Video Screencast Help

SEP 12 support for ESX and/or ESXi

Created: 02 May 2011 • Updated: 02 May 2011 | 12 comments

Is there any support for vmware esx and or esxi in SEP 12? Preferrably with Vshield integration?

Comments 12 CommentsJump to latest comment

Simpson Homer's picture

 

 

VMware support

Symantec software is supported on VMware.

 

Table: VMware support

Symantec software

VMware support

Symantec Protection Center and database

Symantec Protection Center is supported on the following VMware versions:

  • VMware WS 5.0 (workstation) or later

  • VMware GSX 3.2 (enterprise) or later

  • VMware ESX 2.5 (workstation) or later

Symantec Protection Center is supported on the following guest VMware operating systems:

  • Windows 2000 Professional/Server/Advanced Server SP 3 or later

  • Windows Server 2003 Editions

  • Windows Server 2003 x64 Editions

  • Windows XP Home Edition/Professional

  • Windows XP Professional x64 Edition

Client

The client is supported on the following VMware versions:

  • VMware WS 5.0 (workstation) or later

  • VMware GSX 3.2 (enterprise) or later

  • VMware ESX 2.5 (workstation) or later

The client is supported on the following guest VMware operating systems:

  • Windows 2000 Professional/Server/Advanced Server

  • Windows Server 2003 Editions

  • Windows Server 2003 x64 Editions

  • XP Professional/Home Edition Windows

  • XP Professional x64 Edition

 

 

teiva-boy's picture

abnscbnklfoo, This isn't the question.  Did you even read it?

 

In terms of vShield, I think this is more of "Wishful thinking," than anything.  This technology was announced some 3yrs ago.  To this day, the vendors that actually do anything, are very little to useless in terms of their implementation.  

All they can do is scan a VM when it's powered off, and only Windows hosts.  What good is that?

Until we get to true agent less installation, we'll have to use an agent in the guest where appropriate.  

 

I believe the answer you are looking for is no.

 

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

erikw's picture

teiva-boy,

Thank you for your answer.

I find it unbelievable that Symantec has no vshiled integration.

the technology is not that hard. But if it only scans shut down machines it is useless indeed.

And what i actually wanted is indeed agentless AV.

Simply a management console that monitors all traffic on all Vm's on that host and learns to acknowledge behaviour.

if something does strange things lock it down or something like that.

Now we are upgrading Virtual machines and that is taking much resources.

AV is the top most used application.

It would be so nice and tremendously cool to have something so that we do not need to install av on each client, but could simply manage the host.

You got my thumsup.

Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)

*************************************************************
If your issue has been solved, Please mark it as solved
***********

Chetan Savade's picture

Hi,

Are you talking about SBE 12.0 or Beta 12 ?

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

erikw's picture

Chetan,

 

Im talking about Symantec endpoint protection 12.1.

Yes the beta version.

Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)

*************************************************************
If your issue has been solved, Please mark it as solved
***********

Simpson Homer's picture

I believe it is compatible.

Following are some release notes:-

 

Symantec Endpoint Protection 12 offers comprehensive defense against all types of attacks and is optimized for performance on virtual systems. Symantec Endpoint Protection 12 can whitelist baseline images, maintain a local Insight cache, randomize scans and updates, and automatically identify and manage virtual clients. This is above and beyond the performance improvements gained with Insight. Together these innovations dramatically reduce the load on virtual hosts, alleviating ‘AV Storms’/concurrent scans from bogging down system resources and allowing for faster, more responsive systems, which can in turn support greater density of virtual instances. Symantec is working closely with VMware to take full advantage of virtualization awareness and introspection capabilities based on VMware vShield™ technology and Symantec Endpoint Protection 12 is the first step along the optimization path for virtual environments.

Reference: http://www.symantec.com/about/news/release/article.jsp?prid=20110215_01

erikw's picture

Thanxs, that is part of my question.
Whats left now is were can i find the vshield agent?

Thanxs again.

Regards Erik www.DinamiQs.com Dinamiqs is the home of VirtualStorm (www.virtualstorm.org)

*************************************************************
If your issue has been solved, Please mark it as solved
***********

Simpson Homer's picture

We should have it soon as per the information mentioned in the link of release.

Kindly refer to the same.

 

http://www.symantec.com/about/news/release/article.jsp?prid=20110215_01

Eric Schwake's picture

Hello erikw,

With the 12.1 release we do not have a Vshield agent but we have several virtual environement enhancements which  should significantly help with overall performance across various hypervisors.  To read about these please check the post https://www-secure.symantec.com/connect/blogs/conf....

We greatly appreciate the time you are spending with the beta and the feedback you provide.  If you have further feedback we have created a forum specifically for posting it.  You can find it at http://www.symantec.com/connect/SEP_12_Beta_Group.

 

Thank you.

Eric S.

Simpson Homer's picture

Thanks for the update Eric..!

dschrader's picture

Are you asking is we support VMware?  Yes - and Citrix and Microsoft virtual environments.  

However, we don't use vShield - and we won't until it grows up a bit.  vShield Endpoint today is a set of APIs and a device driver to offload file events to a security VM - which sounds great.  Do all you virus scanning in just on vm, no need for an agent in each instance . . . . increase density, less to manage . . . .

Trouble is that vShield is just about "file events" i.e. scanning files for viruses - no host or network ips, no real time behavioral (i.e. Sonar in SEP 12.1) no client fw, no application control, device control, access control.  So with vShield your giving up a lot of security.  About 50% of our detections come from technologies other than tradional virus scanning - that is a lot of security to give up.

We are working wiht VMware on a next gen that will allow the advantages of vShield without compromising security - but it won't be in this release.

The main bottleneck to greater density is disk i/o.  We did a lot to drive disk i/o in this release - reducing it up to 90% through sharing scan results, creating white lists out of gold images and through Insight.  For tips on using SEP in virtual environments - take a look at my blog .  . . https://www-secure.symantec.com/connect/blogs/configuring-sep-121-virtual-environments

The only vendor that supports vShield today for an agentless approach is Trend Micro - and their detection rates are so low with it that they won't let 3rd party labs test it (true story).

sabo-fx's picture

Quote 1: (Press Release)

"Symantec is working closely with VMware to take full advantage of virtualization awareness and introspection capabilities based on VMware vShield™ technology....."

Quote2:

"Are you asking is we support VMware? Yes - and Citrix and Microsoft virtual environments. However, we don't use vShield - and we won't until it grows up a bit."

Hmmmm...

Feels like your marketing department is trying to blow smoke up our ....!

I understand that vShield may lack certain features rendering it useless for integration with SEP at this moment. If so, Symantec is not to blame I guess.

What really frustrates me is your marketing department's attempt (quote1) to fool us into thinking, that there are features in SEP 12 specific to VMware/vShield. But after reading your reply (quote2) I realized that in reality SEP 12 offers zero integration with VMware.

I just finished reading ‘SEP 12.1 Best Practices in a Virtual Environment’
https://www-secure.symantec.com/connect/sites/default/files/SEP%2012.1%20Virtualization%20Best%20Practices.pdf .
Not even once does it refer to vShield, vSphere nor VMware.

I.M.H.O. generic optimization in SEP 12 improving performance on a(ny) virtual infrastructure does not constitute referring to ‘VMware vShield™ technology’ in the SEP12 press release.

Suggestive marketing fluff does not impress techies! As a result, any other claim Symantec makes will be met with a lot more skepticism.

kind regards,

J. Kuin
Senior System Administrator
T-Mobile Netherlands BV