Hi People,

Does SEP 12.1.3 can now supports the Agentless VM scanning and protection by leveraging VMware vSphere 4.1 and above technology to protect multiple Windows Server 2003 & 2008 VM ?

so that I do not have to deploy and manage the agent for more than 500 VMs across 45 ESX and ESXi servers.

Any thoughts and comment would be greatly appreciated.

Thanks, 

Still the same as it was in RU2 and below:

Using Symantec Endpoint Protection in virtual infrastructures

Symantec Endpoint Protection 12.1 & Virtualization

you can take the advantage of the above articles along with the Installing a Security Virtual Appliance and using a vShield-enabled Shared Insight Cache.

this details is there in the administration guide. This will help to improve performance.

http://www.symantec.com/business/support/index?page=content&id=DOC6153

HI,

Configuring your clients to communicate with Shared Insight Cache

The Symantec Endpoint Protection Shared Insight Cache eliminates the need to scan files in a virtualized environment that Symantec Endpoint Protection has determined are clean. Shared Insight Cache is a separate service that you install on a dedicated server or in a virtualized environment. After you install and configure Shared Insight Cache, you must configure your clients to communicate with Shared Insight Cache.

When a file is scanned and determined to be clean, the client submits information about the file to Shared Insight Cache. Shared Insight Cache adds this information to its cache. When a client subsequently attempts to access the same file, the client can query Shared Insight Cache to determine if the file is clean. If the file is clean, then Shared Insight Cache notifies the client that file is clean. The client can bypass virus scanning on that particular file. If the file is not clean, the client scans the file for viruses and submits those results to Shared Insight Cache.

By default, Shared Insight cache is setup with no authentication and no SSL. As such, the default setting for the password is null. In other words, the password is blank. If you set Shared Insight Cache to Basic authentication with SSL or Basic Authentication with no SSL, you must specify a username's password that can access Shared Insight Cache.

You can also change a user-defined authentication password if needed. But if you do, you must specify that authentication user name and password in Symantec Endpoint Protection Manager so clients can communicate with Shared Insight Cache.

For more information about Shared Insight Cache, see the Symantec Endpoint Protection Shared Insight Cache User Guide.

To configure your clients to communicate with Shared Insight Cache

1.    In the console, open a Virus and Spyware Protection policy and click Global Scan Options.

2.    On the Global Scan Options page, under Shared Insight Cache, check Enable Shared Insight Cache.

3.    Check Require SSL if you enabled SSL when you set up the Shared Insight Cache server.

If you enable SSL, the client must be set up to communicate with Shared Insight Cache. To do so, you must add the Shared Insight Cache server certificate to the trusted certificates authorities store for the local computer. Otherwise, the client/Shared Insight Cache server communication fails.

For more information about how to add a server certificate, see your Active Directory documentation.

4.    In the Hostname box, type the host name of Shared Insight Cache.

5.    In the Port box, type the port number of Shared Insight Cache.

6.    Optionally, if you configured authentication for Shared Insight Cache, in the Username box, type the user name.

7.    Optionally, if you configured authentication for Shared Insight Cache, click Change Password to change the default password (null) to the password that you created for authentication.

8.    In the New password box, type the new password.

Leave this field empty if you do not want to use a password.

9.    In the Confirm password box, type your password again.

10.  Click OK.

Regards

Ajin

Pete,

So in this case I just need to deploy the following .OVA (Symantec_Endpoint_Protection_12.1.2_Security_Virtual_Appliance_ML.ova) in each ESX & ESXi hosts to enable the agentless scanning across the datacenter ?

hope these links help

You must install a Security Virtual Appliance on each ESXi host if you want the GVMs on the host to use vShield-enabled Shared Insight Cache

Installing a Symantec Endpoint Protection Security Virtual Appliance

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

Many thanks to all for the reply, so in this case is there any minimum supports or prerequisite that I need to do before deploying this image and begin uninstalling the SEP client in all of the production server.

duplicate hardware id :-) if image with SEP software part of it. And yes if the number of licenses exceeds you may want to configure delete the clients from console if not connected to X days has to brought down.

Nope. You will need to install SEP client on each machine (virtual or physical).

But there are few things that you can do so that SEP clients take less resource on the virtual machines.

SVA doesn't provide agentless scanning on virtual machines.

SVA (Symantec Virtual Appliance) is only a plugin that helps Shared Insight Cache (which is one of the features in SEP clients).

Check this link

"Thumbs Up" to Seyad as the only one who clearly states that SEP does not provide any agentless scanning.

The SVA only provides SIC functionality (i.e share scan results) it does not provide agentless scanning.

The only vaguely agentless (i.e. nothing installed) scanning options in SEP at this time are only available via the offline image scanner (and this requires the VM to be off), and the Endpoint Recovery Tool (which you have to boot from).

Hello,

I agree with Seyad.

Symantec is not currently using the vShield Endpoint API for agent-less AV on virtual machines in Symantec Endpoint Protection (SEP) 12.1. vShield support is planned to be integrated into future releases of the product.

Check these Articles:

Does Symantec Endpoint Protection 12.1 support VMWare vShield?

http://www.symantec.com/docs/TECH175568

Symantec Endpoint Protection 12.1 - Virtualization Best Practices

http://www.symantec.com/docs/TECH173650

Going Agentless is a very aggressive performance based Approach..SEP 12 has Performance and Security based Approach.

Do read this :

https://www-secure.symantec.com/connect/sites/default/files/SYMANTEC_McAfee_Trend_On_VDI.pdf

Hope that helps!!

many thanks for the clarification Seyad.