Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

Similar documents
SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection V14. Security information 1. Preface 2.

SIMATIC. Process Control System PCS 7 Configuration McAfee Endpoint Security Security information 1. Preface 2.

SIMATIC. Process Control System PCS 7 Trend Micro OfficeScan (V8.0; V8.0 SP1) Configuration. Using virus scanners 1.

SIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual

Readme SiVArc V14 SP1 Update 6

Team engineering via Inter Project. Engineering. TIA Portal. Team engineering via Inter Project Engineering. Basics of "Inter Project Engineering"

SIMATIC. Industrial PC Microsoft Windows 7 (USB stick) Safety instructions 1. Initial startup: Commissioning the operating system

SIMATIC. SIMATIC Energy Manager V1.0 App for ios and Android. Preface. SIMATIC Energy Manager app. Establish connection to SIMATIC Energy Manager PRO

SIMATIC. Process Control System PCS 7 Advanced Process Functions Operator Manual. Preface. Security information 1. Overview 2. Material management 3

SIMATIC. Process Control System PCS 7 VT Readme V8.2 (online) Security information 1. Overview 2. Notes on Installation 3. Notes on usage 4.

Class documentation. COMOSKDictionary COMOS. Platform Class documentation COMOSKDictionary. Trademarks. General. KDictionary. Programming Manual

SIMATIC. PCS 7 Process Control System SIMATIC Logon Readme V1.6 (Online) Security information 1. Overview 2. Notes on installation 3.

Siemens Drives & PLCs

SIMATIC. PCS 7 Licenses and configuration limits (V9.0) Security information 1. Preface 2. Selecting the correct license keys 3

SIMATIC. Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software. Preface. Using virus scanners 2

SIMATIC. Industrial PC Microsoft Windows 7. Safety instructions 1. Initial startup: Commissioning the operating. system

SIMATIC. Process control system PCS 7 Operator Station (V9.0 SP1) Security information 1. Preface 2

COMOS. Platform Class documentation RevisionMaster_dll. Class: RevisionInfo 1. Class: RevisionMaster 2. Programming Manual

SIMATIC. Process Control System PCS 7 CFC Readme V9.0 (online) Security information 1. Overview 2. Notes on Installation 3. Notes on usage 4.

Creating the program. TIA Portal. SIMATIC Creating the program. Loading the block library 1. Deleting program block Main [OB1]

SIMATIC. Industrial PC Microsoft Windows Embedded Standard 7. Safety instructions 1. Initial startup: Commissioning the operating.

Optional package printer driver V1.4

MindSphere. Visual Explorer. Introduction. User roles for "Visual Explorer" Connecting "Visual Explorer" to MindSphere data. Creating Visualizations

SIMATIC. Process Control System PCS 7 PCS 7 system documentation - Readme V8.0 SP2 (Update 1) Options for Accessing Documentation 1

SIMOCODE pro. Read me SIMOCODE ES. Introduction 1. Installation notes 2. Installation/License key/ Uninstallation 3.

SIMATIC. SIMATIC Logon V1.6. Security information 1. Conditions for secure operation of SIMATIC Logon 2. User management and electronic signatures 3

SIMATIC NET. Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Client. Preface. Requirements for operation 1

Class: DocumentManager 1 COMOS. Platform Class documentation DocumentManager_dll. Programming Manual 03/2017 V10.2.

Industrial Controls. Motor management and control devices SIMOCODE pro - Application examples. Introduction 1. Application example

SIMATIC. S7/HMI SIMATIC Automation Tool V3.1 SP1 product information. SIMATIC Automation Tool features 1. Known problems. Product Information

Industrial Controls. SIMOCODE pro SIMOCODE pro PCS 7 Library. Preface. Security information. Product specific security. information.

SIMATIC NET. Industrial Ethernet / PROFINET Primary Setup Tool (PST) Preface. Functions 1. Software installation 2. Operation. Configuration Manual

Performance data abgn SCALANCE W770/W730 SIMATIC NET. Industrial Wireless LAN Performance data abgn SCALANCE W770/W730.

