You are on page 1of 3

Kaspersky Endpoint Security 10 and

Rockwell Software CPR9 SR6


Test Results

Date: 10/31/2013
The purpose of this notification is to document the test results and potential issues that exist with
Kaspersky Endpoint Security 10 and the following Rockwell Automation software packages
(CPR9 SR6):

FactoryTalk Activation Server v3.60

FactoryTalk AssetCentre v5.00

FactoryTalk Historian SE v3.01

FactoryTalk VantagePoint v5.1

FactoryTalk Gateway v3.60

FactoryTalk Service Platform 2.60

FactoryTalk Transaction Manager v10.10

FactoryTalk View Studio ME/SE v7.00

FactoryTalk Viewpoint v2.60

RSLinx Classic v3.60

RSLinx Enterprise v5.60

Studio 5000 Logix Designer v21.00

All Rockwell Software listed above was tested using Rockwell Patch Qualification Tests. Patch
Qualification Tests are high-level tests that verify products perform as designed before and after
changes are made. The test cases confirm that the changes made to the operating system did not
break the functionality of the software being tested, and do not add significant stress to the
network, or operating system.

Page 2

-Test Bed EnvironmentThe CPR9 SR6 test bed consists of seven Windows 2008 R2 w/SP1 server computers and
seven Windows 7 Pro w/SP1 (64-Bit) client workstations. All computers have the latest
Microsoft Security Updates that were applicable to our test bed, and RA Patch Rollups installed
from October 2013. A list of Patches applied to our CPR9 SR6 test bed can be found at
http://www.rakb-patchtests.com/data/MS_Patch_Qualification/start.htm.
- Kaspersky ConfigurationKaspersky Endpoint Security 10 client software was installed on all fourteen computers.
Management and configuration is handled from a standalone PC running Kaspersky Security
Center.
-Initial Issues FoundDuring initial setup, the following issues were observed and addressed:
1. Kaspersky Endpoint Security Firewall
Problem: Kaspersky Endpoint Security should turn off the Windows Firewall; however in
one situation the Windows Firewall turned back on and caused Kaspersky to detect a
network attack.
Solution: If windows Firewall is ON, disable the Windows firewall using the Windows
Firewall Advanced settings dialog.
2. Firewall
Problem: Port 135 was in the Block list.
Solution: Rockwell Software products require the use of TCP port 135. Remove TCP
port from the Block list.
3. Kaspersky Network Attack Blocker
Problem: The FactoryTalk ViewPoint Server was unable to serve direct reference tags via
its Live Data Pool Gateway when the Kaspersky Network Attack Blocker was enabled.
The Network Attack Blocker also blocked communications with the FactoryTalk
Activation Server. The Network Blocker reported numerous attacks on port 135 even
though it was removed from the Block list.
Solution: Disable the Network Attack Blocker. We were unable to find a workaround
utilizing the exclusion list or by adding Port 135 to the Allow List of TCP ports.

Page 3

-Conclusion-

All qualification test cases passed without exceptions, after configuring Kaspersky Endpoint
Security 10 as stated above.
The Windows Performance Monitor showed no Memory Leaks or Memory Growth Usage Issues
in general.
As always, we suggest that before implementing Kaspersky Endpoint Security 10, the end user
should verify the setup on a non-production system or when the facility is non-active to ensure
that there are no unexpected results or side effects.