SIMATIC. Process Control System PCS 7 Configuration McAfee Endpoint Security Security information 1. Preface 2.

Similar documents
SIMATIC. Process Control System PCS 7 Configuration Symantec Endpoint Protection V14. Security information 1. Preface 2.

Siemens Industrial SIMATIC. Process Control System PCS 7 Configuration Trend Micro OfficeScan Server XG. Security information 1.

Readme SiVArc V14 SP1 Update 6

SIMATIC. Process Control System PCS 7 Advanced Process Functions Operator Manual. Preface. Security information 1. Overview 2. Material management 3

SIMATIC. Process Control System PCS 7 VT Readme V8.2 (online) Security information 1. Overview 2. Notes on Installation 3. Notes on usage 4.

Team engineering via Inter Project. Engineering. TIA Portal. Team engineering via Inter Project Engineering. Basics of "Inter Project Engineering"

Siemens Drives & PLCs

SIMATIC. SIMATIC Energy Manager V1.0 App for ios and Android. Preface. SIMATIC Energy Manager app. Establish connection to SIMATIC Energy Manager PRO

SIMATIC. Process control system PCS 7 Operator Station (V9.0 SP1) Security information 1. Preface 2

SIMATIC. Process Control System PCS 7 Trend Micro OfficeScan (V8.0; V8.0 SP1) Configuration. Using virus scanners 1.

COMOS. Platform Class documentation RevisionMaster_dll. Class: RevisionInfo 1. Class: RevisionMaster 2. Programming Manual

SIMATIC. Industrial PC Microsoft Windows 7 (USB stick) Safety instructions 1. Initial startup: Commissioning the operating system

SIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual

Class documentation. COMOSKDictionary COMOS. Platform Class documentation COMOSKDictionary. Trademarks. General. KDictionary. Programming Manual

Creating the program. TIA Portal. SIMATIC Creating the program. Loading the block library 1. Deleting program block Main [OB1]

SIMATIC. PCS 7 Process Control System SIMATIC Logon Readme V1.6 (Online) Security information 1. Overview 2. Notes on installation 3.

MindSphere. Visual Explorer. Introduction. User roles for "Visual Explorer" Connecting "Visual Explorer" to MindSphere data. Creating Visualizations

SIMATIC. Process Control System PCS 7 PCS 7 system documentation - Readme V8.0 SP2 (Update 1) Options for Accessing Documentation 1

SIMATIC. Industrial PC Microsoft Windows 7. Safety instructions 1. Initial startup: Commissioning the operating. system

SIMATIC. Process Control System PCS 7 CFC Readme V9.0 (online) Security information 1. Overview 2. Notes on Installation 3. Notes on usage 4.

SIMATIC. Process Control System PCS 7 V7.0 SP1 Security Information Note: Setting up antivirus software. Preface. Using virus scanners 2

SIMATIC. PCS 7 Licenses and configuration limits (V9.0) Security information 1. Preface 2. Selecting the correct license keys 3

SIMATIC. Industrial PC Microsoft Windows Embedded Standard 7. Safety instructions 1. Initial startup: Commissioning the operating.

Industrial Controls. SIMOCODE pro SIMOCODE pro PCS 7 Library. Preface. Security information. Product specific security. information.

SIMATIC. Process control system PCS 7 PCS 7 - PC Configuration (V9.0 SP1) Security information 1. Preface 2. PC components of a PCS 7 system 3

SIMATIC. S7/HMI SIMATIC Automation Tool V3.1 SP1 product information. SIMATIC Automation Tool features 1. Known problems. Product Information

Industrial Controls. Motor management and control devices SIMOCODE pro - Application examples. Introduction 1. Application example

Class: DocumentManager 1 COMOS. Platform Class documentation DocumentManager_dll. Programming Manual 03/2017 V10.2.

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

Optional package printer driver V1.4

Performance data abgn SCALANCE W770/W730 SIMATIC NET. Industrial Wireless LAN Performance data abgn SCALANCE W770/W730.

