Malware Protection White Paper
Contents
1. Startup type Automatic Service status Started Sten Resume fou can specify the start parameters that apply when you start the service tram here Start parameters Press OK to finish the configuration 5 2 Configuring Automatic Updates Windows can be configured to install important updates as they become available by enabling automatic updating Optional updates are not downloaded or installed automatically To start the automatic updates go to Windows Start gt Control Panel gt Security Center Open the dialog and select Turn on Automatic Updates Windows Security Center ID x N Security Center Help protect your PL 2 Resources _ ae Get the latest security and virus Firewall oO On nformation fram Microsoft Ched for the latest updates from Wiros Update CHECK SETTINGS Get support for security related tatie Updates is not yat configured fer this commuter Click Tum on Automatic asus as bo have Windows automaticaly keep your computer cumant wih important es recommended How does Automatic Updates help protect my combuber Get help about Security Center se sabes Turn on Automatic Updal hange the way Securty Lenie merto me p Virus Protection ON ge security settings for Automatic updates are now activated on the instrument 1EF73 Oe Rohde amp Schwarz Malware Protection White Paper 29 1EF73 Oe Windows Patches an2. VXI 11 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 6 Firewall Settings 2 2 Changing Firewall Settings Rohde amp Schwarz highly recommends the use of the firewall on your instrument Note that changing firewall settings requires administrator rights You can manage the firewall settings via Windows Start gt Control Panel gt Windows Firewall S 2 Windows Firewall General Exceptions Advanced Windows Firewall is blocking Incoming network connections except for the programs and services selected below Adding exceptions allows some programs to work better bul might increase your security risk Programs and Services Hame COl Fastct fi File and Printer Sharing HTTP fl Launch Tight VG Server i Message Queuing fe Peer Name Resolution Protocol PNRP FIRAS Proxy installation Service F Remote Assistance E Remote Desiton MIRS_NRPY Tight Wak Viavnar ali EF arrears J ae a v Display a notification when Windews Firewall blocks a program ka aT ok cance Problems that are related to the default firewall configuration appear in two ways e Client programs may not receive data from the instrument e Server programs that are running on the instrument may not respond to client requests If a program is being blocked you may receive the following Windows Firewall Security Alert S Windows Security Mert p To help protect pour computer Windows Fir
3. cccccceseeeeeeeeeeeeeeceneneeseneeseees 22 4 4 Scanning from a USB thumb rive eee eceeee cece ee eeeeeeeeeeeeneeaaeeseaeeeaseeea sean eeseaeeaaaeesanesenessoneees 23 4 5 Scanning Instruments from another PC cc cecceecceceeeeeeeeeeeeeeeeeeceeeeeeeeeees essa eeseaseeaaeesanesenesseneees 23 4 5 1 Share Drives of the Instrument cccceeeeeeeeeeeeeeeeeeeeeneeeaeeeeeeneesenseeseaeeeeeaeeeesseeeeesseenenessenensenees 23 4 5 2 Mapping Drives and Scanning for Viruses ccsccceeeee eee eeeeneeeeeeeeeneeeneeeeaeseaseseeseaneeseaeseneesanes 25 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 2 Windows Based Instruments 5 Windows Patches and Updates c cc ccccceceeeeeeeeeeeeeeeeeesenseneensonsenseneeneenenees 27 5 1 Installation and Configuration of Windows Update Agent cccccceeeceeeeeeeceneeeeeeeneeeneeeees 28 5 2 Configuring Automatic Updates iisvcsiedei ceed ies cristoniinssdodeancenleieaydssecvostnact wncstuswanidauretesecsiecrecsaces 29 5 3 Instruments connected to a Windows Update Serve P cccccccccseceeeeeeeeeeeeceseeeeeceeeseneseneneneeeaes 30 5 4 Configuring Automatic Updates cc ceccceecceeceeeeeeeeeeeeeeseeeneeeeeeeeseeseeeseaaeesaeseeanseaaessanessneesnenenens 31 5 5 VIEWING installed Updates sascicorivcceseesdesagenvctevncerieteniweneusdiviaatiadveasesinee secures edtinsinetiventetereadaenue ns 31 6 Related Documents and LINKS voessticteieti
4. Virus Scans Microsoft Security Essentials needs an Internet connection and administrator rights to be executed Note The virus signature updates are downloaded from the Microsoft server automati cally if the virus signature database is older than 24h There is no configuration to dis able this automatic update process Also Microsoft Security Essentials can not be con figured to use a proxy server in your company Configure virus scans to be executed on demand to avoid degradation of the instru ment s performance Double click on the Microsoft Security Essentials icon in the sys tem tray to bring up the main dialog Select the Settings tab and Scheduled scan on the left hand navigation pane Deselect Run a scheduled scan to deactivate automatic virus scans Microsott Security Essentials Computer status Protected A ome Wi Update ig History Settings Sthretuled scan Foal time protection Excluded les bh locabors Excluded fle types Eucluded processes AG enced Microsoft SpyNet A Bun a schedulad scan on my computacgsreconmmandcesd Save changes Cancel Store the configuration with Save changes 1EF73_0e Rohde amp Schwarz Malware Protection White Paper 21 1EF73_0e Anti Virus Software 4 3 4 Update Virus Signatures and Scan for Viruses on Demand To start updates for the virus signature database and the anti virus software on the instrument you need an Internet connection Double cli
5. a Ea EEN 7 3 USB DEVICES cranant ae a a a a 8 3 1 Disable USB Aut run FUNCOM sssrin a EAEra NENEN 8 SZ SCAN USB DEVICES xeniais a O a a NEN si 9 A PNUVIFUS SONWa E anen a 10 AI N ron AntiVirus 20T0i aa A E a secu emccaenns 11 AET ASANA ann E E E ocueeceue et 11 AN2 NRE CUING ITC IVES euie A wats anne ven gnneumaGuscsatesarenaaneeees 11 4 1 3 Deactivate Automatic Updates and Virus Scans ee cececc cece eee ee eee eeeeeeneeneeseneeaessaneseeseeeesenees 12 4 1 4 Update Virus Signatures and Scan for Viruses on DeMmand ccccceeeeeeeeeeeeeeeeeneeeeeeeeeneeeeees 14 4 2 Kaspersky ADU VIUS 2010 irsi a E a 16 A2 mSOST aei science on ote ac tates mutremacemnenatleuet canoes sunoneeas coeeeeseeseneses 16 422 NRE CUING ITVG INES eike vas Scas ta sanwaseccawetecedsnees iseniacste RE Ea 16 4 2 3 Deactivate Automatic Updates and Virus Scans ec cesecc cece eee eee eee eeeeeneeneseeneeessaneseeseneesenees 17 4 2 4 Update Virus Signatures and Scan for Viruses On DeEMand ccceeseeeeeeeeeeeeeeeeeeeneeeeeseeeees 19 4 3 Microsoft SECU ESSCIIANS ereraa mney esacssonsnacusoosmamucnieecentsansaecs 20 a e R AMD S CAN AIO Msc ag sea soe eee PS LE E E P T E A E AE E E E EE A A E I 20 A 3 22 ReEgUNEMENIS rennan E E Ai 20 4 3 3 Deactivate Automatic Virus Scans s ssssssssssssennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnm ennnen nnen 21 4 3 4 Update Virus Signatures and Scan for Viruses on D Mand
