Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

how do i know if vshield is working?

  • 1.  how do i know if vshield is working?

    Posted Jul 13, 2015 04:07 AM

    So vshield is interted into the hypervisor, the VSA is running on the host, there is a Win 8.1 guest on the host with the endpoint driver installed, so surely it should be handing off the scanning of files to the appliance?

    but how do i know its working. I thought I'd see some sort of logfile on the vshield web interface telling me it was scanning files as it did it. but i can't find anything and im struggling to see anything on the documentation on how to make sure its working. other than the eicar test file.

    if it helps, the client machine isn't showing in SEPM console yet. should it?

    thanks.



  • 2.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 04:35 AM

    found the first part of the answer and that is

    check that the SVA is checking in with

    SEPM Console >> Monitors >> Security Virtual Appliance.

     

    now to work out why mine isnt.



  • 3.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 05:56 AM

    Have you checked the SVA_Install.log?

    http://www.symantec.com/docs/HOWTO81083



  • 4.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 06:18 AM

    i have, it shows the install fine, but it doesn't show the appliance trying to get back to the SEPM server. im guessing thats in the next few steps?



  • 5.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 07:59 AM

    Have you tried exporting and replacing the sylink file manually?



  • 6.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 08:26 AM

    not sure how to do that on an appliance, is there a guide somewhere?

     

    Matt



  • 7.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 08:45 AM

    Should be in the Installation settings section

    http://www.symantec.com/docs/HOWTO81082



  • 8.  RE: how do i know if vshield is working?

    Posted Jul 13, 2015 10:33 AM

    it is in there and i've configured the settings as part of the install. is there a guide to using the command line to verify settings anywhere?

     

    Matt



  • 9.  RE: how do i know if vshield is working?
    Best Answer

    Trusted Advisor
    Posted Jul 13, 2015 03:14 PM

    I don't think that you understand what the Security Virtual Appliance does:

    https://support.symantec.com/en_US/article.HOWTO81080.html

    The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. The Security Virtual Appliance integrates with VMware's vShield Endpoint. The Shared Insight Cache runs in the appliance and lets Windows-based Guest Virtual Machines (GVMs) with the Symantec Endpoint Protection client installed share scan results. Identical files are trusted and therefore skipped across all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan performance by reducing disk I/O and CPU usage.

    The guest OS does NOT offload file scanning to the SVA.



  • 10.  RE: how do i know if vshield is working?

    Posted Jul 16, 2015 10:09 AM

    thanks for the heads up. I'd been led to believe that in its most basic guise, it offloaded AV scans to an appliance, to stop it from slowing down the gvm, but i can see thats not the case now. 



  • 11.  RE: how do i know if vshield is working?

    Trusted Advisor
    Posted Jul 16, 2015 10:39 AM

    It does work best when you also use it with the Virtual Image Exception tool when you create your VM images.  That way the overall scan time is extremely low AND the guests share known-good-file information with each other.  Check out VIE and see if that would work for you.