SIMATIC. Process Control System PCS 7 SIMATIC Management Console (V9.0) Security information 1. Preface 2. Basics 3

Performance data abgn PCIe Minicard MPCIE-R1-ABGN-U3 SIMATIC NET

SIMATIC. PCS 7 Process Control System Support and Remote Dialup. Security information 1. Preface 2. Support and Remote Dialup 3.

PD PA AP How To Configure Maxum II TimeServer Access

SINEMA Remote Connect - Client SIMATIC NET. Industrial Remote Communication SINEMA Remote Connect - Client. Preface. Requirements for operation

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

SIMATIC. Process Control System PCS 7 SIMATIC Management Console (V9.0 Update 1) Security information 1. Preface 2. Basics 3

party software COMOS Platform Third-party software Trademarks 1 Requirements for the system environment Third-party software releases Operating Manual

Validity 1. Improvements in STEP 7 2. Improvements in WinCC 3 SIMATIC. Readme. Readme

SIMATIC. SIMATIC Logon V User management and electronic signatures 1. Hardware and Software Requirements 2. Scope of delivery 3.

Use with 0 to 70 C ambient. temperature SIMATIC. Process Control System PCS 7 Use with 0 to 70 C ambient temperature. Preface 1. Product combination 2

SIMATIC IPC Wizard for. Widescreen devices with multitouch SIMATIC. Industrial PC SIMATIC IPC Wizard for. Preface.

SIMATIC. Process Control System PCS 7 Compendium Part D - Operation and Maintenance (V8.2) Security information 1. Preface 2

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

Class: POptions 1 COMOS. Platform Class documentation POptions_dll. Programming Manual 04/2014 A5E AA

Getting Started - Startdrive. Startdrive SINAMICS. Introduction 1. Connecting the drive unit to the PC. Creating a project 3

SIMATIC. Process control system PCS 7 PCS 7 - PC Configuration (V9.0 SP1) Security information 1. Preface 2. PC components of a PCS 7 system 3

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

S7-300 Getting Started - Commissioning a CPU 31xC: Closed-loop control

SINETPLAN Siemens Network Planner

Siemens Spares. Setting up security in STEP 7. Professional SIMATIC NET. Industrial Ethernet Security Setting up security in STEP 7 Professional

RF-MANAGER simulator SIMATIC. RFID-Systems RF-MANAGER simulator. Simulating projects. Compact Operating Instructions 06/2010 A5E

SIMATIC. ET 200SP Open Controller Product information on CPU 1515SP PC. Preface. Product Information. Technical update. Technical specifications 3

SIMATIC. PCS 7 Process Control System CFC Readme V9.0 SP2 Upd2 (Online) Security information 1. Overview 2. Notes on Installation 3.

Key Panels Library SIMATIC HMI. Key Panels Library. Preface 1. Installation of Key Panels Library. Working with the Key Panels Library

SIMATIC. PCS 7 process control system PCS 7 Basis Library Readme V9.0 (Online) Security information 1. Overview 2. Notes on installation 3

SIMATIC. TIA-Portal SIMATIC Visualization Architect. Security information 1. Basics 2. Installation 3. Elements and basic settings 4

Industrial Controls. Motor management and control devices SIMOCODE pro. Introduction 1. Configuring a reversing starter. List of abbreviations

SIMATIC Ident RFID systems MDS D423 Compact Operating Instructions

SIMATIC. STEP 7 PLUS TIA Portal Teamcenter Gateway. Introduction to TIA Portal Teamcenter Gateway 1. System requirements 2

SIMATIC/SINAMICS. Getting started with SINAMICS V90 PN on S Motion Control. Fundamental safety instructions 1. Introduction

SIMATIC. Process Control System PCS 7 SFC Visualization (V9.0 SP2) Security information 1. What's new in SFV? 2. SFC Visualization (SFV) 3

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 2 2. Improvements in Update 1 3

Plant Automation Accelerator 2.1 Readme (Online)

SIMATIC. Process Control System PCS 7 OS Process Control (V8.1) Security information 1. Preface 2. Additional documentation 3

B.Data V6.0 Installation SIMATIC. B.Data V6.0 Installation. Introduction. Installing B.Data. Setting up B.Data Web 3

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 7 2. Improvements in Update 6 3. Improvements in Update 5 4

SIMOTION. Motion Control Task Trace. Preface 1. Overview 2. Configuring 3. Working with the SIMOTION Task Profiler 4.

