Using McAfee with Process Portal B
Summary
ABB’s Process Portal system is subjected to comprehensive verification and quality assurance testing before the release of each system version. Tests include verifying that antivirus software has no negative effects on the system’s functionality and stability, and that impact on performanceis negligible. This document describes how McAfee VirusScan®Enterprisewas configured for these tests.
Contents
1INTRODUCTION
1.1Background
1.2Scope of test
1.3Test result
2CONFIGURATION SETTINGS
2.1Overview
2.2On-Access Scanning
2.2.1Script Scanning
2.2.2Settings for default processes
2.3AutoUpdate
3FOLDERS AND FILE TYPES EXCLUDED FROM ON-ACCESS SCANNING
NOTICE
This document and parts hereof must not be reproduced or copied without written permission from ABB and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, for the information contained in this document, and assumes no responsibility for the information contained in this document or for any errors that may appear in this document.
The purpose of this document is to describe test results. The described measures are not necessarily complete or effective for all applications and installations.
In no event shall ABB be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, nor shall ABB be liable for incidental or consequential damages arising from use of any software or hardware described in this document.
The software or hardware described in this document is furnished under a license and may be used, copied, or disclosed only in accordance with the terms of such license.
Copyright © 2007 ABB. All rights reserved.
TRADEMARKS
All rights to registrations and trademarks reside with their respective owners.
1INTRODUCTION
1.1Background
ABB’s Process Portal B system is subjected to comprehensive verification and quality assurance testing before the release of each system version. Tests include verifying that antivirus software has no negative effects on the system’s functionality and stability, and that impact on performanceis negligible. This document describes how McAfee VirusScan®Enterprisewas configured for the testing of Process Portal B.
All computer systems should be scanned for viruses at regular intervals. A reputable and reliable virus scanner should be used and updated regularly. However, when a virus is found, damage may already have been done. For a mission critical system it is therefore more important to effectively prevent viruses from being introduced into the system than to run frequent virus scans. The ABB IS Security Considerations for Automation Systems White Paper (3BSE032547) provides general guidelines on how to protect a system from viruses and other malicious software.
Virus checking affects the performance and response times of any computer system. For an automation system such as Process Portal, where real-time performance and reaction times must not be compromised, the impact of virus checking must be limited. This can be accomplished by excluding certain frequently accessed directories and file types from on-access scanning, and by running on-demand scanning of excluded files at times when normal system activity is low.
1.2Scope of test
Process Portal B 2.0 Service Pack 2 has been tested with the following antivirus product:
- McAfee VirusScan®Enterprise 8.0i, with patch 13 installed
This document describes the specific configuration settings that were made for the tests. Allother settings were left at their defaults values.
The principles described in this document may be valid for other antivirus products, but additional settings may be required when using other products than McAfee. Only McAfee VirusScan®Enterprise8.0i has been tested.
1.3Test result
With the configuration settings described in this document, no interference with the Process Portal operations was observed during the tests, and the impact on system performance and reaction times was negligible.
2CONFIGURATION SETTINGS
2.1Overview
McAfee VirusScan®Enterprise 8.0i can be configured for on-access and on-demand virus scanning.
- On-access scanning is automatically activated at system startup and will check files as they are accessed. To prevent this from causing performance degradation, folders containing files that are frequently accessed need to be excluded from on-access scanning.
2.2On-Access Scanning
2.2.1Script Scanning
Uncheck the Enable ScriptScan box in the General Settings section, see figure 1.
Figure 1: Uncheck the Enable ScriptScan box
2.2.2Settings for default processes
The settings that were used for default processes are shown inFigure 2.
Figure 2Settings for default processes
When you press “Exclusions …”, a list of the files, folders, and drives that are excluded from on-access scanning is presented:
Figure 3List of disks, files, and folders excluded from on-access scanning
New itemsare added to this list by pressing “Add …” and filling in relevant foldersand file types as shown below.
Note that “Also exclude subfolders”, “On read”, and “On write” should be checked.
A typical Process Portal node should have the following file exclusions:
A typical Enterprise Historian node should have the following folders excluded:
In addition to the above folders, all user configurable archive folders should also be excluded.
The folders and file types that need to be excluded will depend on which Process Portal products are installed. A complete listing is provided in chapter 3.
2.3AutoUpdate
AutoUpdate is a feature that can be used to ensure that the latest McAfee DAT files are downloaded and installed on every machine. However, enabling this feature requires a directconnection between the automation system network and the Internet. Enabling AutoUpdate on machines connected to the automation system network is therefore not a standard practice.
For a more secure and reliable application of DAT files, a central management and update deployment host can be set up on a corporate intranet[1]. This allows a system administrator to have control over when updates are made, and an opportunity to test the updates before they are deployed. The white paper “IS Security Considerations for Automation Systems” provides general guidelines for how this could be arranged.
For the test, AutoUpdate was not configured. No central management tools were tested.
3FOLDERS AND FILE TYPES EXCLUDED FROM ON-ACCESS SCANNING
The folders and file types that need to be excluded from on-access scanning will depend on theProcess Portal products installed.
The tests were run using the following exclusions:
Product / Folder or File typeProcess PortalBase System / File types MDF, LDF, NDF
Enterprise Historian / \HsData
\oracle\admin
\oracle\oradata
All user configured archive folders should be excluded.
REVISION
Rev. ind. / Page (P) Chapt. (C) / Description / Date Dept./Init.A / Original Issue / 7Sep2006/ATPA/RJO
B / Page 1, section 1.1 &1.2
Page 2
Section 2.2.2 / Removed specific references to SP2. Spelled out SP2 in sec 1.2.
Updated copyright year to 2007, was 2005-2006
Updated Set Exclusion graphic and added new Set Exclusion graphic for EH / 4Jan2007/ATPA/RJO
/ ABB Inc. / Doc. no. / Lang. / Rev. ind. / Page
3BUA000534 / en / B / 1
[1]Products for this purpose are available from McAfee.