Grass valley anti-virus scan policy – Grass Valley K2 System Guide v.9.0 User Manual
Page 184
When installing software manually (without SiteConfig) it might be necessary to manage Embedded
Security. When necessary, you can put Embedded Security in Update mode. This mode allows you
to manually install software that is not on the whitelist. Do not confuse Update mode with the idea
that Embedded Security is "disabled". When in Update mode, Embedded Security is still active.
While in Update mode, Embedded Security keeps track of any software you run or install and adds
it to the whitelist. When you are done installing software and any required restarts, you must take
Embedded Security out of Update mode so that it can protect the system. For software that requires
a restart after installation, such as K2 system software and SNFS media file system software,
Embedded Security must remain in Update mode until after the restart is complete.
No system restarts are required for entering or leaving Update mode, and a restart does not change
the Update mode status. If in Update mode before a restart, the system remains in Update mode
after a restart. You use the Embedded Security Manager to enter and leave Update mode.
The following policies apply to the Embedded Security:
•
Use Update mode only as instructed by Grass Valley product documentation or as directed by
Grass Valley Support. Do not do any other operations with Embedded Security Manager, unless
under the direct supervision of Grass Valley Support.
•
Do not keep Embedded Security in Update mode long-term, as Embedded Security does extra
processing while in Update mode and eventually problems arise when attempting to run software.
•
Make sure that Embedded Security is not in Update mode when using SiteConfig to install
software. Update mode interferes with SiteConfig's automatic management of Embedded Security
and causes problems running the software installed.
•
Leave Embedded Security enabled for normal operation of your Grass Valley system. Do not
disable Embedded Security except as instructed by Grass Valley product documentation or as
directed by Grass Valley Support. Enabling and disabling Embedded Security requires a restart.
•
Do not install any programs or modify any operating system settings unless approved by Grass
Valley. By design, Embedded Security prevents any programs from being installed or from
running that are not present when you receive the system new from Grass Valley. These Grass
Valley systems are not a general purpose Windows workstations. The applications and
configuration have been specifically optimized on each system for its intended use as part of the
Grass Valley system.
•
While Embedded Security is the key anti-virus component on these systems, you should still
follow the Grass Valley anti-virus scan policy and scan all the devices in your Grass Valley
system to ensure viruses are not propagated between machines.
Embedded Security is part of the K2 Summit/Solo system generic disk image and the K2 Media
Server generic disk image compatible with K2 software version 9.0 or higher. Both K2 Media
Servers and GV STRATUS servers use the same generic disk image, so GV STRATUS servers
inherit the Embedded Security solution. On K2 Summit/Solo systems, the Embedded Security
solution introduced with K2 software version 9.0 replaces the write filter from previous versions.
Grass Valley anti-virus scan policy
Grass Valley systems are based on the Microsoft Windows operating system. It is important to
defend this system against virus or Spyware attacks. However, you must use a strategy that allows
you to scan Grass Valley systems without interrupting media access. Contact Grass Valley Support
for to determine the strategy best suited to your environment.
184
K2 System Guide
06 November 2012
Administering and maintaining the K2 system