Operator Station (V8.0) SIMATIC. Process Control System PCS 7 Operator Station (V8.0) Preface 1. The PCS 7 Operator Station

BaseUnits (6ES7193-6BP.../3RK1908-0AP00 ) SIMATIC. ET 200SP BaseUnits. Preface. Guide to the documentation 1. Product overview 2

MindSphere. MindConnect IoT Extension Getting Started. Introduction to MindSphere. Prerequisites 2. Preparations 3. MindConnect IoT Extension

SIMATIC. Process Control System PCS 7 Software update with utilization of new functions. Security information 1. Preface 2.

Line reactors SINAMICS. SINAMICS G120P Line reactors. Safety information 1. General. Mechanical installation 3. Electrical installation 4

ST (6ES7132-6FD00-0BB1)

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

SIMATIC. Process Control System PCS 7 Licenses and quantity structures (V8.0) Preface 1. Selecting the correct license keys 2

Deckblatt. APL Operator Guide SIMATIC PCS 7. Application description June Applikationen & Tools. Answers for industry.

IO-Link Master (6ES7147-4JD00-0AB0) SIMATIC. ET 200pro IO-Link Master (6ES7147-4JD00-0AB0) Preface. Documentation guide. Product overview.

SIMATIC. Process Control System PCS 7 PCS 7 Documentation (V8.1) Options for Accessing Documentation 1. Documentation for the Planning Phase 2

SIMATIC HMI. WinCC WinCC Runtime Advanced readme. Security information 1. Installation 2. Runtime 3. System Manual. Online help printout

DI 8x24VDC ST digital input module SIMATIC. ET 200SP DI 8x24VDC ST digital input module (6ES7131-6BF00-0BA0) Preface. Documentation guide

Power module PM-E DC24V HF SIMATIC. ET 200S distributed I/O Power module PM-E DC24V HF (6ES7138-4CA60-0AB0) Preface. Properties.

Cycle and response times SIMATIC. S Cycle and response times. Preface. Documentation guide. Program processing 2. Cyclic program processing 3

SIMATIC. Process Control System PCS 7 OS Process Control (V8.1) Preface 1. Additional documentation 2. Functions of the PCS 7 OS in process mode 3

SIMATIC. S7-1500, ET 200SP, ET 200pro Structure and Use of the CPU Memory. Preface. Documentation guide. Memory areas and retentive memory

ET 200S distributed I/O system 4DO DC24V/2A ST digital electronic module (6ES7132-4BD32-0AA0)

Siemens Spares COMOS. Operations Inspection. Introduction 1. Working with the "Inspection" plugin 2. Working with the "Inspection diagram" plugin 3

Software Kit. Automatic Door Controls. SIDOOR Software Kit. Introduction 1. General safety instructions. Installation. Uninstalling the software 4

Trend Micro OfficeScan XG

Plant Automation Accelerator 2.0

SIMATIC. Process control system SIMATIC BATCH Readme V9.0 SP1 Update2 (Online) Security information 1. Overview 2

MindSphere. Fleet Manager. Introduction to "Fleet Manager" 1. User interface for "Fleet Manager" 2. User rights in "Fleet Manager" 3.

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 6 2. Improvements in Update 3 3. Improvements in Update 2 4

MindSphere. Fleet Manager. Introduction to "Fleet Manager" 1. User interface for "Fleet Manager" 2. User rights in "Fleet Manager" 3

COMOS. Operations Inspection. Introduction 1. Working with the "Inspection" plugin 2. Working with the "Inspection diagram" plugin 3

COMOS. Lifecycle COMOS Walkinside Getting Started. Security information 1. Which functionalities are not covered in this manual? 2

SIMATIC NET. Industrial Remote Communication TeleService TS Gateway. Preface. Application and properties. Installation, commissioning and operation 2

Transcription:

Security information 1 Preface 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG Commissioning Manual Siemens Industrial 03/2018 A5E44395601-AA

Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger. DANGER indicates that death or severe personal injury will result if proper precautions are not taken. WARNING indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION indicates that minor personal injury can result if proper precautions are not taken. NOTICE indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage. Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems. Proper use of Siemens products Note the following: Trademarks WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed. All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions. Siemens AG Division Process Industries and Drives Postfach 48 48 90026 NÜRNBERG GERMANY A5E44395601-AA P 05/2018 Subject to change Copyright Siemens AG 2018. All rights reserved

Table of contents 1 Security information...5 2 Preface...7 3 Configuration...9 3.1 Introduction...9 3.2 TMOS Functions...9 3.2.1 Installation...10 3.2.2 General information...10 3.2.3 Anti-Virus...10 3.2.4 Behavior Monitoring...12 3.2.5 Device Control...12 3.2.6 Predictive Machine Learning...12 3.2.7 Updates...13 Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 3

Table of contents 4 Commissioning Manual, 03/2018, A5E44395601-AA

Security information 1 Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines, and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement and continuously maintain a holistic, state-of-the-art industrial security concept. Siemens products and solutions constitute one element of such a concept. Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place. For additional information on industrial security measures that may be implemented, please visit: https://www.siemens.com/industrialsecurity Siemens products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer s exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under https://www.siemens.com/industrialsecurity. Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 5

Security information 6 Commissioning Manual, 03/2018, A5E44395601-AA

Preface 2 This documentation describes the settings to be changed for Trend Micro OfficeScan Server (TMOS) for use in an industrial plant. The configuration only includes some of the TMOS settings used in the compatibility test with PCS 7 and WinCC. Important information about this whitepaper Note The recommended settings for these virus scanners have been chosen to ensure that the reliable real-time operation of PCS 7 is not adversely affected by the virus scanner software. These recommendations describe the currently known, best-possible compromise between the objective of maximizing the detection and neutralization of virus software and malware and guaranteeing a highly deterministic time behavior of the PCS 7 process control system in all operating phases. If you choose different settings for the virus scanner, this could have negative effects on the real-time behavior. Purpose of the documentation This documentation describes the recommended settings for virus scanner software in combination with PCS 7 and WinCC, following the installation of the virus scanner. Required knowledge This documentation is aimed at persons involved in the engineering, commissioning, and servicing of automation systems with SIMATIC PCS 7 or WinCC. Knowledge of administration and IT techniques for Microsoft Windows operating systems is assumed. In addition, readers should be familiar with the PCS 7 & WinCC security concept. Additional information is available on the Internet at the following address: Security concept (https://support.industry.siemens.com/cs/ww/en/view/60119725) Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 7

Preface Scope of the documentation The documentation applies to process control systems equipped with the respective product version of PCS 7 or WinCC. Note Note that certain virus scanners are only approved for certain product versions. Additional information is available on the Internet at the following address: Compatibility Tool (http://www.siemens.com/kompatool) 8 Commissioning Manual, 03/2018, A5E44395601-AA

Configuration 3 3.1 Introduction Trend Micro OfficeScan Server (TMOS) activates additional functions going beyond the traditional virus scanner. The following configurations relate to the centrally managed version of TMOS which is configured using the TMOS Web Console. The use of a local, non-managed installation is allowed, but is not described. In addition, only an English installation is referred to. All the configurations described are deviations from the default configurations, i.e. any settings not described are not changed. 3.2 TMOS Functions TMOS provides the following functions (can be configured via the TMOS Web Console) Anti-virus for desktops Anti-virus for servers Ransomware Protection Connected Thread Defence Plug-in Manager and Plug-in Solutions Centralized Management Security Risk Protection Damage Cleanup Services Web Reputation OfficeScan Firewall Data Loss Prevention Device Control Behavior Monitoring The following modules and settings are recommended and are tested for compatibility for use in a PCS 7 and WinCC environment: Anti-virus for desktops Anti-virus for servers Antivirus for desktops Antivirus for servers Web Reputation and Anti-spyware for desktops Web Reputation and Anti-spyware for servers Damage Cleanup Services Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 9

