Views:

OT Application Safeguard is an industrial-based change control protection. This feature ensures the StellarProtect-recognized OT applications can be updated without being blocked or restricted. In addition, you can enable OT application protection to secure recognized OT application executable binary files.

To enable OT Application Safeguard, go to Agent > Policy, scroll down to find and toggle on the OT Application Safeguard at the left side of the screen.

Upon launch, StellarProtect will auto-detect currently-installed OT applications and put them under protection. The recognized OT applications will be shown on the Situational Awareness tab page. Follow the instructions to view the identified OT applications.

  1. Go to Agent > Policy, scroll down to find and toggle on the OT Application Safeguard at the left side of the screen.
  2. Find and click the OT Applications
  3. The Situational Awareness screen appears.
  4. Check the OT Applications automatically recognized by the StellarProtect agent.
    Important:

    • Be sure to enable the Maintenance Mode before installing new OT applications. After the installation process completes, disable the Maintenance Mode and then StellarProtect will auto re-scan the newly-added OT applications. Any new applications found will be added into the OT Application Safeguard list. See Configure Maintenance Mode for how to enable this function.

    • Be sure to enable the Learn mode of Operations Behavior Anomaly Detection before installing new OT applications. After the installation process completes, the StellarProtect agent will add the new OT applications into the OT Applications list displayed on the agent's Situational Awareness page. See Operations Behavior Anomaly Detection for more details.

  5. You can also manually add the installation path for the application into the Safeguard’s protection list.

    1. Go to the Policy page and scroll down and find the OT Application Safeguard at the left side of the screen.

    2. Make sure the OT Application Safeguard toggle is switched on.

    3. Click File/Folder, and then the configuration window appears.

    4. Click the +Add button, and then select Folder or File and specify the folder or file path in the corresponding text fields.

      Note:

      By default, StellarProtect will only protect the PE files (.exe and .dll) under the selected folder and its subfolder(s).

    5. (Optional) If you want to protect all files inside the selected folder, please uncheck the Executable files only.

      Tip:

      By unchecking the Executable files only, users can prevent their own secret files, configurations, or other files under the selected folder from being modified.

    6. Click Add to complete the setting.

  6. You can also add user-defined authorized processes.

    1. Go to Policy > OT Application Safeguard, and then click the Authorized Processes.

    2. The configuration window appears. Click the +Add button, and then specify the authorized processes in the corresponding text fields.

      Important:

      By adding the authorized process, you may set other applications to be trusted and change the protected files/folders previously defined as well as the PE files for OT applications detected by agents. Please note if any malicious file has been set into the authorized process, StellarProtect cannot prevent this file from modifying the OT applications since it has been already excluded from the StellarProtect’s monitoring process. Make sure the user-defined authorized process is safe before adding it.

    3. Click Add to complete the setting.

Parent topic: Other Key Features for StellarProtect