6. anti virus software using aS examples a few commonly used programs It is recognized that there are other capable programs the ones used in the following sections serve as general examples and the principles apply to other programs which may be used by your IT department or system administrator Installing configuring and using anti virus software requires administrator rights Rohde amp Schwarz Malware Protection White Paper 10 Anti Virus Software 4 1 Norton AntiVirus 2010 This section describes the installation configuration and use of the anti virus software Norton AntiVirus 2010 on R amp S instruments 4 1 1 Installation Install the Norton AntiVirus 2010 software on the instrument as described in the ven dor s manual Deactivate the control check box I want to join the fight on the instal lation welcome page and start the installation with Agree amp Install Thank you for choosing Norton Antivirus 2010 After installation completes Norton AntiVirus 2010 tries to connect to the Symantec server to get the latest virus signatures and program updates a process called Live Update 4 1 2 Requirements Norton AntiVirus 2010 has the following requirements e 200 MB Free space on the instrument s hard drive e 256 MB Memory e Windows XP SP2 or later Make sure that as a minimum Windows XP SP2 is installed on your R amp S instrument Refer to the instrument s user manual for how to check the current OS versi
7. check for the latest virus and spyware n my OOfpuUber for potenhal threats after geting ihe tatast Fish After installation completes Microsoft Security Essentials tries to connect to the Micro soft server to get the latest virus signatures and program updates To prevent this de activate the control box Scan my computer for potential threats and select Finish to complete the installation 4 3 2 Requirements Microsoft Security Essentials has the following requirements e 300 MB Free space on the instrument s hard drive e 256 MB Memory e Windows XP SP2 or later Make sure that as a minimum Windows XP SP2 is installed on your R amp S instrument Refer to the instrument s manual for how to check the current OS version If it s based on an older version contact your R amp S representative for update possibilities For many instruments R amp S provides an instrument recovery DVD with the latest OS version to re image the hard drive of the instrument During a virus signature program update or a virus scan two processes named MsMpEng exe and msseces exe run on the instrument and occupy up to 110 MB of memory Therefore Rohde amp Schwarz recommends that the firmware on the instrument be stopped before starting a virus scan Refer to the instrument s manual for how to stop execution of the instrument s firmware Rohde amp Schwarz Malware Protection White Paper 20 Anti Virus Software 4 3 3 Deactivate Automatic
8. e Microsoft Windows Update Agent Download Link http go microsoft com fwlink LinkID 100334 e Microsoft Support How to disable the Autorun functionality in Windows http support microsoft com kb 967715 en us e Microsoft Support Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users http support microsoft com kb 875357 en us Microsoft Windows Windows XP and Microsoft Security Essentials are U S registe red trademarks of Microsoft Corporation Norton and Norton AntiVirus 2010 are U S registered trademarks of Symantec Corpo ration Kaspersky and Kaspersky Anti Virus 2010 are U S registered trademarks of Kaspersky Lab ZAO Rohde amp Schwarz Malware Protection White Paper 32 About Rohde amp Schwarz Rohde amp Schwarz is an independent group of companies specializing in electronics It is a leading supplier of solutions in the fields of test and measurement broadcasting radio monitoring and radiolocation as well as se cure communications Established 75 years ago Rohde amp Schwarz has a global pres ence and a dedicated service network in over 70 countries Company headquarters are in Munich Germany Environmental commitment e Energy efficient products e Continuous improvement in environ mental sustainability e ISO 14001 certified environmental man agement system Certified Quality System ISO 9001 Regional contact USA amp Canada USA 1 888 TEST RS
9. inevitable that something will penetrate the enterprise firewall Instrument firewalls not only help protect against threats inside the perimeter but they can also prevent the spread of many viruses and worms If you have additional requirements for security and protection please contact your IT department or system administrator to ensure conformity with your company s security policy 2 1 Firewall Port Configuration R amp S instruments are preconfigured in such a way that all ports and connections for remote control are enabled See the following table for details Service Description 21 tcp FTP 80 tcp HTTP 111 tcp 111 udp Portmapper Portmapper service for VXI 11 LXI 161 udp SNMP Standard ports for SNMP agent 162 udp 705 tcp AgentX Instrument web server FTP port Web server Instrument web server LXI 319 tcp udp 320 tcp udp 2525 tcp 4880 tcp 5025 data 5125 abort 5044 tcp udp 5800 tcp 5900 tcp 1588 PTP RSIB HiSLIP TCP Socket LXI Class B VNC RS Installer LXI Class B A IEEE1588 PTP Preci sion Time Protocol R amp S SCPI socket connection High Speed LAN Interface Protocol Raw SCPI socket connection LXI LAN messages and events Multicast address udp 224 0 23 159 Instrument soft front panel via web server Browser interface R amp S Software distributor service 13217 tcp udp 14142 16383 tcp udp ONC RPC dynamic assignment Sun ONC RPC protocol
10. malais pa yter cungiin Ugeleling dmi aiee ty eppecel bor iiidh i Online activity Srowrng wen shes b ting and efappieg ones emal ssi eatant mesiagng Hci sete Drug Secunty y echelons a ii pi paiite Gama phriechoe cornanetio bar aralabia P appiemiy Pierie Securby eal q Piniecten of par oompa Total scorned 340 Themas dutectad Hig Biy Kaspersky Accouml Bappa License 40 laps remaining Rohde amp Schwarz Malware Protection White Paper 17 1EF73_0e Anti Virus Software Select Full Scan in the left hand navigation pane and then Settings to configure the Run Mode z Settings Kaspersky Anti Virus 2010 Protection Fie Arb Virus Mial Arai Wirut Configure Pi Scan settings Secunty lave CUA ET tecuriy vet Pecomameniked E Wet Arti virus oS IM anii wiris Optra protection Spercerishe for meet utes I Wuinerabitty Scan Action Orton deiechon Select action autonaticalhy es Select acion suborusiically D Select action O Reports end Storeges p Feedback E Aepearance FA Gaming protle Ruk mpd Tetea Ewery T day e at 1200 AM Scan scope Eci ete Deleu beval Hep Renton Select Manually under Schedule and confirm with OK to deactivate automatic virus scans pt Full Scan Scope Additional Run mode Schedule User account Run task as Rohde amp Schwarz Malware Protection White Paper 18 Anti Virus S
