Professional Documents
Culture Documents
GE OEC 9900 Elite
GE OEC 9900 Elite
GE OEC 9900 Elite
5763695-1EN-01
Rev. 1
© 2018
© GE OEC Medical Systems, Inc
All rights reserved.
Revision history
Revision history
Document # Revision # Release Date
5763695-1EN-01 1 04-2018
NOTE: The information provided in this supplement does not include all information regarding the
operation of the system. Please refer to the system operator manual(s) for complete inform-
ation regarding the safe and effective use of the system. For additional copies of the operator
manual(s), please contact GE customer service.
Document / Version Notice: GE Healthcare provides this documentation “as is“, without the
assumption of any liability under any theory of law. GE Healthcare reserves the right to change its
products and services at any time. This manual is subject to change without notice. This printed
document is the version at the time of system delivery and / or print run. Revisions are not
automatically distributed. Contact GE Heathcare at 800-874-7378 to order an updated version.
This manual may not be reproduced, in whole or in part, without the written permission of GE OEC
Medical Systems, Inc.
OEC is a registered trademark of GE OEC Medical Systems, Inc. Other product and company names
mentioned herein are the property of their respective owners.
The contents of this document are accurate at the time of publication. However, changes in design
and additional features can, at any time, be incorporated in the hardware and software and may
not be reflected in this version of the document. Contact GE OEC Technical Support for clarification,
if discrepancies arise.
GE OEC Medical Systems, Inc. a General Electric Company, going to market as GE Healthcare.
ii
Table of contents
Table of Contents
Revision history ii
GE OEC 9900 Elite DIACAP/RMF security operator manual supplement 1
Introduction and purpose 1
Service mode 1
DIACAP/RMF operator instructions 2
Anti-virus 2
Ports used for anti-virus communication 2
On-demand scan using a web browser 3
Performing an on-demand scan using the McAfee ePolicy Orchestrator (ePO) 8
If a virus is found 14
Update the anti-virus definition files 14
Updating the DAT files using ePO 14
Configure audit logging 18
Login banner 20
Troubleshooting the 9900 Elite DIACAP/RMF 20
iii
Table of contents
iv
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Service mode
In order to provide increased security, the DIACAP/RMF software adds a service mode to the OEC
9900 DIACAP/RMF system. The Service button on the Security / Network Configuration screen
allows service personnel to enter service mode. The system will only connect to computers with
specific settings which are limited to service laptops.
1
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
2
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Table 2: McAfee agent ports required for communication through system firewall
Port Default Description Traffic Direction
Agent-browser 55443 Default TCP port used to Inbound/Outbound for
default communicate with web browser. communication between
communication Only available when in both browser and agent.
secure port Service mode and anti-virus mode.
Agent wake-up 8081 TCP port that agents use to Inbound connection from the
communication receive agddent wake-up requests ePO server/Agent Handler to
port SuperAgent from the ePO server or Agent the McAfee Agent.
repository port Handler. TCP port that the
Inbound connection from
SuperAgents configured as
client machines to
repositories that are used to
SuperAgents configured as
receive content from the ePO
repositories.
server during repository
replication, and to serve content
to client machines.
Agent broadcast 8082 UDP port that the SuperAgents use Outbound connection from
communication to forward messages from the ePO the SuperAgents to other
port server/Agent Handler. McAfee Agents.
Console-to- 8443 TCP port that the ePO Application Inbound connection to the
application server Server service uses to allow web ePO server from the ePO
communication browser UI access. console.
port
Client to server 8444 TCP port that the client uses to Outbound connection from
communication communicate with the ePO server. client to the ePO server.
port
3
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
4
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Figure 3: TCP/IPV4 General Properties dialogue box with correct values entered
g. Click OK and then click Close.
6. Open a web browser on the service laptop and, in the location bar, enter
https://192.168.0.1:55443 to launch McAfee VSEL agent.
You may have to click Continue to Site or Proceed to Site (depending on the browser) if you
have anti-virus browser security installed on the service laptop.
7. Log in using user name nails and password nails, then click Logon.
NOTE: This is the default password and can be modified. If this password is modified, use new pass-
word to log into the McAfee agent. If you forget or lose the password, you must reinstall the
DIACAP/RMF software.
8. Under Schedule in the left menu bar, select On-Demand Scan. The On-Demand Scan screen
displays the When to scan section.
