The operating systems on the WorkCentre products are either
proprietary or embedded inside the product. All access to the OS is
mediated by the application software, so there is no way for an
attacker to access these operating systems via the network and
login as one could with Unix or Windows, for example.
The products are designed to prevent the loading of any third-party
applications as part of their operational model, this includes anti-
virus software. This was done intentionally to help prevent the
loading of potentially malicious software on the units, as well as to
control the impact adding such applications would have on a
system's operation and performance. Moreover, anti-virus vendors
do not make virus protection software that is specific to Xerox®
embedded products.
Windows anti-virus software
Administrators can install anti-virus software on a Fiery with FACI
kits. A local GUI is required for proper configuration of anti-virus
software. Anti-virus software is most useful in a local GUI
configuration, where users have the potential to infect the Fiery with
a virus through standard Windows actions.
For a Fiery without a FACI kit, it is still possible to launch anti-virus
software on a remote PC and scan a shared hard drive of a Fiery,
EFI supports this configuration/ workflow. However, EFI suggests
the Fiery administrator work directly with the anti-virus software
manufacturer for support of this operation.
EFI tests Fiery products with McAfee VirusScan software; similar
products from Symantec and TrendMicro are also compatible with
the Fiery when used as described above.
Anti-Virus Software Configuration
The anti-virus software should be configured to scan for files
coming into the Fiery outside of the normal print stream. This
includes:
Removable media
Files copied to the Fiery from a shared network directory
The anti-virus software can also be configured to scan all files on
the Fiery when the Fiery is not planned for use for an extended
period of time. The administrator should only run the anti-virus
software manually when the Fiery is idle and not receiving or acting
upon a job.
Non-FACI Systems
For non-FACI based Fiery Systems, because the system is running
on Microsoft OS, EFI recognizes that the Fiery must still meet the
customer’s company anti-virus standards. EFI has developed a
patch that enables remote desktop. With this patch installed and
remote desktop enabled, the administrator will be able to manage
the NON-FACI system using remote desktop – and install the
appropriate anti-virus software required by the company.