Endpoint Protection

 View Only

  • 1.  Scanning files on write, but not read on Virtual Desktops

    Posted Jul 31, 2013 03:12 PM

    We are working with VDI (Virtual Desktop) machines and we are configuring the SEP 12 policies.  Our VDI admin is requesting that we set Auto Protect to "Scan when a file is modified", instead of "Scan when a file is accessed or modified."  In other words, scan on write, but not on read.  Obviously this recommendation would improve performance, but I'm trying to think of scenarios where this setting would be a security risk. 

    The VDI image is read-only, thus all changes will be lost when the machine is powered down or rebooted, however the file system of the VDI instance is obvoiusly writeable while it is live. 

    Is this setting recommended by Symantec?



  • 2.  RE: Scanning files on write, but not read on Virtual Desktops

    Posted Jul 31, 2013 03:15 PM

    Of course it is best practice to scan when a file is accessed or modified but you have to do what works best for your scenario. The good thing for you is changes are lost when rebooted so you can respond quickly to any risks. This is a pretty nice layer to have.



  • 3.  RE: Scanning files on write, but not read on Virtual Desktops

    Posted Aug 01, 2013 05:45 AM

    Maybe this document will help you to improve the performance ein your virtual environment: http://www.symantec.com/docs/TECH197344

     

    Regards, 

    mkeil