(3. Name and Employee No. of Site IT | (Coordinator (SITCO as per ISMS Policy) | 4 [ERP 5-Letter Code for Substatior |NLOR7 for Nellore 765kV) Z ‘All allotted IP Address Ranges (SAS /NTAMG Any Other) - List of Windows based Systems eg: HMI, |HMI2, GWletc ea sasenssdtiapiacn eee eee eee ist of connected neighbouring substations | (Next F including State Transco/ Others List of Telecom connectivity with Bandwi ee RLDC Connectivity on 1EC-104 Protocol If Yes: please give details of firewall, (YN) __|make and model, for this traffic Data files to be sent to Corporate Information Security Department should be namec! as per following naming structure,: XXX-YYYYY-Computer_Name-report_File_name.txt eg: SR1-NLOR7-HMI1-ClamScanReport.txt Following Reports are required for each Windows based computer: [ReportFila Name ~ [Clamscanepor. ot |Clamwyin Scan Report [Hardware information — —__Inwinfo.esy Softwares Installed i [Swiist.t, swlist64.o0, wmiclsitt TCP Connections ‘Teplis.txt EEL ng IP Address Configured ‘Routing Table1. Download unetbootin-windows-661.exe from https://unetbootin github.io 2. Right click on Unetbootin executable file and run as administrator (shown in the figure below) ese beta3. After running the executable file, select Diskimage option from the popped up window and select KNOPPIX_VB.2-2018-05-10-EN.iso (which is available to download from the intranet) file from your local drive. Select type USB drive after connecting a fresh pendrive (preferably new one or formatted one) and then click on OK. cuamsy_o8 Fietotder seveenshot Fie folder (2 Basic-Too's 16-06:20081853° Diccimage ie 408 366KB NPP ¥822018-05-106N Tee.21916 oie se7200K8 wf UNetbootn ‘Wome to ethan, he Univer Netoot neta Usage: apes b ntti | 2 ssedanrmuner one cece x teppei 0 | bavecenincronc a TSE e] Soesuatnpametacontes bet <_____ ie 4. Upon clicking on Ok, the creation of LIVE USB for knoppix would be as shown in the figure below.5. Upon completion, click on Exit, cuamay. 08 wop.a8 501 serene 106.2019 1634 bese toote ieosaais 1353 [B rrvorencvaz-ane.0s-19-64 0520181621 Bro, 8-05.29 1645, ‘Ar ebotngec the Bb! opon we OS boot nen, Feteaer Fle foler Dc image ile 405360%8 ase7200K8 6. Restart your laptop and select the USB boot option from the BIOS boot menu ~ BIOS Boot Menu can be seen through system documentation. (On HP-4430s series Notebook PC Press F9 immediately after.pressing the ON, i button), 3Insert the Basic Tools CD-DVD and navigate to the ClamWinPortable executable application file as shown below Right click on ClamWinPortable.exe and select run as Administrator as below EE omnes a ao:Biome 3 Go to Tools from upper menu and select preferences as above x secon = i ok ee ° Dveme rime rf * 2 ae Be [cae | Reem * rit : emcee | L ago. ee In General go to Infected Files portion and select Type of Scan ~>Report Only [Recommended for first time scan] ~>Remove [To be decided and recommended by Asset Management Departmen] ->Move To Quarantine folder: [Recommended for second time scan] for Quarantine option you have to Create and select that folder where you want to put ‘quarantine files.Gow. - EE select File locations tab as above, and select respective locations. -> i.e for ClamScan Location goto ClamWinPortable\App\clamwin\bin\ and select clamscan.exe ~> for FreshClam Location goto ClamWinPortable\A pp\clamwin\bin\ and select Freshclam.exe -For Virus Database Folder location goto Clamwin\ClamWinPortable\Data\ and select "db’ folder NOTE: You can customise ClamWinPortable, depending on your CD drive letter and path to your appropriate folder with write permissions. Copy ClamWinPortable_0.99.4_English_paf.exe located in Uninstalled-Portable-Apps folder on the -Basic Tools CD to a location on the healthy computer. Double Click ClamWinPortable_0.99.4_English_paf-exe, follaw the instructions to install on the healthy computer inside the chosen folder location. At that location, navigate to directory, data- >settings. Use Notepad to edit ClamWin.conf file specifying the appropriate folders of the affected PC to be scanned. Populate virus signatures contained in the three *.cvd files to data\ db directory. You