Hi,
One of our customer needed the following details for their IT department and also to procure AntiVirus software
Anti-virus procedure required for PcVue SCADA for the below points.
• Firewall and DCOM Settings
• DCOM Ports used by PcVue (PC – PLC / Server – Client / Server – Server / Server – Active Directory / Server - Historian)
• Is antivirus software recommended for use with PcVue
• What are the Antivirus exclusions required for the proper functioning of PcVue on the Network (Directories / Network Folders)
• Antivirus Process Exclusion for PcVue (.exe., etc)
Do we have any documentation with these details? What are the details that we can provide to them?
Hi Tijo,
1/ A firewall configuration guideline now exists, I attached it to this message. We are working on a way to make it more popular 😉
2/ DCOM settings: Information are available in the online help, in topics related to the deploying PcVue as a desktop app vs Windows service. These tropics also explain how to use the SV Core Management Console. https://www.pcvuesolutions.com/support/ProductHelp/Default.php#Deployment/SVC_Overview_windows_service.php?TocPath=Deployment%257CDeploying%2520server%2520applications%257CRunning%2520PcVue%2520as%2520a%2520Windows%2520service%257C_____1
Be careful, for now, this link to the online help in the KB will only work for you as it is not yet available to non-ARC users. But the same topics are in the online help as supplied with PcVue.
Regarding DCOM, there is also a variety of KB articles, in particular related to setting up DCOM for OPC.
3/ Regarding anti-virus, there is not yet a formal document, but the following hints and tips can be useful:
We do recommend using an antivirus product for protecting computers running PcVue, and leave the choice of a product to end-users, in particular because the 'good' product is first and foremost the one end-users will be able to configure, deploy, keep up-to-date and monitor. Imposing a product would be counterproductive versus the common goal of helping users protect their system. It is the risk analysis established by the end-user the shall drives his choices.
Recommendations such as those provided by Microsoft for SQL Server are of course applicable:
https://support.microsoft.com/topic/how-to-choose-antivirus-software-to-run-on-computers-that-are-running-sql-server-feda079b-3e24-186b-945a-3051f6f3a95b
And they are a good source of inspiration for 'classic' exclusions.
Some end-users decide to exclude files from antivirus scan if they are accessed very frequently or if an access locked by the antivirus has severe consequences :
- Trace files
- Archive unit files
Such exclusions can be useful with antivirus products that scan files upon any access by any process. It is less useful and even useless with less intrusive antivirus.
Excluding process such as sv32.exe from antivirus monitoring is usually a bad idea because it makes the antivirus useless for PcVue. Except when the potentially 'intrusive' behavior of the antivirus justifies it. The level of intrusiveness of the antivirus is most of the time related to its configuration than its core behavior. For example, a configuration to notify the admin in case of detection of something is less intrusive than an automatic and immediate action to put the process on quarantine (immediate loss of availability for something which may be a false positive).
Any feedback on this is welcome as your question is all about pieces of documentation we are eager to improve.
Regards
Benoît