11. ment Full System Scan or run a custom scan of drives folders and files Custom Scan oo Full System Scan Full System Scan Total Bens slanned Toll security risks detecten ww Total secutity Fiske resnim Total items that require attention When the scan process is complete click on Finish to close the dialog Rohde amp Schwarz Malware Protection White Paper 15 1EF73 Oe Anti Virus Software 4 2 Kaspersky Anti Virus 2010 This section describes the installation configuration and use of the anti virus software Kaspersky Anti Virus 2010 on R amp S instruments 4 2 1 Installation Install the Kaspersky Anti Virus 2010 software on the instrument as described in the vendor s manual is Kospersky Anti Virus 7010 Kaspersky L_ Qustom installation Welcome to Kaspersky Anti Virus 2010 Setup Wizard This wizard wil instal Kaspersky Ant Virus 2010 9 0 0 736 on your computer We advise you to cose al other appicatans before continuing Click Next to continue instalator Click Cancel to exit Setup Wizard Salect Custom instalation if you want to change settings during the installation recommended for advanced users After installation completes you should start Kaspersky Anti Virus 2010 to connect to the Kaspersky server to get the latest virus signatures and program updates 4 2 2 Requirements Kaspersky Anti Virus 2010 has the following requirements e 300 MB Free space on t
12. the user should control when the update process runs so that it does not occur when the instrument is in use 5 5 Viewing installed Updates Installed updates can be viewed via Windows Start gt Control Panel gt Add or Re move Programs Currently metalai progres ard updates fF Show updates Swt bry Hare JE Aeri ep ee l 3 fel intek At Graphics Media Accelerator Crier E intelR Nebeork Conmections 14 7 29 0 Ie M jil MEMU A0 SP2 Parser and SE Soe LZM J MSXML 6 0 Parser Sr LMD 4 ASML 4 0 Ste Sra 4 9 8 jG Windows Update Agent Instaliation Soe AEM PS Windows KP Sotware Lipslotes ff Update For Windows 3 EEGI Bf Security Update for Windes HP EIS6 744 Instafled Cn 1 16 2000 fF Security Update for Winches SP KB60359 Instaded On 1167010 fr Security Update for Windows AP KERZ3561 Installed Oe 1 1 afand ir Security Update for Winders 2P EST S507 Installed On 1 16 2000 E Update for windows 3P RDSTSISL5 Instat itn iega iP Security Update for Windges XP KES 1549 esed On ieoa if Security Update for windami KP KESTLOST Installed On LEON e Make sure that the property Show updates is selected in the dialog box 1EF73 Oe Rohde amp Schwarz Malware Protection White Paper 31 1EF73 Oe Related Documents and Links 6 Related Documents and Links e NSA Security papers http www nsa gov ia guidance security configuration guides e News about Security threats http www securityfocus com
13. to keep them free from malware Use your computer and your anti virus software to scan the USB storage devices be fore inserting them into a R amp S instrument 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 9 1EF73 Oe Anti Virus Software 4 Anti Virus Software As with personal and business computers users must take appropriate steps to protect their instruments from infection Beside the use of strong firewall settings and regularly scanning any removable storage device used with a R amp S instrument it is also recom mended that anti virus software be installed on the instrument While Rohde amp schwarz does NOT recommend running anti virus software in the background on access mode on Windows based instruments due to potentially degrading instru ment performance it does recommend running it during non critical hours at least once per week Today s anti virus software requires a significant amount of system resources both hard drive space and memory consumption Therefore some instruments may not be capable of installing or running anti virus software due to limited resources Other op tions in that case are to scan these instruments with software run from a USB thumb drive or to mount these instruments as a drive on the network and scan them from another computer with anti virus software These options will be detailed later Note The following sections are intended to highlight recommendations for
14. update service to automaticaly update computers on your network Ths 22ttng lets you specdty a server yi 9 Windows Media on your network to function as an Windows Mowie niena update service The I Windows Wipdat Automatic Updates cient wil search fe Windows Update p i Do not display Install Updates and Shut De a N Do not adjust default option to Install Lind ra Configure Automatic Updates b hi T hapi Tanet TOOTE UDONG oa r amp i Oe Enable chent side targeting oe Reschedule Automate Updates scheduled Dh Mo aubo restart with logged on users for sc Fy Qubomatic Updates detection frequency iw Alko Automati Updates immediate instali Delay Restart for scheduled installations he Re prompt far restart with echeduied instal i Allow non admintrators bo racea update Py Enable recommended updates via Automat z Enabling Windows Update Power Managem Ek Allow signed content from mbranet Meroe this service for updates that apply to oo oy x the computes on pour nebrrork i System iiaia y Extended Standard First click on Enabled then specify the server name within the company s network to be used for detecting updates Specify intranet Microsoft update service romp Seting Explain Set the intranet updale service for detecting updates Set the iniranel statistics servar exemple http intranetUpdi Supportedon Windows Server 2003 XP SP1 20
15. 00 SP3 Note Make sure that automatic updates are enabled as described in section 5 1 Rohde amp Schwarz Malware Protection White Paper 30 Windows Patches and Updates 5 4 Configuring Automatic Updates Configuration of automatic updates is very flexible For example updates can be scheduled to a specific day and time notification to the user can be activated etc The automatic update settings can be managed via Windows Start gt Control Panel gt Automatic Updates Automatic Updates Windia can regularly check for important updates ang inated them for you Turning of Automatic Updeles may aufomatcaly update Winders Update Sottware first before any ole updates re ee e m Automatic recommended Aiiomaitically dqwn ioad recommended updates tor my computer and inertall them C Downoad updates for me but let me choose when bo install ther Sotity me but dont sutometicaly download or insted them Turnott Automatic Lipdates Sigur computer veil be mire vulreratie unless you ratal upises ragulsrhy inata updiaies trom the Wingioys Lipciate vat gi Lc aa For R amp S instruments Rohde amp Schwarz highly recommends the use of the Notify me configuration where confirmation from the user is required before download and installation Download of updates and installation can cause performance degradation on the instrument during that time and may require a reboot Therefore
