Hello,

This is good question to ask upfront, and you are correct in that risk for potential unknow issues. I think there will be issues with file /port blockage with this security for sure, but the specific version of WinCC matters.  For example, WinCC 7.5 has no support with CrowdStrike, but WinCC 8.1 does support CrowdStrike Falcon V7.26.  However, Qualys Cloud and Trend Micro are not listed in any capacity for 8.1. Perhaps this security document link below would give guidelines, but I think it will be a challenge to whitelist all the necessary files and ports. Of course, something could always be missed as there is no official documentation that covers this in-depth. Perhaps there is the chance to virtualize these pcs and secure them behind the host machine as a thought. That way the host is secured but the VMs are “normal” machines free from potential problematic security software. That would entail changing what you likely already have in place.

https://support.industry.siemens.com/cs/at/en/view/109986977

Thanks,

Steve