab" check box: Disabled ● "Display Toolbox tab" check box: Disabled ● "Allow the client user to configure proxy settings" check box: Disabled ● "Perform 'Update Now!'" check box: Disabled ● "Enable scheduled update" check box: Disabled

Figure 3-5 "Client Privileges and Settings" dialog box: Figure 1 of 2

Trend Micro Office Scan configuration V7.3 including Patch 2 3.6 Client Privileges and Settings


"Update settings" area ● Check box "Enable scheduled update": Disabled ● Check box "Forbid program update and hot fix deployment": Enabled

Figure 3-6 "Client Privileges and Settings" dialog box: Figure 2 of 2

Trend Micro Office Scan configuration V7.3 including Patch 2 3.7 Global Client Settings


3.7 Global Client Settings

Settings in the "Global Client Settings" dialog box The global settings relate to all virus scan clients registered on the virus scan server. "Alert Settings" area ● "Show the OfficeScan splash screen at startup" check box: Disabled ● Check box "Show the alert icon on the Windows taskbar, if …": Disabled

Figure 3-7 Dialog box "General client settings"

Trend Micro Office Scan configuration V7.3 including Patch 2 3.8 Client Update


3.8 Client Update

Information on updates Do not perform an update of the virus scan engine in process mode (runtime) because some updates require a reboot of the virus scan client.

Settings in the "Client Update" dialog box "Update Source" area ● Option button "Standard update source (update from Office Server)": Activated

Figure 3-8 "Client Update" dialog box: "Update Source" area



"Automatic Deployment" area ● "Deploy to clients immediately after OfficeScan server downloads a new component"

check box: Disabled ● "Deploy to clients for OfficeScan clients only and excluding rooming clients when they are

restarted)" check box: Disabled

Figure 3-9 "Client Update" dialog box: "Automatic Deployment" area



"Manual Deployment" area ● Option button "Manually select clients": Activated

Figure 3-10 "Client Update" dialog box: "Manual Deployment" area

Trend Micro Office Scan configuration V7.3 including Patch 2 3.9 Logs


3.9 Logs

Check the deployment of the virus signatures in the dialog box "Client update logs"

Figure 3-11 "Client Update Logs" dialog box


Symantec AntiVirus V10.2 configuration 44.1 Introduction

Only version 10.2 of the virus scanner Symantec Antivirus is authorized for use with the PCS 7 V7.0 SP1. The settings shown in the following represent an excerpt of the settings that were used in the compatibility test with PCS 7 V7.0 SP1.

4.2 Local Windows firewall setting on the virus scan client For the virus scan server to be able to read the logs of the virus scan clients, the "RTvscan.exe" application must be entered in the exception list of the virus scan client's firewall along with the corresponding scope.

Symantec AntiVirus V10.2 configuration 4.3 Options in the Symantec System Center (SSC)


4.3 Options in the Symantec System Center (SSC)

Setting in the "SSC Console Option Properties" dialog box ● "Show client computers when viewing client groups" check box: Enabled ● "Build client lists when the Server Group is unlocked" check box: Enabled

Figure 4-1 Setting in the "SSC Console Option Properties" dialog box: "Client Display" dialog box

Symantec AntiVirus V10.2 configuration 4.4 Virus Definition Manager


4.4 Virus Definition Manager

Settings in the "Virus Definition Manager" dialog box ● "Do not allow client to manually launch LiveUpdate" check box: Enabled

Figure 4-2 "Virus Definition Manager" dialog box Virus definition files (virus patterns) can only be updated by virus scan clients when the "Update virus definitions from the parent server" check box is enabled. This applies to both manual and automatic deployment of the virus definition files. For manual deployment of the virus definition files, enable this check box only when deployment should be performed. The virus definition files are automatically deployed once it is enabled. Check the deployment in the log.

Symantec AntiVirus V10.2 configuration 4.4 Virus Definition Manager


Setting in the "Configure Primary Server Updates" dialog box ● "Enable continuous LiveUpdate (Windows only)" check box: Enabled

Figure 4-3 "Configure Primary Server Updates" dialog box

Symantec AntiVirus V10.2 configuration 4.5 Quarantine Options


4.5 Quarantine Options

Settings in the "Quarantine Options" dialog box ● Check box "Enable Quarantine or Scan and Deliver": Disabled ● Option button "do nothing": activated

Figure 4-4 "Quarantine Options" dialog box

Symantec AntiVirus V10.2 configuration 4.6 Client Auto-Protect Options


4.6 Client Auto-Protect Options

4.6.1 File System

Settings for the AntiVirus client auto-protect options in the "File System" tab ● Check box "Enable Auto-Protect": Enabled "Options" area ● Check box "Block security risks": Disabled "Network Scanning Options" area ● Check box "Enable Scanning": Disabled