Configuration 3.2 TMOS Functions The following functions are not recommended and are not checked in the compatibility test: Firewall for endpoints Only the Windows Firewall is released for use with PCS 7 and WinCC as this is configured automatically depending on the product installed. Smart Protection / Web reputation Settings File and Web Reputation; exchanging data with third parties is not recommended. Any use of modules and settings which are not recommended is the user's own responsibility. 3.2.1 Installation The following options must be configured during the installation; all other options may retain the default configuration. Installation/Setup Install integrated Smart Protection Server No.... Installation/Setup Enable Trend Micro Smart Feedback Installation/Setup Enable Firewall Installation/Setup Anti Spyware Assessment Feature No.... Installation/Setup Enable web reputation policy 3.2.2 General information All OfficeScan clients must be configured on the server as "Internal Clients". 3.2.3 Anti-Virus The following configurations relate to a default installation. Agents Global Agent Settings Scan Settings Do not scan files in the compressed file if the size exceeds Set to 1000 Scan Settings In compressed file, scan only the first Set to 100000 Scan Settings Alert Settings Clean/Delete infected files within compressed files Display a notification message if the endpoint needs a restart to load a kernel mode driver 10 Commissioning Manual, 03/2018, A5E44395601-AA

Configuration 3.2 TMOS Functions Agents Agent Management Settings -> Scan Settings -> Scan Methods Target-> User Activity on Files Settings -> Scan Settings -> Target-> Scan Settings Target-> Scan Settings Target-> Scan Settings Target-> Scan Settings Conventional scan Created/modified All scannable files Scan the boot sector of the USB storage device after plugging in Scan all files in removable storage device after plugging in Quarantine malware variants detected in memory Select Select Select Check Check Check Target-> Scan Settings Target-> Scan Settings Scan compressed files Set to 6 Scan OLE objects Set to 10 Action-> Virus/Malware Action-> Virus/Malware Action-> Spyware/Grayware Action-> Spyware/Grayware Privileges and other Privileges-> Proxy Settings Privileges and other Privileges-> Component Updates Privileges and other Other Update Settings Privileges and other Other Update Settings Use the same action for all virus/malware types Display a notification on the Endpoints when virus/malware is detected Deny access Display a notification on endpoints when spyware/grayware is detected Allow users to configure proxy settings Perform "Update Now!" OfficeScan agents download updates from the Trend Micro ActiveUpdate Server Enable schedule-based updates on OfficeScan agents Select Set 1st "Clean" Set 2nd "Quarantine" Select Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 11

Configuration 3.2 TMOS Functions Privileges and other Other Web Reputation Settings Privileges and other Other Behavior Monitoring Settings Privileges and other Other C&C Contact Alert Settings Privileges and other Other Predictive Machine Learning Settings Privileges and other Other Restart Notification Display a notification when a web site is blocked Display a notification when a program is blocked Display a notification when a C&C callback is detected Display a notification when a threat is detected Display a notification if the endpoint needs to restart to finish cleaning infected files 3.2.4 Behavior Monitoring The following configurations relate to a default installation. Agents - Agent Management Settings -> Behavior Monitoring Settings -> Rules -> Maleware Behavior Blocking Enable Malware Behavior Blocking 3.2.5 Device Control The following configurations relate to a default installation. The recommendation is only to use Device Control, in order to prevent the use of USB devices, for example. Agents - Agent Management Settings -> Device Control Settings -> Internal Agents-> Notification Display a notification on endpoints when OfficeScan detects unauthorized device access 3.2.6 Predictive Machine Learning The following configurations relate to a default installation. 12 Commissioning Manual, 03/2018, A5E44395601-AA

Configuration 3.2 TMOS Functions Agents - Agent Management Predictive Machine Learning Detection Settings File Set to Log only Predictive Machine Learning Detection Settings Process Set to Log only 3.2.7 Updates The following configurations relate to a default installation. The settings for reaching the Trend Micro Update Server on the Internet or a higher-level update server must be adapted to the relevant network topology. Updates Agents - Automatic Update Event-triggered Update Event-triggered Update Initiate component update on agents immediately after the OfficeScan server downloads a new component Let agents initiate component update after restarting and connecting to the OfficeScan server (independent agents excluded) Since is not possible to deactivate the "Schedule-based Update", select: Schedule-based Update Daily Set to a start time of your choice and set "Update for a period of" to 1 hour. Siemens Industrial Commissioning Manual, 03/2018, A5E44395601-AA 13

Configuration 3.2 TMOS Functions 14 Commissioning Manual, 03/2018, A5E44395601-AA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback