Windows file shares and other SMB services are favorite targets for worms and other malware.

PI System core functionality does NOT require SMB.

https://techsupport.osisoft.com/Troubleshooting/KB/KB01162

 

However, file sharing can be quite useful and there are a few cases where you may observe related guidance for the PI System:

1. Importing PI Processbook files to PI Vision (previously known as PI Coresight)

2. UniInt interface failover synchronization file

added 16May>

3. PI Interface for Universal File and Stream Loading and PI Connector for UFL optionally consume input files from a shared folder

4. PI Interface for Performance Monitor uses SMB protocol to collect Windows performance counters from remote computers

 

There are also occasional system management functions where SMB may be used:

1. Initializing a secondary member of a PI Data Archive collective

2. Creating a PI Identity/Mapping to a non-domain based Windows user or group on a PI Server.

 

Last week's outbreak of 'WannaCry' ransomware is just the latest example of miscreants abusing SMB.  We further observe the miscreants first use phishing to bypass perimeter defenses. While few have SMB open to the internet, file sharing is often open amongst machines on interior networks.  As per above, some PI System servers may allow connections to shared folders or to other Windows SMB services in general.

 

Advice for PI System servers allowing SMB:

1. Maintain routine Windows Updates, especially MS17-010

2. Remove or disable SMB v1

3. Limit access to shared folders on PI servers by specific users, groups, or computers

4. Enable application whitelisting rules on PI System servers