Figure 4-5 "Client Auto-Protect Options" dialog box: "File System" tab



Settings in the "Advanced Options" dialog box Call via the dialog box "Symantec Antivirus Client Auto-Protect options" in tab "File system", button "Extended" "Scan files when" area ● Option button "Modified (scan on create)": Activated ● Check box "For Leave Alone (Log only) delete infected files on creation": Disabled "Track risk" area ● Check box "Activate track risk": Disabled

Figure 4-6 "Auto-Protect Advanced Options" dialog box



Area "Additional advanced options" Setting via button "Floppies" ● Check box "Check floppies for boot viruses upon access": Enabled ● Check box "Do not check floppies upon system shutdown": Enabled

Figure 4-7 "Check Floppies" dialog box



Settings in the "Actions" dialog box Opening with the "Actions" button in the "File System" tab of the "Symantec Antivirus Client Auto-Protect Options" dialog box Selection in "First Action" drop-down list: Leave alone (log only) This selection also applies to "non-macro viruses" and "security risks"

Figure 4-8 "Actions" dialog box



Settings in the "Notification Options" dialog box Opening with the "Monitor" button in the "File System" tab of the "Symantec Antivirus Client Auto-Protect Options" dialog box "Detection Options" area ● "Display notification message on infected computer" check box: Disabled ● "Display Auto-Protect results dialog on infected computer" check box: Disabled "Remediation Options" area ● Check box "Automatically terminate processes": Disabled ● Check box "Automatically stop services": Disabled

Figure 4-9 "Notification Options" dialog box



4.6.2 Internet E-mail

Settings for the AntiVirus client auto-protect options in the "Internet E-mail" tab "Enable Internet E-Mail Auto-Protect" check box: Disabled

Figure 4-10 "Client Auto-Protect Options" dialog box: "Internet E-mail" tab



4.6.3 Lotus Notes

Settings in the "Client Auto-Protect Options" dialog box: "Lotus Notes" tab "Enable Lotus Notes Auto-Protect" check box: Disabled

Figure 4-11 "Client Auto-Protect Options" dialog box: "Lotus Notes" tab



4.6.4 Microsoft Exchange

Settings in the "Client Auto-Protect Options" dialog box: "Microsoft Exchange" tab "Enable Microsoft Exchange Auto-Protect" check box: Disabled

Figure 4-12 "Client Auto-Protect Options" dialog box: "Microsoft Exchange" tab

Symantec AntiVirus V10.2 configuration 4.7 Client Administrator Only Options


4.7 Client Administrator Only Options

Settings in the "Client Administrator Only Options" dialog box: "General" tab "Actions" area ● "Display message when definitions are outdated" check box: Disabled ● "Display message when Symantec Antivirus is running without virus definition" check box:

Disabled

Figure 4-13 "Client Administrator Only Options" dialog box: "General" tab

Symantec AntiVirus V10.2 configuration 4.7 Client Administrator Only Options


Settings in dialog box "Client administrator options": "Security" tab "user disable/uninstall" area ● Check box "Lock the ability of users to unload Symantec AntiVirus services": Enabled ● Check box "Ask for a password to allow uninstall of the Symantec Antivirus client

software" enabled

Figure 4-14 "Client Administrator Only Options" dialog box: "Security" tab

Symantec AntiVirus V10.2 configuration 4.8 Client Tamper Protection Options


4.8 Client Tamper Protection Options "Notifications" area: ● "Display message on affected computer" check box: Disabled

Figure 4-15 "Client Tamper Protection Options" dialog box


McAfee VirusScan V8.5i configuration 55.1 Introduction

Only version 8.5i of the virus scanner "McAfee VirusScan" is authorized for use with the PCS 7 V7.0 SP1. The settings shown in the following represent an excerpt of the settings that were used in the compatibility test with PCS 7 V7.0 SP1.

5.2 Configuration of the policies All settings listed for the "Workstation" must also always be made for the "Server".

McAfee VirusScan V8.5i configuration 5.3 Central settings


5.3 Central settings

5.3.1 "Settings" tab "Enable global updating" setting; "No" button: Activated

Figure 5-1 "ePolicy Orchestrator" dialog box, "Server Settings" tab



5.3.2 Tasks in process mode The following tasks were not affected in process mode:

Task type Software Parameters Purpose Agent reactivation ePolicy Orchestrator Agent Prompts agent in a

virus scan client to contact ePolicy Orchestrator server.

Updating ePolicy Orchestrator Agent DAT, Extra.DAT, SuperDAT

Updating virus signature files

5.3.3 Deploying virus definition files

Task and schedule settings

Figure 5-2 "ePolicy orchestrator planner" dialog box, "Task" tab



Ensure that "update" task type is selected for the update task. Only if the virus definition files are to be deployed should you activate the check box "Activate (planned task will be carried out at a specified time"). The virus scan client updates the virus definition files in accordance with the planning settings if it has transferred the amended guideline. ● In the drop-down list "Schedule task" select the "Run Immediately" setting.

