Siemens and Microsoft Collaborate to Resolve Antivirus Issue Impacting Simatic PCS Systems
Siemens has informed its customers that it is working with Microsoft to resolve an issue affecting Microsoft Defender Antivirus and Simatic PCS products.
In a recent advisory, the company explained that the problem lies in Defender Antivirus lacking an "alert only" mode. According to Siemens’ documentation for its Simatic PCS 7 and PCS Neo process control systems, there are configuration options meant to specify threat alert levels without triggering automatic actions when malware is detected.
Currently, if the antivirus is set to "ignore," it does not take any action or generate alerts, leaving plant operators and administrators unaware of potential threats. On the other hand, if another setting is chosen, Microsoft Defender may delete or quarantine files flagged as malware, including false positives. This can cause critical files to be removed, potentially disrupting plant operations.
Siemens warned that this could result in devices becoming nonfunctional, which may lead to the loss of plant monitoring and control capabilities.
While a permanent solution is still being developed in partnership with Microsoft, Siemens is advising plant managers to perform a thorough risk assessment. This will help them decide whether to prioritize receiving malware alerts or avoid disruptions caused by automatic file deletions.
As a temporary workaround, Siemens recommends grouping affected devices and applying tailored configurations to each group based on operational requirements and risk tolerance.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
