Scanning of virtual machines
Updated: 21 May 2010 | 8 comments
This issue has been solved. See solution.
My organisation uses virtual machines that host several servers on each machine. As far as we've been led to believe, only the host machine needs SEP installed; the virtual ones will be protected by that as well. Is this the case or should we be installing SEP on every virtual machine and the host server? (I seriously hope not as the performance hit would be immense)
Thanks in advance
Gill
discussion Filed Under:
Comments
You need to install SEP on
You need to install SEP on host machine and VIrtual Machines.
On the host machine SEP will just see the Virtual machine as a one VMX file/files.
TO protect your virtual servers/machines you need to install SEP on them.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
You can check the below
You can check the below article from Microsoft
Error code when you create or start a virtual machine on a Windows Server 2008-based computer that has Hyper-V or on a Microsoft Hyper-V Server 2008-based computer: "0x800704C8", "0x80070037" or "0x800703E3"
In this doc they are recommended about certain exclusions to be done for antivirus scanning for avoiding some problems.
As vikram told you need to install SEP on each virtual machine.
ref: above article
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
The rumours of not needing
The rumours of not needing protection on each virtual machine are exaggerated. Like they said - the individual machines need it too.
I've had chats with a fellow at a major company where I used to work, they are big into terminal server and virtual machines and all - every image, every machine, physical or virtual gets protection installed. I guess they learned some things.....
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
No, Installing Symantec
No, Installing Symantec Endpoint Protection on the computer hosting virtual machines will protect the host computer, but not the virtual machines. You will need to install Symantec Endpoint Protection on the host computer as well as the virtual machines.
The reason we are saying this is beacuse even the VM will contact to the internet and downlaod stuff. If SEP is not installed on that there will be no Real time protection or Network Protection on the image. The SEP on the host machine will only come into the picture while running the scan
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Thanks to you all for
Thanks to you all for replying.
Sorry, I should have been more specific. I agree with what you're saying for the VMWare servers we have, and we do have SEP running on them, but is that the case specifically for Virtuozzo servers as well? They're still virtual servers but they all share the host OS files, making the virtual servers tiny.
Thanks
Gill
Knowing that TINY detail
Knowing that TINY detail makes a huge difference! Most folks will "Assume" VMWare as that's the most prolific, and there IS a common misconception about VMWare going around.......
VMWare servers get HUGE because the files are the same size as the "server" and the drive of that server. Then take snapshots - it's get really hairy.
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
Well Yes even in that case
Well Yes even in that case you will need a SEP on both the Parallel OS.
As both the OS are independent of each other.They will only share some part of the memory.
Both OS will have their own user space and temp memory which will neither be shared nor can be accessed by the other OS programs like AV.
So as a best security practise you should install AV on both.
However if you install AV on one OS it will protect most part of your HDD from being infected but not all.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
To help anyone searching for
To help anyone searching for the solution to this, the official word from both Parallels (Virtuozzo) and Symantec is that you DO NOT have to run SEP on both node and containers as they share the same OS. Unlike VMWare the containers (virtual machines) aren't held within a single file on the node(s) but in one folder per container which is a flat structure and therefore gets scanned normally.
All very clever...
Gill
Would you like to reply?
Login or Register to post your comment.