Virus scanner requirements
● If a local firewall that has been adapted to the production operations is used, it must be
possible to install the virus scanner without its own firewall.
● The virus scan clients can be divided into (product- and task-specific) groups and configured
separately.
● It must be possible to deactivate the automatic distribution of the virus signatures and other
updates.
● It must be possible to carry out the distribution of the virus signatures and updates manually
and in groups.
● It must be possible to conduct a file scan and system scan manually and in groups.
● For the virus detection scenario, a message can be configured without a file action such
as "Delete", "Clean", etc. being automatically carried out.
● It must be possible to log all of the messages on the virus scan server.
● On a virus scan client, it must be possible to suppress the local message window because
it could obscure important messages from the production process.
Note
Installation of software
The installation of software is often a process which represents a serious and complicated
change to the respective system. The storage location of the files to be installed must
always be free of viruses (e.g. a file server with its own virus scanner or DVD checked for
viruses).
2.3.4.2
Patch management
Microsoft security updates
The WSUS (Windows Server Update Service) system functionality provided by Microsoft is
available for current Windows systems. WSUS supports administrators by providing Microsoft
updates in large local networks. WSUS automatically downloads update packages from the
Internet (Microsoft Update) and offers them to the Windows clients for installation.
The fully automatic update process ensures that Microsoft security updates are always
available on Siemens clients.
Industrial security
2.3 General security measures
SIMOTION P320-4 E / P320-4 S
32
Manual, 03/2018, A5E36004933B