16. A 1 888 837 8772 from outside USA 1 410 910 7800 CustomerSupport rohde schwarz com East Asia 65 65 13 04 88 CustomerSupport rohde schwarz com Rest of the World 49 89 4129 137 74 CustomerSupport rohde schwarz com This white paper and the supplied programs may only be used subject to the conditions of use set forth in the download area of the Rohde amp Schwarz website R amp S is a registered trademark of Rohde amp Schwarz GmbH amp Co KG Trade names are trademarks of the owners
17. Malware Protection White Paper Rohde amp Schwarz recognizes the potential risk of computer virus infection when con necting Windows based test instrumenta tion to other computers via local area net works LANs or using removable storage devices This white paper introduces measures to minimize malware threats and discusses ways to mitigate risks while insuring that instrument performance is not compro mised The paper discusses the use of anti virus software with recommended configuration settings It also outlines how to keep the Windows XP operating system properly updated through regular installation of OS patches E EEE Malware Protection White Paper Jochen Wolle 06 2010 1EF73_0e Windows Based Instruments Table of Contents 1 Windows Based Instrument cccccccscssssesseseeseessesseseessesseseeseeseessesensenssnsensensanss 4 Me OME setae eee es E sets ts os Sak Sane nua tem ac orieee sc a 4 1 2 Computer Virus Control Programm wiiecsieciedecsiscees sectecctex viesssntehideancontewsacstbucesctccuueaeetvecsssnceussssuncwouseuess 4 1 3 Preventative Maintenance Considerations cccccceceeseeeeeseeeeeeeeeeeeneeeesseeeeneeeeeseseensessenessoenensees 4 T4 ISON PACING CO ING aistcravhce sco cecs soc aeacotesracie a tases Sak cet naa neem a a a 5 2 Firewall Seting sirpis E EE aS 6 21 Firewall Port Configuration sisone a a a a a a EE EEE 6 22 Changing Firewall Settings aa a aa a a aAa a Aaaa
18. an for Viruses on Demand To start LiveUpdate for the virus signature database and the anti virus software on the instrument you need an Internet connection Double click on the Norton Antivirus icon in the system tray to bring up the main dialog 11 554 Monday f ety ke Ee Gy ey g VY Secure ag baad fright Protection Detail Hiahia A Qugragnine Aintree Irri rayne E JOHAR Pralociion Bun Lave o ciate CPU Nerton Yuin bit Protein inirusion Prereminn Birhan Sabet i Email Protection Browse Protection Download intelligence You hive 30 days of subscriplion pemaining When LiveUpdate is finished press the OK button CY norton LiveUpdate x Norton LiveUpdate Help amp Support Norton LiveUpdate is in progress 4 Check for updates Completed C Download updates Completed Q Process updates Installing update 5of9 erivacy Policy mE Lk Lo Once the virus signature database is updated you can start the virus scan process 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 14 1EF73 Oe Anti Virus Software To start the virus scan process press Scan Now in the main dialog E lil A pre h z Sete Lili Secure You hma 20 days of subscription remaining himi i iberia EENE ei mars sein yaa smire Oe e rmn n m pikk Noi completed Ned completed You han 33 days ef aubecriplianremaining Erle You can either scan commonly infected areas Quick Scan scan your entire instru
19. can be done from a USB thumb drive 4 5 Scanning Instruments from another PC Before scanning with anti virus software from another computer the instrument has to be mounted as a drive on the network Note Scanning instrument hard drives remotely has some limitations and should only be used if the other options are not available only visible files can be scanned mem ory and processes will not be scanned and a rootkit can completely hide itself 4 5 1 Share Drives of the Instrument Connect the instrument to the network Check for the instrument s computer name and Workgroup This information is needed later on to scan this specific instrument from your PC To view these settings use Windows Start gt Control Panel gt System and select the Computer Name tab in the dialog System Properties x System Restore Automatic Updates Remote General Computer Hame Hardware Advanced Windows uses the following information to identity your computer on the network Computer description ar example Kitchen Computer or Mary s Full computer name F5x U00000 Workgroup WOAREGROUP To use the Network denthication Wizard to join a Network ID domain and create 4 local user account click Network ID To rename thie computer or join a domain click Change Change Cancel soe In this case the instrument s computer name is FSx 000000 and is part of the work group WORKGROUP 1EF 73 Oe Rohd
20. ck on the Microsoft Security Essentials icon in the system tray to bring up the main dialog 1146 4M 7 L J Wednesday Select the Update tab in the main dialog and then press Update to start the update process Vii sel Secur y Essentials Cemputer status At risk 1 Virus spyerare definitions status Cannrect ice tiled Microsoft Secunty Estontials wan t sole complet the vite A spyware conons wocata on 2 10 2010 ILAS AM Mabe sure your computare connected ta tha rtemet and try again Update D Did you know Vue spy sare definan are filet that Microst Sacunty Essenhas une ta idettite malicious or potentially Hasnted sofware on yaur computer i i VOUS uid lem eg ara caimipone ue to cate to ep protest your computer aganti tho tatept threats Vii Secur Essentials Computer status Protected iE Wistary TD Sethings Ricroooft Secunty Essentials ianitering your com dutee aral helprig to protect it E Fial D custam faa time protachoar oO G r F Scan now A Wine apywars datniticm Up bo date oO Sohediiled soon sittings Nett scan munday arand 9200 AM Guick anon Change my scan schedule Other options for virus scanning are Quick Scan or Objects Scan Rohde amp Schwarz Malware Protection White Paper 22 Anti Virus Software 4 4 Scanning from a USB thumb drive There may be instruments that do not have the resources to have anti virus software installed For these instruments scanning
