...
Expand | ||||
---|---|---|---|---|
| Update:
| |||
UpdatesUpdate 5: Newer updates to Microsoft Security Intelligence, starting at 1.403.870 (21 Dec 2023) and onwards, seem to have resolved the issue as specified by SE here: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Microsoft-Update-Testing/ba-p/279120 Please update to the latest Security Intelligence version to avoid additional conflicts. It is still recommended to follow the exceptions as specified in the Schneider-provided article here: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Anti-malware-Configuration/ba-p/278735 Update 4: Subsequent updates to Microsoft Security Intelligence are still not allowing Geo SCADA to proceed unhindered, with SE and Microsoft still working on the issue. The guidance is still to refrain from updates before 14 December and/or to establish exceptions in the security software for Geo SCADA. Please refer to the following guide for a discussion on exclusions for anti-malware software: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Anti-malware-Configuration/ba-p/278735 Update 3: Microsoft is aware of the issue and will include a correction in an upcoming update to Defender Security Intelligence. We are awaiting confirmation of the appropriate version we should watch for. In addition, Schneider Electric is working on resolving this in the December 2023 releases of Geo SCADA 2020/2021/2022 by utilizing a different digital signature on their software components. The December 2023 release will be made available as soon as possible. Update 2: Schneider Electric has updated the Microsoft Update testing page to indicate the known issue with Defender here: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Microsoft-Update-Testing/ba-p/279120 Update 1: Please review SE’s post on the official EcoStruxure Geo SCADA Expert Forum here: https://community.se.com/t5/EcoStruxure-Geo-SCADA-Expert/Windows-Defender-update-falsely-detects-some-Geo-SCADA-files/td-p/457549 Affected Software VersionsGeo SCADA releases made from December 2022 to September 2023 inclusive, including versions of 2019, 2020, 2021 and 2022. Original AnnouncementAs of Thursday 14 December 2023, AUTOSOL has been made aware of Schneider Electric EcoStruxure Geo SCADA Expert software components being flagged by Microsoft Defender XDR as malware. Specifically, “PUA:Win32/SpeedChecker”. While we are still investigating, we encourage all our customers to review their security software update process and see if it’s possible to avoid updating Microsoft Defender XDR (and the security intelligence updates) on their OT networks until we receive additional guidance from Microsoft and Schneider Electric. The consequences of the update result in the possible quarantine of the Geo SCADA Expert processes required for operation. Exclusion of the Geo SCADA install directories should mitigate this issue. However, recovery after automatic quarantining of the processes may be difficult without reinstalling Geo SCADA. RecoveryIf your system(s) were affected by this, please attempt the following:
More InformationThe specific Security Intelligence update is documented here:https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.403.485.0 Guidance from Schneider Electric will be posted on the EcoStruxure Geo SCADA Expert Forums Schneider Electric website here: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Microsoft-Update-Testing/ba-p/279120 Please see the below links for official recommendations on anti-virus exclusions on production environments: Geo SCADA Knowledge Base: https://community.se.com/t5/Geo-SCADA-Knowledge-Base/Anti-virusmalware-Scan-ExclusionsConfiguration/ba-p/278735 Geo SCADA 2022 Help File (article ‘Anti-virus Scan Exclusions’): https://tprojects.schneider-electric.com/GeoSCADAHelp/Geo%20SCADA%202020/Default.htm#ServerAdministrationGuide/Anti-virusScanExclusions.htm This post will be updated as more information becomes available. |
Expand | ||||
---|---|---|---|---|
| ||||
ACM versions 9.1 and later will automatically work with versions of Windows that have been updated with the DCOM Hardening security changes. However, ACM settings can be customized to run ACM 9.1 and later without the DCOM Hardening changes. ACM 9.1 is scheduled to be released late spring 2023. If you have ACM 9.0.X or earlier, you can also use ACM settings to run ACM in a DCOM Hardened environment. The instructions to do so are found here: ACM and Windows DCOM Hardening More information from AUTOSOL about DCOM Hardening are in the post dated 31-May-2022. Should more information be required, please contact your salesperson or AUTOSOL support. |
...