![T500定制 (72) [轉換]-01.png](https://static.wixstatic.com/media/b6f49f_9a6c8a5984ed433aa6c1479d8a92f5ff~mv2.png/v1/fill/w_631,h_422,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/b6f49f_9a6c8a5984ed433aa6c1479d8a92f5ff~mv2.png)
SEMI E187 FAQ: Do equipment vendors need to pre-install antivirus software before shipment?
- 4 hours ago
- 2 min read
Conclusion: No. For “Endpoint Protection” in SEMI E187, the focus is on being able to deliver verifiable "clean evidence" at shipment, and ensuring your equipment/tool is compatible with mainstream commercial anti-malware solutions. The standard does not mandate that you must ship the tool with a specific anti-virus product pre-installed on the machine.
1) What the standard truly requires: "Perform malware scanning before shipment and deliver the scan report"
The core requirement of SEMI E187 regarding malware scanning is: you must complete a Malware Scan before shipment and provide the scan report as evidence. The report should clearly state:
The scanning tool used (name and version)
Scanning scope of coverage
Scanning configuration
Scanning date
Scanning results and remediation conclusion (the final report must show no malware)
In practice, auditors/customers care most about whether the evidence is traceable, repeatable, and time-valid. Verification checklists typically include a principle such as "the report must be completed within a reasonable validity period (commonly within one month, aligned with signature/database currency or scan validity)"—to prevent outdated scan results from being used as shipment evidence.
Key point: E187 requires "scan + report (evidence)," not "mandatory pre-installation of anti-virus at shipment."
2) Another key requirement: "Compatibility" — you must explain which mainstream anti-malware can be used and how
Another important part of SEMI E187's Anti-Malware requirement is that the equipment vendor should provide documentation specifying the mainstream commercial anti-malware solutions compatible with the tool/equipment, and (in a verification scenario) be able to demonstrate that they operate normally without impacting essential equipment functions.
The logic is practical:
Fabs/equipment owners typically already have standardized security tools (EPP/AV/EDR). They do not want every equipment vendor to bundle a different product, creating an operational nightmare.
Therefore, the standard cares more about whether your equipment is in a state that can be managed by the customer's existing anti-malware (compatible, installable, with clear recommended settings, and not destabilized by installation).
Key point: E187 asks you to "list compatibility + provide recommended configuration/operation guidance," not to "force bundling or pre-installation."
Why is it often misunderstood as "anti-virus must be pre-installed"?
Many people misread "Malware Scanning" as "the tool must have a resident anti-virus running on the machine."
In the E187 context, at least two things should be separated:
Pre-shipment cleanliness verification (Proof of Cleanliness): you deliver a report proving the tool is clean at the time of shipment.
Ongoing protection in the customer environment (Ongoing Protection): whether to run a resident agent and how to operate it is usually the fab's policy and responsibility. The equipment vendor's role is to provide compatibility + guidance so the fab can adopt their standard controls smoothly.
Want to confirm quickly how your tool/equipment can meet SEMI E187?
If you'd like our help interpreting the clauses and organizing deliverable templates for pre-shipment malware scanning evidence and anti-malware compatibility documentation, please contact us.