21. d Updates 5 3 Instruments connected to a Windows Update Server Many companies have a Windows update WSUS server running on the network If an instrument is connected to the network you can configure it to use the WSUS server for Windows updates Please contact your IT department or system administrator to set up the update configuration of the instrument in compliance with your company pol icy You can control or change the WSUS client settings on the instrument via Windows Start gt Run and then enter gpedit msc to start the group policy settings Navigate in the pane to Computer Configuration gt Administrative Templates gt Windows Components gt Windows Updates Scroll to and double click on Specify intranet Microsoft update service location to start the settings dialog Ta Group Policy fie Action Wew Help G S amp Local Computer Policy 5 fi Computer Configuration 2 Saltware Settings al O Windows Settings Administrative Template z 4 Windows Componer E NetMenting C Application Cor J Event Viewer E Internet Inform D Securty Center JJ Task Scheduler E Terminal Service D Windows Explor E Windows Install E Windows Messa service location Dismay Properbes Requirements Description E Windows Media Specify intranet Microsoft update Windows Server 2003 WF 51 So ppg pedhes an miarnet sever fo host updates from the Merosoft Update Web sites You can then use this
22. e amp Schwarz Malware Protection White Paper 23 Anti Virus Software Start the Windows Explorer on the instrument and expand the folder My Computer to see all the drives Right click on Drive C to open the context menu and select Sharing and Security i My Documents File Edit View ae Tools Help Folders fa Desktop E B My Documents ah My Music My Pictures El a Me Computer H E3 Drive Drive Explore cont Open i Shar Search instr El gJ My Net 4 E Entir fal Recycle Elm Pictures i Default i 5 siseectees EEP Expa nd Sharing and Security In the dialog which opens up select New Share to enter a name e g DriveC and confirm with OK My Documents Po PTS fou can thare thit folder with other users on your eyes To enable shanng fot thit folder chek Share this Do not share this folder Shae name Ct z Comment an o User init Maamum alowed C Aey this number of usert a Ade Fd m T Share name Drivel gt Comment Ponce Permissions User lirit To set perm ssions for users who access this Perm sion folder ower the network chek Permissions Fire oaomsiaiizir accel Caching a Windows Firewall will be configured to allow this folder to be D sini walhi ihar compita oni iinet i Maximum allowed Allow this number of users The symbol for Drive C should now have changed to the
23. ee Deactivate both Automatic LiveUpdate and Pulse Updates in the Computer Set tings dialog fittings Settings pa Computer Settings Scan EXusearns Gigna Ecis Wta Petria be Sini Pell nnanc Proiles Real Tiree Protacikai amlismvare Ault Princi Caching Eat Load Removeable Media Stan BONAR Fibection BONAR Avanci koga E Aimat Ferma Advanced Detachons Aulormvatically iT Ramowy Aceanced Geiacions Si am vaar E iri Upstaies Aahenaiy loweLpdatn Pulse Undatee Hetwork Settings Mitcallanecus Settings Save the settings with OK 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 12 1EF73 Oe Anti Virus Software The final step of the configuration is to deactivate automatic virus scans Bring up the main dialog as in the steps above and select Run Custom Scan Select Scan scheduled to modify the list of scheduled virus scans cans Scans Selectan item to launch a secan Full System Scan zi Drive Scan Folder Scan File Scan Scan scheduled Delete entries in the schedule dialog until the drop down box is empty This deactivates any automatic virus scans Schedule Task Start time eekly P E200 PM Schedule Task Weekly Every 4 l weektsiorm hon Sat Tue C Suni C Jed Thu C Fri Show multiple schedules Rohde amp Schwarz Malware Protection White Paper 13 Anti Virus Software 4 1 4 Update Virus Signatures and Sc
24. ewall has blocked ey ome features of thie program Do you want to keep blocking this program Nams AOL Instant Messenger Publisher Amenca Orima Ina sk Motater_ Windows Firewall has blocked hie program from accephng connections from the Intemet or a melo pon recognae the program or ine the publisher youcan unock Ay i ki To unblock the program click Unblock in the Security Alert dialog box You can find a detailed description for firewall setup and configuration at http support microsoft com kb 875357 en us 1EF73_0e Rohde amp Schwarz Malware Protection White Paper 7 USB Devices 3 USB Devices USB thumb drives and removable hard drives are now common throughout the work place as they have considerable storage capacity and can be used to store instrument settings measurement results hardcopies etc in a very convenient way However they also introduce new problems a large number of viruses trojans and other mal ware infect computers via USB storage devices Once an infected USB drive is plugged into an instrument the malware on it can spread through the whole network 3 1 Disable USB Autorun Function Generally viruses that propagate via USB drives use the autorun function of Win dows as it does not require any user confirmation and runs silently in the background R amp S instruments are preconfigured with the Autorun Autoplay function disabled This prevents any malware from automatically execu
25. he instrument s hard drive e 256 MB Memory e Windows XP SP2 or later Make sure that as a minimum Windows XP SP2 is installed on your R amp S instrument Refer to the instrument s manual for how to check the current OS version If its based on an older version contact your R amp S representative for update possibilities For many instruments R amp S provides an instrument recovery DVD with the latest OS version to re image the instrument s hard drive During a virus signature program update or a virus scan two processes both named avp exe run on the instrument and occupy up to 320 MB of memory Therefore Rohde amp Schwarz recommends that the firmware on the instrument be stopped before starting updates or a virus scan Refer to the instruments manual for how to stop execution of the instrument s firmware Rohde amp Schwarz Malware Protection White Paper 16 1EF73_0e Anti Virus Software 4 2 3 Deactivate Automatic Updates and Virus Scans Kaspersky Anti Virus 2010 needs an Internet connection and administrator rights in order to be executed The updates are downloaded from the Kaspersky server or from a proxy server in your company Contact your IT department or system administrator for details on your company s policy Configure virus definition updates and virus scans to be executed on demand to avoid degradation of the instrument s performance Double click on the Kaspersky Anti Virus icon in the system tray to b