Figure 5-3 "ePolicy orchestrator planner" dialog box, "Plan" tab



5.3.4 Checking the deployment of the virus definition files You will find the overview in the tree structure McAffee > Reporting > ePO Databases> <Database name> > Requests > Events > All Product Update Events.

Figure 5-4 Checking the deployment of the virus definition files

McAfee VirusScan V8.5i configuration 5.4 On-Access General Policies


5.4 On-Access General Policies

5.4.1 "General" tab "Floppy during shutdown" check box: Disabled

Figure 5-5 "On-Access General Policies" dialog box: "General" tab



5.4.2 "ScriptScan" tab ● Check box "Enable ScriptScan": Enabled

Figure 5-6 "On-Access General Policies" dialog box: "ScriptScan" tab

SIMATIC Batch Server / BATCH Single Station On a SIMATIC BATCH server / BATCH single server, the application "bfmappersrvx.exe" must be entered in the "Excluded processes" field.



5.4.3 "Blocking" tab ● Check box "Block the connection": Deactivated

Figure 5-7 "On-Access General Policies" dialog box: "Blocking" tab

BATCH server / BATCH single station On a BATCH server / BATCH single station, the application "bfmappersrvx.exe" must be entered in the "Excluded processes" field.



5.4.4 "Messages" tab ● Check box "Show the messages dialog when a detection occurs": Disabled ● Check box "Remove messages from the list": Disabled ● Check box "Clean files": Disabled ● Check box "Delete files": Disabled

Figure 5-8 "On-Access General Policies" dialog box: "Messages" tab

McAfee VirusScan V8.5i configuration 5.5 On-Access Default Processes Policies


5.5 On-Access Default Processes Policies

5.5.1 "Detection" tab ● Check box "When reading from disk": Disabled ● Check box "On network drives": Disabled

Figure 5-9 "On-Access Default Processes Policies" dialog box: "Detection" tab



5.5.2 "Advanced" tab "Scan inside archives (e.g. ZIP)" check box: Enabled

Figure 5-10 "On-Access Default Processes Policies" dialog box: "Advanced" tab



5.5.3 "Actions" tab

Important information The following behavior is required in the PCS 7 security concept if a computer virus is found: ● After finding the virus: Alert message ● Then no further file operations without the intervention of the user This should ensure that important project data is not destroyed. This behavior cannot be configured in the McAfee VirusScan 8.5i. ● In the drop-down menu "Primary action - When a threat is found:" select "Clean files

automatically". ● In the drop-down menu "Secondary action - When the first action fails:" select "Deny

access to files".

Figure 5-11 "On-Access Default Processes Policies" dialog box: "Actions" tab



5.5.4 "Unwanted Programs" tab ● In the drop-down menu "Primary action - When an unwanted program is found:" select

"Allow access to the file".

Note This should ensure that any software which has been incorrectly identified as an "unwanted program" is not restricted in its function.

Figure 5-12 "On-Access Default Processes Policies" dialog box: "Unwanted Programs" tab

McAfee VirusScan V8.5i configuration 5.6 On-Access Low-Risk Processes Policies


5.6 On-Access Low-Risk Processes Policies Policy name: McAfee Default These policies retain the McAfee default settings.

5.7 On-Access High-Risk Processes Policies Policy name: McAfee Default These policies retain the McAfee default settings.

5.8 On Delivery E-Mail Scan Policies Policies Policy name: McAfee Default These policies retain the McAfee default settings.

McAfee VirusScan V8.5i configuration 5.9 User Interface Policies


5.9 User Interface Policies

5.9.1 "Display Options" tab ● "Showthe system tray with minimal menu options" radio button: Activated ● "Enable splash screen" check box: Disabled

Figure 5-13 "User Interface Policies" dialog box: "Display Options" tab

McAfee VirusScan V8.5i configuration 5.10 Warning guidelines


5.9.2 "Password Options" tab ● Option button "Password protection for all items listed:" activated

Figure 5-14 "User Interface Policies" dialog box: "Password Options" tab

5.10 Warning guidelines Policy name: McAfee Default These policies retain the McAfee default settings.

McAfee VirusScan V8.5i configuration 5.11 Access Protection Policies


5.11 Access Protection Policies Policy name: McAfee Default These policies retain the McAfee default settings.

5.12 Buffer overflow protection policies "Enable buffer overflow protection" check box: Disabled

Figure 5-15 "Buffer Overflow Protection Policies" dialog box: "Buffer Overflow Protection" tab

5.13 Unwanted Programs Policies Policy name: McAfee Default These policies retain the McAfee default settings.

5.14 Quarantine Manager Policies Policy name: McAfee Default These policies retain the McAfee default settings.

McAfee VirusScan V8.5i configuration 5.14 Quarantine Manager Policies


SIMATIC Process Control System PCS 7 V7.0 SP1 Security ... · Scan engine (scanner module) The scan engine is a component of the virus scanner software that can examine data for harmful

Documents