Endpoint Protection

 View Only

  • 1.  AV Scan Exclusions for VMware clients

    Posted Apr 11, 2011 12:27 PM

     

    This is re-asking a question from a previous post that did not provide the solution to the actual question asked:-

    "Does anyone know if there are best Practice Exclusions for VMWare clients (the Virual Machine, not the Host or Server)"

    The answer from Vikram appeared to be related to a known Microsoft Hyper-V issue. i.e:

     http://www.symantec.com/docs/TECH94563

    http://support.microsoft.com/kb/961804

    • Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)

    • Custom virtual machine configuration directories

    • Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)

    • Custom virtual hard disk drive directories

    • Snapshot directories

    • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)

    • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)

    Additionally, when you use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories.

    Can someone possibly confirm if this advice does actually relate to the recommended Centralized Exceptions that we should deploy to our SEP clients deployed on our VMware XP/Windows 7 hosts?

     

    Thanks in advance.

    Duncan.



  • 2.  RE: AV Scan Exclusions for VMware clients

    Posted Apr 11, 2011 12:41 PM

    Usually I recommend speaking to the third party vendor for which files they recommend excluding from virus scanning, since they know their product better than we do. smiley Having said this, we have this document available:

    Best Practice for Symantec Endpoint Protection Scheduled Scans in VMWare
    http://www.symantec.com/docs/TECH95928

    This page (not affiliated directly with VMWare) specifically mentions ".vmdk (VMware virtual disk) and .vmem (VMware virtual memory) files." But the article is from 2005. There may be additional recommendations for newer versions.

    FWIW:

    Best Practices for Symantec Endpoint Protection in Virtual Environments
    http://www.symantec.com/docs/TECH95300

    sandra



  • 3.  RE: AV Scan Exclusions for VMware clients

    Posted Apr 11, 2011 01:34 PM

    SEP 12 introduces a feature specifically called "Virtual Image Exception."  Which is probably exactly what you are looking for.  For SEP 11 though, the link Sandra pointed you to is the right source.

    What are you looking to do with the exception?  Reduce IO bursts?  Save CPU?  All of the above?



  • 4.  RE: AV Scan Exclusions for VMware clients

    Posted Apr 11, 2011 03:39 PM

    Hello, you should exclude vmware tools install folder.



  • 5.  RE: AV Scan Exclusions for VMware clients

    Posted Apr 12, 2011 05:26 AM

    Thanks Sandra.

    I have already implemented the recommended randomization and was specifically looking for AV exclusions.

    Regards,

    Duncan.



  • 6.  RE: AV Scan Exclusions for VMware clients
    Best Answer

    Posted Apr 12, 2011 05:34 AM

    Thanks.

     

    I'll put that in the exclusions.

     

    Regards,

    Duncan.