26. he spread of computer viruses e Strict virus control protocols have been established in manufacturing service support sales distribution and demonstration environments This includes the use of isolated LANs scanning of instruments and removable storage devices and or re imaging hard drives as appropriate depending upon instrument con figuration e Procedures have been established for all Rohde amp Schwarz employees who come in contact with customer instruments to reinforce anti virus security pro tocols This includes all personnel from manufacturing service support sales and distribution 1 3 Preventative Maintenance Considerations The steps described above help to guarantee that any instrument from Rohde amp Schwarz will be virus free when delivered to the customer From that point on it is the user s responsibility to ensure the security of the instrument Before connecting the instrument to your company s network please consult with your IT department or system administrator to determine what specific policies apply Re member that the instrument appears to be a standard computer to the network Follow your company s policies with regards to computer security and virus protection Rohde amp Schwarz Malware Protection White Paper 4 1EF73 Oe Windows Based Instruments It is also important to update both the virus definitions and operating system regularly Rohde amp Schwarz recommends checking both virus def
27. initions and operating system updates in addition to scanning the instrument for any malware at least once per week Be sure to always update the OS and anti virus definitions if advised to do so by your IT department or system administrator The following steps should be taken to ensure the instrument s operating system is protected e Use the Internet firewall on the instrument e Scan all removable storage devices e g USB thumb drives that are used with an instrument regularly and deactivate the Autorun Autoplay function to pre vent inadvertent execution of malicious code from these devices e Install the latest Windows patches and updates on the instrument e Scan the instrument regularly with anti virus software and keep virus definition files updated It is NOT recommended to run anti virus software in the back ground on access mode as this will impact instrument performance signifi cantly 1 4 User Admin Account Windows requires that users identify themselves by entering a user name and pass word in a login window In general R amp S instruments provide a factory installed auto login function i e login is carried out automatically during the startup of the instrument The factory default for this auto login function has administrator rights with unrestricted access so that printer installation and network configuration are possible For many instruments you can set up two types of user account either an admin
28. istra tor account with unrestricted access to the instrument OS or a standard user account with limited access You can manage the accounts via Windows Start gt Control Panel gt User Accounts Refer to the instrument user manuals for more information on how to change or add new users and on how to de activate the automatic login E control Panel File Edit View Favorites Tools Help i Search i Folders gt G Control Panel Pick a category tc T yoa Appearance and Theres J Printers and ther Hardware e oe oo Ligier Abcounts E yF E Add or Renee Date Tine Language g Prog and Regional Optirna IF Sends Speech and 5 r audio devices Accessiblity Options Performance and i i Cenk lt 7 Maintenance ey Security Center Note Changing firewall settings installing and configuring Anti Virus software and Windows updates require unrestricted administrator rights Rohde amp Schwarz Malware Protection White Paper 5 Firewall Settings 2 Firewall Settings With Windows XP SP2 and later versions a firewall can be used to protect a computer or instrument against attacks from the network R amp S instruments are shipped with the Windows firewall enabled and preconfigured Having the firewall activated on the in struments is helpful even when you use the instruments within your company s pro tected network With the number of worms viruses and other malware circulating on the Internet today it is
29. ntauceneettelaticdeetitielere eatin vaettoulabes 32 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 3 1EF73 Oe Windows Based Instruments 1 Windows Based Instruments 1 1 Overview Rohde amp Schwarz is dedicated to ensuring that all R amp S products are shipped virus free Instruments that run Windows operating systems should be protected from mal ware just like any other PC Users are strongly advised to take measures to protect their instruments such as using anti virus software and installing OS patches and up dates on a regular basis It is highly recommended that you work closely with your IT department or system administrator to ensure compliance with your company policies when connecting instruments to your company s network 1 2 Computer Virus Control Program Rohde amp Schwarz recognizes the potential risk of computer virus infections on Win dows based instrumentation which are connected to local area networks LANs Rohde amp Schwarz has established processes within the company to take all reason able precautions to prevent the spread of viruses from instruments to our customers computers and networks e All computers used within Rohde amp Schwarz that may be connected to instru ments destined for customers are equipped with centrally managed firewall and anti virus software and maintain the latest virus definitions Computers and removable storage devices are scanned regularly to prevent t
30. oftware 4 2 4 Update Virus Signatures and Scan for Viruses on Demand To start updates for the virus signature database and the anti virus software on the instrument you need an Internet connection Double click on the Kaspersky Anti Virus icon in the system tray to bring up the main dialog bod AM Co Thursday To start the update process select My Update Center on the left hand tabs in the main dialog and then Start Update F Pe Kaspersky AntiVirus 2010 ine x Ian Ty Diaramine pj Report Setimai Anti Virus AUT aN Yani oon et rik ms m U My Protection Update Center Sequiee uodales of year Kaipersky Arteri Galabases and program mies apputea E mosi Pe Prminnhor ci poar conge hie efiech ang Comme seoiecton Databases status up to date I i Scan My Computer Ooiabades risana dite HENT E a i 7 Ves end comet cam Threat types Toia Databasen release date Blaa May Mao TE A Pri a E r 2AA tt S000 AM en Maick argin 152 TAOS aA pD AM My Update ter Riiga tor secur ty myy a Pri IPARO tt Ce 00 AM Hedana dataineo art il wheels i i appizaihon moji ry Ahihi in for beetle J pinischem a aa em Ihip My Kaspersky Acoiuni Supper Linense T days lerianimng To start a virus scan select Scan My Computer on the left hand tabs in the main dia log and then Start Full Scan a pz Kaspersky Anti Virus 2010 as A eats i q7 ieme p Report Setting Kaspersky z Anti Virus 2010 A N Your computer ts
31. on If it s based on an older version contact your R amp S representative for update possibilities For many instruments R amp S provides an instrument recovery DVD with the latest OS version for re imaging the instrument s hard drive During LiveUpdate or a virus scan two processes both named ccSvcHst exe run on the instrument and occupy up to 270 MB of memory Therefore Rohde amp Schwarz recommends that the firmware on the instrument be stopped before starting LiveUpdate or a virus scan Refer to the instruments manual for how to stop execution of the instrument s firmware 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 11 Anti Virus Software 4 1 3 Deactivate Automatic Updates and Virus Scans Symantec LiveUpdate needs an Internet connection and administrator rights in order to be executed The updates are downloaded from the Symantec server or from a proxy server in your company Contact your IT department or system administrator for details on your company s policy Configure LiveUpdate and Scans to be executed on demand to avoid degradation of the instrument s performance Double click on the Norton AntiVirus icon in the sys tem tray to bring up the main dialog 11 55 4M Monday E T rey a ey b aring Fap JECHT Eca oomme iiie maar scan goui eine Ce a i A gil atah af abe Er via fetta thle Lasi rom 20 Lied ruin 2A OA Wou hma 30 daya of subecripiion ramaring Eee n
32. pe Desktop egy Music File Folder E My Documents Amy Pictures File Folder Gey My Music vm Defautt rdp OKB Remote Desktop 4 My Fickures l desktop ini OKB Configuration Sel H a My Computer H amp 4 My Network Places Ti Recycle Bin 1EF73_0e Rohde amp Schwarz Malware Protection White Paper 25 1EF73 Oe Anti Virus Software In the Map Network Drive dialog map the first shared drive e g DriveC of the in strument as a network drive e g N on the control PC You can use Browse to find the complete network name of the shared drive e g FSX O000000 DriveC in the network tree Click Finish to complete the network drive mapping In this example the instrument drive C is now mapped to drive N on the control PC Map Network Drive E J I Ed Windows can help you connec to a shared network Folder and assign a drive letber bo the conmection so that you can access the folder using My Computer Specify the drive letter for the connection and the folder that you wart to connect to Drive n ex WES 000000 Drivel Browse Example Wserverishare Reconnect at logon Connect using a diferant user nanma Sign up For online storage or connect bo network server Cancel Repeat these steps for any other instrument hard drives and map them to free drives on the control PC q ae PA eee 4 BECK E To scan the instrument s hard drive start the anti virus software on
33. protected Wi OE oer appiecalim a iatale Scan your computer Dosi Woot Cingar fer he sresenie Sf ares Tope wore EPpy Wee sifas vukeribities And ehar Tredlk i J Scan My Computer a Fi and Cong N z 7 p Start Quick Scan E ar ie J My Update Center k ne sppbcsihiary irackie hierer started Security e 2 We Documenta co My email Stetina loqk Few bata 7 sae DRIVE 1 probiciion af pirun pampuhe T Me i oii F x p Open Vulnerability Scan wired Sos weer cimous and theedeparty sofware ior yuieribiieg Hiap By perky Aocourt Support License 30 tars remaining R Forchase birre Other options for virus scanning are Quick Scan or Objects Scan 1EF73_0e Rohde amp Schwarz Malware Protection White Paper 19 1EF73 Oe Anti Virus Software 4 3 Microsoft Security Essentials This section describes the installation configuration and usage of the anti virus soft ware Microsoft Security Essentials on R amp S instruments 4 3 1 Installation Install the Microsoft Security Essentials anti virus software on the instrument as de scribed in the vendor s manual No Internet connection is necessary to complete the installation a Microsoft Security Essentials Completing the Microsoft Security Essentials Installation Wizard You ve successfully completed the Microsoft Security Essentials Installation Wizard ish to complete the installstion Microsaft Security Essentials t automatically and
34. ring up the main dialog 6 54 AM Thursday Click on My Update Center To deactivate automatic virus program updates select Manually under Start update gt Run mode m 7 d Kaspersky Anti vines 2010 s cy Ciam a Repat i Seia Kaspersky at Anti virus 4010 ry Your computer si urity is at risk Update Center Segui asiast of yaur Casper bot Woe chee nd pragen Peed eres Pe eet shechve ged como protection Databases status blankete Ditaisns Pease daje 142088 1d 00 Al Theat type Telae ities palinas hanes Mayara NIAS TOS 14k oo AM Phasharey tiers 1 Aa 1 E PRA My Update Center Miiri piia LEE TRATI FDD AM Rued for mecuriby analysis TEE Tieu 2000 SH LI palais ctrl Me ie ep pscos bor iiie Start update Sires E ae fy a u j i ig t Run soje quis h Pinecian of par Come as V Every day s at 12 00 AM Selungs Hig Biy Kaspersky Accouml Support License 30 lays remaining log ee Kaspersky Anti Wines S010 p oy Chaam ap Re aut Kasparsky Anti Virus 2010 Your computer is protected 1 Teal yerim ef ine application la metallet My Protection Status SSeS ae re BOS Yee COMET ee Tea ooo grees ooo andl Ge BOWES Secure Boose io ne cabot Files and private data l DD ae SCTE CORRE Me kui ptn Eres Credit cart miimi asd Tare Praslin af pa compiles LA My Protection lee ete oompa sean System and applications r My Update Center i Germing priam fies ace appicabice
35. s Server Update Services WSUS inside the corporate firewall which synchronizes content directly with Microsoft Update and distributes updates to client computers and instru ments Rohde amp Schwarz Malware Protection White Paper 27 Windows Patches and Updates 5 1 Installation and Configuration of Windows Update Agent Most R amp S instruments are based on Windows XP Embedded which is a customizable version of Windows XP Professional The OS is scaled and optimized to the require ments of the specific instruments Therefore in many cases the Windows update ser vice has to be separately installed on the instruments Download the Windows Update Agent installer WindowsUpdateAgent30 x86 exe from the Microsoft web site http go microsoft com fwlink LinkID 100334 and copy it onto a USB thumb drive The installation is straightforward and does not present criti cal installation options The Windows Update Agent installation steps are listed below e Press CTRL ESC or click Start to bring up the Windows Start menu and then start the Windows Explorer e Select the directory on the USB thumb drive where the Windows Update Agent installer is located e Start the installation by double clicking on the EXE file e Read and accept the license agreement by pressing the Next Button e Follow the installation wizard to finish the installation To configure the Windows Update Agent settings select Windows Start gt Control Panel and
