Antivirus/Antimalware
Jump to navigation
Jump to search
| Antivirus/Antimalware | |
|---|---|
| Mitigation | |
| ID | M1049 |
| NIST SP 800-53 Rev. 4 | SI-3 |
| IEC 62443-3-3:2013 | SR 3.2 |
| IEC 62443-4-2:2019 | CR 3.2 |
Description
Use signatures or heuristics to detect malicious software.
Within industrial control environments, antivirus/antimalware installations should be limited to assets that are not involved in critical or real-time operations. To minimize the impact to system availability, all products should first be validated within a representative test environment before deployment to production systems.1
Techniques Addressed by Mitigation
| Name | Use |
|---|---|
| Engineering Workstation Compromise | Install anti-virus software on all workstation and transient assets that may have external access, such as to web, email, or remote file shares. |
| Spearphishing Attachment | Deploy anti-virus on all systems that support external email. |
| User Execution | Ensure anti-virus solution can detect malicious files that allow user execution (e.g., Microsoft Office Macros, program installers). |