SIMATIC NET. Industrial Ethernet / PROFINET Primary Setup Tool (PST) Preface. Functions 1. Software installation 2. Operation. Configuration Manual

Performance data abgn PCIe Minicard MPCIE-R1-ABGN-U3 SIMATIC NET

PD PA AP How To Configure Maxum II TimeServer Access

SIMATIC NET. Industrial Remote Communication - Remote Networks SINEMA Remote Connect - Client. Preface. Requirements for operation 1

SIMATIC. PCS 7 Process Control System Support and Remote Dialup. Security information 1. Preface 2. Support and Remote Dialup 3.

SIMATIC. Process Control System PCS 7 SIMATIC Management Console (V9.0) Security information 1. Preface 2. Basics 3

Validity 1. Improvements in STEP 7 2. Improvements in WinCC 3 SIMATIC. Readme. Readme

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

SIMOCODE pro. Read me SIMOCODE ES. Introduction 1. Installation notes 2. Installation/License key/ Uninstallation 3.

SIMATIC. SIMATIC Logon V1.6. Security information 1. Conditions for secure operation of SIMATIC Logon 2. User management and electronic signatures 3

SINEMA Remote Connect - Client SIMATIC NET. Industrial Remote Communication SINEMA Remote Connect - Client. Preface. Requirements for operation

Siemens Spares. Setting up security in STEP 7. Professional SIMATIC NET. Industrial Ethernet Security Setting up security in STEP 7 Professional

DANGER indicates that death or severe personal injury will result if proper precautions are not taken.

party software COMOS Platform Third-party software Trademarks 1 Requirements for the system environment Third-party software releases Operating Manual

Use with 0 to 70 C ambient. temperature SIMATIC. Process Control System PCS 7 Use with 0 to 70 C ambient temperature. Preface 1. Product combination 2

SIMATIC. Process Control System PCS 7 SIMATIC Management Console (V9.0 Update 1) Security information 1. Preface 2. Basics 3

SIMATIC. Process Control System PCS 7 Compendium Part D - Operation and Maintenance (V8.2) Security information 1. Preface 2

SIMATIC. PCS 7 process control system PCS 7 Basis Library Readme V9.0 (Online) Security information 1. Overview 2. Notes on installation 3

Class: POptions 1 COMOS. Platform Class documentation POptions_dll. Programming Manual 04/2014 A5E AA

Key Panels Library SIMATIC HMI. Key Panels Library. Preface 1. Installation of Key Panels Library. Working with the Key Panels Library

SIMATIC. PCS 7 Process Control System CFC Readme V9.0 SP2 Upd2 (Online) Security information 1. Overview 2. Notes on Installation 3.

SIMATIC Ident RFID systems MDS D423 Compact Operating Instructions

SIMATIC. STEP 7 PLUS TIA Portal Teamcenter Gateway. Introduction to TIA Portal Teamcenter Gateway 1. System requirements 2

SIMATIC. TIA-Portal SIMATIC Visualization Architect. Security information 1. Basics 2. Installation 3. Elements and basic settings 4

SIMATIC. Process Control System PCS 7 OS Process Control (V8.1) Security information 1. Preface 2. Additional documentation 3

MindSphere. MindConnect IoT Extension Getting Started. Introduction to MindSphere. Prerequisites 2. Preparations 3. MindConnect IoT Extension

SIMATIC IPC Wizard for. Widescreen devices with multitouch SIMATIC. Industrial PC SIMATIC IPC Wizard for. Preface.

SINETPLAN Siemens Network Planner

S7-300 Getting Started - Commissioning a CPU 31xC: Closed-loop control

Industrial Controls. Motor management and control devices SIMOCODE pro. Introduction 1. Configuring a reversing starter. List of abbreviations

Getting Started - Startdrive. Startdrive SINAMICS. Introduction 1. Connecting the drive unit to the PC. Creating a project 3

ET 200S distributed I/O system 4DO DC24V/2A ST digital electronic module (6ES7132-4BD32-0AA0)

IO-Link Master (6ES7147-4JD00-0AB0) SIMATIC. ET 200pro IO-Link Master (6ES7147-4JD00-0AB0) Preface. Documentation guide. Product overview.