5
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
6
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
After a few minutes, it displays as Running. Depending on the path scanned, the
scheduled task may take several hours to display as Complete.
If the scan is stops prematurely, the scheduled task displays on the system as Stopped.
Access the host and scan summaries, detected items, system events, and scheduled tasks by
selecting the appropriate page on the upper left of the VSEL web interface.
7
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
NOTE: ePO allows you to disable the client web UI. If this is enabled, it is not possible to run the client
web server and connect using the service laptop after connecting to ePO. To ensure service
or IT personnel can scan the system using the web browser after updates to software, ensure
this box is not selected.
To access this:
1. From the ePO server console, click System Tree, the click My Organization and select
the specific system.
2. Click Actions, then select Agent >> Modify Policies on a Single System.
3. In the Product drop-down menu, select VirusScan Enterprise for Linux.
4. In the General Policies line, click My Defaults.
5. Click the Advance tab and clear the Disable client Web UI checkbox.
6. Click Save.
8
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
9
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Figure 10: Actions >> Agent >> Modify Taskas on a Single System
6. Click Actions >> New Client Task Assignment. The Client Task Assignment Builder screen
displays. On this screen:
a. In the Product section, select Virus Scan Enterprise for Linux.
b. In the Task Type section, select On Demand Scan.
c. In the Task Name section, click on Create New Task and type a unique Task Name in
the text box.
10
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
11
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
12
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
13
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
If a virus is found
If a virus is detected on a 9900 Elite DIACAP/RMF system, please contact the GE Healthcare Surgery
Technical Support at 1-800-874-7378 for assistance.
To ensure all malware is removed, the DIACAP/RMF software must be reinstalled on the system after
detection.
CAUTION Do not update the agent or client version. The installed versions have been formally
verified. Updated versions may not be compatible with the DIACAP/RMF system, and
can leave your system unprotected.
14
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
15
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
16
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
17
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
ModLoad imtcp
InputTCPServerRun 514
*.* /var/log/mysyslog.log
This configures the server to receive log messages using TCP on port 514 and to save them to the
mysyslog.log file.
18
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Figure 23: Audit Logs button on the Security / Network Configuration screen
4. Enter the IP address and port of audit log server that will be used to store logs files.
19
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Login banner
GE OEC 9900 Elite DIACAP/RMF systems can be configured to display a configurable banner at login.
Call for service to configure the banner.
Audit logs
Problem Cause Solution
Cannot view audit logs on Audit logs are only viewable on Set up remote audit log server to
system. the remote audit log server. retrieve system logs.
Audit logs not sent to remote Wrong IP address configured for Enter correct IP address of
server. remote audit log server. remote audit log server.
Wrong port number configured Enter correct port number of
of remote audit log server. remote audit log server.
Audit logs service not started. After entering IP and port
information press the Start Logs
button to start the service.
20
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
Anti-virus
Problem Cause Solution
Cannot connect to the system Laptop network settings Laptop IP address (192.168.0.2)
anti-virus software using a web incorrect. and subnet mask
browser. (255.255.255.252) must be
configured properly to connect to
the system.
Cannot connect to the system System did not open Touch the Service button to
anti-virus software using a web communication port. open the communications port
browser. before touching the AV Mode
button.
Client web UI is disabled in ePO. Enable client web UI in ePO. See
the note on page 8 for details.
Anti-virus scan or update did The system must be in AV mode Ensure system is in AV Mode
not run at scheduled time. to run updates or scans. when updating or scanning.
Anti-virus will not allow login The username and password Have a service engineer re-install
from web browser. were changed and are now the software.
unknown.
ePO server does not show the The system requires exchange Have a service engineer reload
system on the system tree. or security keys and network ePO server keys onto the system.
information.
The system is not in AV mode. Ensure system is in AV Mode for
communication with the ePO
server.
System agent could not Depending on the size and
communicate with ePO server. complexity of the network, it may
take up to 24 hours for the agent
to initially communicate with the
ePO server.
Network settings preventing Verify ports (80,443,
communication between agent 55443,8081,8082,8443,8444)
and ePO server. used for ePO agent
communication are open on the
network.
Setting modified on the ePO Agents pole the ePO server for Use the wake up agent command
server are not pushed to the setting updates periodically. on ePO to force agent/client
agent/client on system setting updates. See McAfee
immediately. documentation for additional
information.
21
GE OEC 9900 Elite DIACAP/RMF Security Operator Manual Supplement
22