can now burn the entire folder from ClamWinPortable directory on the healthy PC to a new CD. Now run from this CD. ‘Scan memory for any resident viruses as per image below. It is expected that this scan should show no virus infection.roe teat og Bho econ CEE CC Next scan all Disk drives one by one for any Virus and record the scanned report. a ° eamamen E # Boe: ESC a SH Under reports tab as above, for Scan Report File section, select a text file (You can create a new text file in your directory/ desktop ) then click OK. This is the ClamScanReport.txt file to be suitably renamed as per template, and sent to Corporate Information Security Department after complete scanning of the Harddisk(s)HwiNFO: This tool reports basic Hardware information of the system. Go to HwiNFOPortable Folder Run HwiNFOPortable application inside the HwiNFOPortable Folder = Save the Report as hwinfo.csv Softwares Installed Go to, PSToals folder on CR. Run command: -* : : CDdriveletter:\PSTools\PSInfo64 -s >> Path_to_Desktop\swlisté4.txt eg. if G is CDROM drive, then replace CDariveletter with G ». Run éommand: Cbdriveletter:\PsTools\PSinfo -s >> Path to Desktop\swlist.txt c: Run Command: Z : wmic product get name, vendor, version, InstallDate >> wmiclist.txt Active TCP Connections Go to TCPView Folder on CD a. Run Command: CDdriveletter:\TCPView\tcpvcon -c >> Path_to_Desktop\tcplist.txt‘Change to C Drive Services Running a: Run Command: wmic service list brief >> serviceslist.txt IP Address Configured: IPCONFIG /ALL >> ipconfig. txt ROUTING TABLE ROUTE PRINT >> route.txtTo transfer data from the affected Windaws Device to C to be adopted. ISD, the following procedure need 1. Use a Laptop with at least 4GB RAM. 2. Burn a USB Pendrive to make it bootable using KNOPPIX 8.2 ISO image file provided 3. Use KNOPPIX USB to boot the Notebook. Select BIOS Option USB Harddisk to boot from KNOPPIX USB, as per screen below. 4, Press Enter at the boot; prompt and wait for GUI desktop séreen to be available, 5. To make the KNOPPIX booted Notebook PC connect to SAS LAN, static IP as per IP ‘Address scheme for your substation has to be assigned to the KNOPPIX Notebook PC. Right Click icon at bottom right shown and Edit the Wired connection for IPv4 Settings as shown below,‘ke MSM ——choove Manca fom Matha ropdown Unto aly Stareto er campeters |Disttes ‘Ch Require Pv adressing or this eoneacon to complete = ons servers: search domains: [Click the Start button on lower left and follow the screen to start SSH Server as shown below. 1 ChoasejRestart KNOPPDX Desktop clamav Views Scomer BS Accessocies > Expordtraadcast Desktop |i education > @ cens/umrs connection 2 Games > install components 8 craphics > instal knopen« to Mash disk > 9 IP Tafic Analyzer > fa KNOPF rewal Programming > NOPPLC HO tall |B Sound & Video > itr Printer configuration © system ols > HF (Re) start 30 decay compiz © universal access > I foot Shel Wine >|§@ Samba Server > B Scarwmourcnewort stares Set password for root 1 Start KNOPPX emia Server Biogen > Start SSH Server @——— A® BEIGE ton mony Preferences Set a suitable password in the screen following Connect this KNOPPIX Notebook PC to SAS Network now. On the attected Windows PC Insert Basi¢-Tools CD provided in CD-DVDROM Go to command prompt ‘Change to your CD-DROM Drive (E: or F: as the case may be) Depending on whether your Windows version is 64-bit or 32-bit (See System Properties), give the following command (use 32 for 32-bit or 64 for 64-bit) scp32 file_to_be_transferred_with_path knoppix@172.X.¥.2:/home/knoppix Asample screenshot for 64-bitis shown below. Oe Pree i‘This copies the specified file from affected Windows PC to KNOPPIX Notebook. ‘Transfer all required files to KNOPPIX Notebook PC. All files are now available in home/knoppix directory on the KNOPPIX Notebook PC. After all required files are collected, next disconnect KNOPPIX Notebook PC from SAS LAN, and connect to Internet using WiFi or Static IP of the Office-IT LAN in the substation, Use Firefox browser on knoppix as the browser and send all the files by email to anand @powergridindia.com and dmkrishna@ powergridindia.com.