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 2 2. Improvements in Update 1 3

SIMATIC. Process Control System PCS 7 SFC Visualization (V9.0 SP2) Security information 1. What's new in SFV? 2. SFC Visualization (SFV) 3

SIMATIC. Process Control System PCS 7 PCS 7 Documentation (V8.1) Options for Accessing Documentation 1. Documentation for the Planning Phase 2

B.Data V6.0 Installation SIMATIC. B.Data V6.0 Installation. Introduction. Installing B.Data. Setting up B.Data Web 3

Plant Automation Accelerator 2.1 Readme (Online)

Operator Station (V8.0) SIMATIC. Process Control System PCS 7 Operator Station (V8.0) Preface 1. The PCS 7 Operator Station

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 6 2. Improvements in Update 3 3. Improvements in Update 2 4

SIMATIC. SIMATIC Logon V User management and electronic signatures 1. Hardware and Software Requirements 2. Scope of delivery 3.

SIMATIC/SINAMICS. Getting started with SINAMICS V90 PN on S Motion Control. Fundamental safety instructions 1. Introduction

SIMATIC. Process Control System PCS 7 Software update with utilization of new functions. Security information 1. Preface 2.

SIMATIC. Process Control System PCS 7 Licenses and quantity structures (V8.0) Preface 1. Selecting the correct license keys 2

SIMATIC. Process control system SIMATIC BATCH Readme V9.0 SP1 Update2 (Online) Security information 1. Overview 2

SIMATIC. Process Control System PCS 7 OS Process Control (V8.1) Preface 1. Additional documentation 2. Functions of the PCS 7 OS in process mode 3

COMOS. Lifecycle COMOS Walkinside Getting Started. Security information 1. Which functionalities are not covered in this manual? 2

SIMATIC. ET 200SP Open Controller Product information on CPU 1515SP PC. Preface. Product Information. Technical update. Technical specifications 3

RF-MANAGER simulator SIMATIC. RFID-Systems RF-MANAGER simulator. Simulating projects. Compact Operating Instructions 06/2010 A5E

DI 8x24VDC ST digital input module SIMATIC. ET 200SP DI 8x24VDC ST digital input module (6ES7131-6BF00-0BA0) Preface. Documentation guide

BaseUnits (6ES7193-6BP.../3RK1908-0AP00 ) SIMATIC. ET 200SP BaseUnits. Preface. Guide to the documentation 1. Product overview 2

SIMATIC. WinCC Readme Runtime Professional. Validity 1. Improvements in Update 7 2. Improvements in Update 6 3. Improvements in Update 5 4

Line reactors SINAMICS. SINAMICS G120P Line reactors. Safety information 1. General. Mechanical installation 3. Electrical installation 4

Settings. Prior information notice 1. Introduction to "Settings" 2. User rights in "Settings" 3. Settings interface 4.

Scope and Purpose of this. Guideline. Requirements. Limitations. MindSphere. Testing. MindConnect LIB Developer. Branding.

SIMATIC NET. Industrial Remote Communication TeleService TS Gateway. Preface. Application and properties. Installation, commissioning and operation 2

SIMATIC. S7-1500, ET 200SP, ET 200pro Structure and Use of the CPU Memory. Preface. Documentation guide. Memory areas and retentive memory

SIMATIC. PCS 7 Web Option for OS (V8.2) Security information 1. Preface 2. Overview of the Web Option for OS 3. Additional documentation 4

Siemens Spares COMOS. Operations Inspection. Introduction 1. Working with the "Inspection" plugin 2. Working with the "Inspection diagram" plugin 3

Power module PM-E DC24V HF SIMATIC. ET 200S distributed I/O Power module PM-E DC24V HF (6ES7138-4CA60-0AB0) Preface. Properties.


Setting up securityglobal FW Rulesets SIMATIC NET. Industrial Ethernet Security Setting up security. Preface. Firewall in standard mode

Plant Automation Accelerator 2.0

Cycle and response times SIMATIC. S Cycle and response times. Preface. Documentation guide. Program processing 2. Cyclic program processing 3

Software Kit. Automatic Door Controls. SIDOOR Software Kit. Introduction 1. General safety instructions. Installation. Uninstalling the software 4

B.Data V6.0 SP1 Installation SIMATIC. B.Data V6.0 SP1 Installation. Introduction 1. Installing B.Data. Setting up B.Data Web

ST (6ES7132-6FD00-0BB1)

SIMATIC HMI. WinCC V7.4 SP1 WinCC/Audit. WinCC/Audit - Installation Notes 1. WinCC/Audit - Release Notes 2. WinCC/Audit - Documentation.

SIMOTION. Motion Control Task Trace. Preface 1. Overview 2. Configuring 3. Working with the SIMOTION Task Profiler 4.

Transcription:

Security information 1 Preface 2 SIMATIC Configuration 3 Process Control System PCS 7 Configuration McAfee Endpoint Security 10.5 Installation Manual 03/2018 A5E44395618-AA

Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger. DANGER indicates that death or severe personal injury will result if proper precautions are not taken. WARNING indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION indicates that minor personal injury can result if proper precautions are not taken. NOTICE indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage. Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems. Proper use of Siemens products Note the following: Trademarks WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed. All names identified by are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions. Siemens AG Division Process Industries and Drives Postfach 48 48 90026 NÜRNBERG GERMANY A5E44395618-AA P 06/2018 Subject to change Copyright Siemens AG 2018. All rights reserved

Table of contents 1 Security information...5 2 Preface...7 3 Configuration...9 3.1 Introduction...9 3.2 EPS Functions...9 3.2.1 General...10 3.2.2 Endpoint Security Common...10 3.2.3 Endpoint Security Firewall...11 3.2.4 Endpoint Security Threat Prevention...11 3.2.5 Endpoint Security Web Control...12 3.2.6 Pattern Updates...13 Installation Manual, 03/2018, A5E44395618-AA 3

Table of contents 4 Installation Manual, 03/2018, A5E44395618-AA

Security information 1 Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines, and networks. In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement and continuously maintain a holistic, state-of-the-art industrial security concept. Siemens products and solutions constitute one element of such a concept. Customers are responsible for preventing unauthorized access to their plants, systems, machines and networks. Such systems, machines and components should only be connected to an enterprise network or the internet if and to the extent such a connection is necessary and only when appropriate security measures (e.g. firewalls and/or network segmentation) are in place. For additional information on industrial security measures that may be implemented, please visit: https://www.siemens.com/industrialsecurity Siemens products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer s exposure to cyber threats. To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under https://www.siemens.com/industrialsecurity. Installation Manual, 03/2018, A5E44395618-AA 5

Security information 6 Installation Manual, 03/2018, A5E44395618-AA

Preface 2 This documentation describes the settings to be changed for McAfee Endpoint Security for use in an industrial plant. The configuration represents an extract of the settings from McAfee Endpoint Security which were used in the compatibility test with PCS 7 and WinCC. Important information about this whitepaper Note The recommended settings of these virus scanners have been chosen in such a way that reliable real-time operation of PCS 7 is not impaired by the virus scanner software. These recommendations describe the currently known, best-possible compromise between the objective of maximizing the detection and neutralization of virus software and malware and guaranteeing a highly deterministic time behavior of the PCS 7 process control system in all operating phases. If you choose different settings for the virus scanner, this could have negative effects on the real-time behavior. Purpose of the documentation This documentation describes the recommended settings for virus scanner software in combination with PCS 7 and WinCC, following the installation of the virus scanner. Required knowledge This documentation is aimed at persons involved in the engineering, commissioning, and operation of automated systems based on SIMATIC PCS 7 or WinCC. Knowledge of administration and IT techniques for Microsoft Windows operating systems is assumed. Further, the PCS 7 and WinCC security concept should be known. Detailed information is available on the Internet at the following address: Security concept (https://support.industry.siemens.com/cs/ww/en/view/60119725) Installation Manual, 03/2018, A5E44395618-AA 7

Preface Scope of the documentation This documentation applies to process control plants that are realized with the relevant version of SIMATIC PCS 7 or WinCC. Note Note that certain virus scanners are only approved for certain product versions. Additional information is available on the Internet at the following address: Compatibility Tool (http://www.siemens.com/kompatool) 8 Installation Manual, 03/2018, A5E44395618-AA