36. symbol for a shared drive iS Repeat the procedure for any other drives e g drive D and E of your instrument This enables a remote virus scan to access all drives of the instrument 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 24 Anti Virus Software 4 5 2 Mapping Drives and Scanning for Viruses Open the Windows Explorer on your PC and expand the folders My Network Places gt Entire Network gt Microsoft Windows Network gt Workgroup Note that Workgroup might be a different name if you used a different name in the workgroup configuration Click on the computer name of the instrument you want to scan e g Fsx 000000 in this example You will be prompted for a user name and password Enter User Name and Password see the instrument s manual for these settings laj x G My Pictures 4 My Computer El a My Network Places User name FSx 000000 instrument E K Entire Network i i i Microsoft Terma Password FPPFFFF Microsoft Winde E gly Rent Remember my password gy Workgroup a e The folders of the instrument will appear in the right hand window Select Tools in the menu bar and then Map Network Drive E My Documents E o x Fie Edt view Favorites Tools Help a ar Pim ce ee ee Map Network coe E r O O 0L Z X m Address 3 My Documents Synchronizes EJ B Folders Folder Options Size Ty
37. te website and associated update server Instruments using Windows especially those that con nect to a network should be updated regularly Note that Microsoft Update supersedes Windows Update which was for Windows based products only The following sections describe the installation of the Windows Update Agent and its configuration This enables the instrument to download and install the latest Windows patches and updates Make sure that as a minimum Windows XP SP2 is installed on your R amp S instrument Refer to the instrument s manual for how to check the current OS version If its based on an older version contact your R amp S representative for update possibilities For many instruments R amp S provides an instrument recovery DVD with the latest OS version to re image the hard drive of the instrument Note Its NOT recommended to upgrade an instrument from SP2 to SP3 with the Mi crosoft Update service or by manual installation of a standalone service pack execu table For most instruments re imaging of the OS is necessary In general there are two scenarios for instruments using the Microsoft Update service e The instruments are permitted access to the Internet and download updates directly from the Microsoft Update server e The instruments download updates from an update server in your company Microsoft Update Firewall WSUS server In the second scenario system administrators set up a server running Window
38. the control PC Se lect one of the mapped drives of the instrument and run a virus scan Please refer to the anti virus software s user manual for how to scan a network drive In order to return the instrument to its original state the drive sharing on the instrument has to be removed Start the Windows Explorer and expand folder My Computer to see all drives Right click on Drive C to open the context menu Select Sharing in the properties dialog Address Gereral Tools Hardwae Sharing Secuity Quote Folders You san share this laide with other users FH oe hezin To enable chaning for this folder ikk Shave this Do not thare thie folder f Share this falder 4 Share name C User lint E Maimun alowed I Allew the number of irere To set petmistions for users who aocess e Pamase folder ove the netwerck chek Perersions To configure seting tor offline access cick i Fiale E F Ge it Expand the Share name list and select DriveC then click on Remove Share or on the radio button Do not share this folder Finally click OK to remove the drive sharing Repeat these steps for any other shared drives if applicable Rohde amp Schwarz Malware Protection White Paper 26 1EF73 Oe Windows Patches and Updates 5 Windows Patches and Updates Microsoft regularly creates security updates and other patches to protect Windows based operating systems These are released through the Microsoft Upda
39. then Administrative Tools gt Services and double click on Security Cen ter to bring up the settings dialog D4 Services a O x File Action wiew Help Sif SB Qm gt si Siy Services Local 4 Services Local Security Center Name Description Status a Sa Remote Registry Enables reni Started stop the service Sa Removable Storage Restart the service Ss Routing and Remot Offers rout S Security Accounts Stores secas Started Description essecurity Center Monitors s Started Are are security settings and By Sekundare Anmeld Ermaglicht Started Sy Server Supports Fil Started ay Shell Hardware Det Provides m Started Sa Smart Card Manages a ity SNMP Service Includes a Started SBa SNMP Trap Service Receives tr fy SSDP Discovery Ser Enables dis Started its Still Image Service System Event Notifi Monitorss Started System Restore Se Performs 5 Tack Sehediidear Easkle 3 N Extended 4 Standard 1EF73 Oe Rohde amp Schwarz Malware Protection White Paper 28 Windows Patches and Updates Select Automatic as the Startup Type and press Start to start the service Security Center Properties Local Computer General Log On Recovery Service name WSCC Display name Securty Center Monitors system security settings and Description i figurations onfigurations Path to executable COWWINNTSystems2eychostiexe k netevce
40. ting itself from a USB drive You can control or change the settings using the Group Policy editor If the instrument is used on a corporate network and is a member of the network do main then Group Policy settings can be configured centrally by your IT department or system administrator e Click Windows Start gt Run and then enter gpedit msc to open the group policy settings e Go to Computer Configuration gt Administrative Templates gt System scroll down and double click on Turn off Autoplay to start the settings dialog ax Setting Exsiain EN Tum off Autoplay Sunpoted on Al least Miorot Windows 2000 e Click on the Enabled radio button then from the Turn off Autoplay on drop down list select All drives to prevent any program from automatically execut ing from any USB drive or other removable media 1EF 73 Oe Rohde amp Schwarz Malware Protection White Paper 8 USB Devices e Note If System is not listed a settings template needs to be added Right click Administrative Templates and choose Add Remove Templates In the dialog click Add and select system adm Click Open and Close to re turn to the main window You can find a detailed description of the autorun function if required at http support microsoft com kb 967715 en us 3 2 Scan USB Devices Rohde amp Schwarz recommends scanning USB thumb drives and removable hard drives with anti virus software on a regular basis
Download Pdf Manuals
Related Search