Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Anti-malware Configuration

Geo SCADA Knowledge Base

Access vast amounts of technical know-how and pro tips from our community of Geo SCADA experts.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • Knowledge Center
  • Geo SCADA Knowledge Base
  • Anti-malware Configuration
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Labels
Top Labels
  • Alphabetical
  • database 32
  • Web Server and Client 31
  • WebX 19
  • Request Form 18
  • Lists, Events & Alarms 16
  • ViewX 15
  • Application Programming 12
  • Setup 12
  • Telemetry 8
  • Events & Alarms 7
  • Lists 7
  • Mimic Graphics 7
  • Downloads 6
  • Support 5
  • IoT 5
  • SCADA 5
  • Geo SCADA Expert 5
  • Drivers and Communications 4
  • Security 4
  • DNP 3 3
  • IEC 61131-3 Logic 3
  • Trends and Historian 2
  • Virtual ViewX 2
  • Geo Scada 1
  • ClearSCADA 1
  • Templates and Instances 1
  • Releases 1
  • Maps and GIS 1
  • Mobile 1
  • Architectures 1
  • Tools & Resources 1
  • Privacy Policy 1
  • OPC-UA 1
  • Previous
  • 1 of 4
  • Next
Latest Blog Posts
  • OPC UA - Driver and Server
  • Requirements for Generating a Valid OPC UA Server Certificate
  • Load Events Using LoadRecord and LoadRecords
  • Geo SCADA Embedded Component Licenses
  • Geo SCADA 2023 Known Issues
Related Products
product field
Schneider Electric
EcoStruxure™ Geo SCADA Expert

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Anonymous user
Not applicable
‎2021-06-09 04:02 PM
0 Likes
0
2516
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

‎2021-06-09 04:02 PM

Anti-malware Configuration

Originally published on Geo SCADA Knowledge Base by Anonymous user | June 10, 2021 01:02 AM

📖 Home  Back  

 

This page describes practices around security software such as anti-virus, anti-malware, XDR (Extended detection and Response), EDR (Endpoint detection and response) and other similar security software.

 

Good Practice

Like all software and operating system updates, we recommend tests in an offline environment before the deployment of security software on live SCADA systems. This also applies to anti-malware database updates because there is a risk that these updates may have errors which identify good software and behavior as bad (false positive). As a minimum, changes to redundant items in a system should be applied separately with a time allocated for problems to be identified.

 

This advice applies to server, web server and client installations.

 

Exclusions

Most security software which performs scanning of files will allow exclusions to be set up. However it may not be certain that these exclusions apply to all scanning activities, therefore we recommend testing in an offline environment to ensure that the performance and reliability of the system is not affected by file scanning.

 

The performance of Geo SCADA servers and clients may be affected by anti-malware software. We advise that you review and include file exclusions to prevent such software from read-locking essential Geo SCADA files such as the database and historic files.


Anti-malware products can cause problems with Geo SCADA unless certain exclusions are configured. The "on access" scan in anti-virus products can temporarily lock files used by Geo SCADA, either having the effect of slowing Geo SCADA down whilst it waits for the scan of that file to finish or causing the file save to be aborted resulting in incomplete database files. In addition, scheduled scans may cause a more general performance issue during a scan of the disk due to the large number of files of the Geo SCADA database having to be scanned.

If Geo SCADA is unable to successfully write to a file the database will either go into a safe state or result in the database not being saved to disk correctly, depending on the file.

Backup and archive times can be drastically improved without having anti-virus products scanning each file it needs to read from the database and write out to its new location.

 

For exclusions, we recommend excluding all or parts of the Geo SCADA database (defaults to c:\ProgramData\Schneider Electric\ClearSCADA\Database ). We do not recommend excluding the executable file folders c:\Program Files\Schneider Electric\ClearSCADA or c:\Program Files (x86)\Schneider Electric\ClearSCADA.

 

The simple approach is to exclude the entire Database folder. Sometimes custom locations are set for the different parts of the database, and these will need to be separately excluded. (Check using the Server Configuration tool, in the Locations section).

 

If you want to minimize the exclusions a little more, then these are the folders (default locations) which we strongly recommend are excluded. They include files which are read or written to under database locks, and the files can be large, so can cause performance issues if anti-malware software locks the file for a long-running scan. Some of these may not be used on your system

  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\AlarmSummary
  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\ConfigChanges
  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\DataFiles
  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\History
  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\Journal
  • c:\ProgramData\Schneider Electric\ClearSCADA\Database\Archive

Again, check whether these locations have been moved on your installation. Specific directories used on your system can be found in the Location section of the Geo SCADA Server Config tool, or within relevant object configurations in the database. Also consider adding the folder(s) you have used for database backup files.

 

There are other file locations which the Geo SCADA server, ViewX client and Virtual ViewX web server use, and we do not recommend exclusions for them. For example there are ViewX file caches, systems xml etc.

 

Under the history, journal, configuration changes and alarm summary directories, sub-directories will be created for each item that has data. If your anti-malware product does not support wildcards in exclusions, then add the entire history, journal and configuration changes directories to the exclusion list.


The above exclusions are recommended for the "on access"/"real time" scan. Scheduled scans, which are usually daily or once a week, should also have these exclusions added, if they are configured separately.

 

If you are concerned that anti-virus or other software is accessing the Geo SCADA database and causing performance issues, you can find which external processes are accessing Geo SCADA files. Use the Process Monitor utility from SysInternals. Set the filter to default, add a new filter for the path to include database locations on disk and then add a second filter to exclude "DBServer.exe". The resultant list should be blank, any entries shown should indicate other processes accessing the database's files and these may impact performance and stability


Also see Online Defragmenter Exclusions

Go: Home Back

Author

Biography

Anonymous user

Link copied. Please paste this link to share this article on your social media post.

  • Back to Blog
  • Newer Article
  • Older Article
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of