Configuration 3 3.1 Introduction McAfee Endpoint Security (EPS) activates additional functions going beyond the traditional virus scanner. The following configurations relate to the version of the EPS managed centrally which is configured using the McAfee epolicy Orchestrator (epo). In addition, only an English installation is referred to. All the configurations described are deviations from the default configurations, i.e. any settings not described are not changed. 3.2 EPS Functions EPS provides the following functions that can be configured with policies (available in the epo under "Policy Catalog"): Endpoint Security Common Options Endpoint Security Firewall Options Rules Endpoint Security Threat Prevention On-Access Scan On-Demand Scan Options Access Protection Exploit Prevention Endpoint Security Web Control Options Enforcement Messaging Block and Allow List Content Actions Browser Control Installation Manual, 03/2018, A5E44395618-AA 9

Configuration 3.2 EPS Functions The following functions and settings are recommended and are tested for compatibility for use in a PCS 7 and WinCC environment: Endpoint Security Common Options Endpoint Security Threat Prevention On-Access Scan On-Demand Scan Options Access Protection Exploit Prevention Endpoint Security Web Control (conditional) Options Enforcement Messaging Block and Allow List Content Actions Browser Control The following functions are not recommended and are not checked in the compatibility test: Endpoint Security Firewall 3.2.1 General We recommend that you use the same policies for all PCS 7 and WinCC computers and that you make the same settings for the workstation and servers. A policy with the corresponding function must be created in order to make the settings. 3.2.2 Endpoint Security Common Quintessence Options Click the "Show Advanced" button to make all the settings. Client Interface Mode Lock client interface Select Uninstallation Require password to uninstall client Select 10 Installation Manual, 03/2018, A5E44395618-AA

Configuration 3.2 EPS Functions Default Client Update Enable the Update Now button Unselect Default Client Update Enable Default Client Update task schedule Unselect 3.2.3 Endpoint Security Firewall Options: Firewall Enable Firewall Unselect Rules: The following configurations refer to a new policy derived from the McAfee Default Policy. No changes required. 3.2.4 Endpoint Security Threat Prevention Access Protection: The following configurations refer to a new policy derived from the McAfee Default Policy. Only the default settings are checked for compatibility. Any change is system-specific and cannot be analyzed. This setting should only be used by administrators with sound network and security knowledge and in systems that have their own security administration. Exploit Prevention: The following configurations refer to a new policy derived from the McAfee Default Policy. Only the default settings are checked for compatibility. Any change is system-specific and cannot be analyzed. This setting should only be used by administrators with sound network and security knowledge and in systems that have their own security administration. Installation Manual, 03/2018, A5E44395618-AA 11

Configuration 3.2 EPS Functions On-Access Scan: Click the "Show Advanced" button to make all the settings. On-Access Scan Threat Detection User Messaging Process Settings -> Process Types -> Scanning Process Settings -> Process Types -> Actions Process Settings -> Process Types -> Actions Specify maximum number of seconds for each file scan Display the On-Access Scan window to users when a threat is detected Compressed archive files Threat detection first response Unwanted program first response Unselect Unselect Select Deny access to files Deny access to files On-Demand Scan: Only the default settings are checked for compatibility. Any change is system-specific and cannot be analyzed. This setting should only be used by administrators with sound network and security knowledge and in systems that have their own security administration. No changes required. Options: Proactive Data Analysis -> Send anonymous diagnostic and usage data to McAfee Proactive Data Analysis -> Check AMCore Content before installation McAfee GTI feedback AMCore Content Reputation Unselect Unselect 3.2.5 Endpoint Security Web Control The following configurations refer to a new policy derived from the McAfee Default Policy. They are based on all policies from Web Control. Only the McAfee default settings are checked for compatibility. Any change is system-specific and cannot be analyzed. This setting should only be used by administrators with sound network and security knowledge and in systems that have their own security administration. No changes required. 12 Installation Manual, 03/2018, A5E44395618-AA

Configuration 3.2 EPS Functions 3.2.6 Pattern Updates The distribution of patten updates and other updates is not configured with the McAfee VirusScan Policies, but instead with Client Task Catalog -> Client Task Types -> McAfee Agent -> Product Update. We recommend to update the pattern time-delayed. More detailed information on this is provided in the security concept Administration of virus scanners (https:// support.industry.siemens.com/cs/ww/en/view/38625951). Installation Manual, 03/2018, A5E44395618-AA 13

Configuration 3.2 EPS Functions 14 Installation Manual, 03/2018, A5E44395618-AA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback