Video Screencast Help

vshield, Agent-less SEP?

Created: 07 Dec 2012 | 10 comments

http://www.symantec.com/connect/blogs/symantec-endpoint-protection-12-adds-vshield-integration-increases-security-effectiveness

Why does the above blog seem to say there is agent-less vshield integration with the newest version of SEP?

 

Comments 10 CommentsJump to latest comment

.Brian's picture

 

This refers to the Shared Insight Cache (SIC)
 
The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based
virtual appliance that you install on a VMware ESX/ESXi server. The Security
Virtual Appliance integrates with VMware’s vShield Endpoint. The Shared Insight
Cache runs in the appliance and lets Windows-based Guest Virtual Machines
(GVMs) share scan results. Identical files are trusted and therefore skipped across
all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan
performance by reducing disk I/O and CPU usage.
 
Check the attached admin guide starting on Chapter 29 for full details
 
 
AttachmentSize
Installation_and_Administration_Guide_SEP12.1.2.pdf 10.11 MB

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

bjohn's picture

Yeah, I know about all that, but none of that makes it agentless, does it?

.Brian's picture

No, you still need the agents

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

bjohn's picture

OK, that's what I thought. Basically the blog post from the Director of something something.. is wrong then.

 

From the blog:

VMware vShield Endpoint provides Symantec anti-malware protection with an additional layer of defense in-depth, agent-less and directly from VMware cloud infrastructure. This can improve the overall security posture and compliance for a growing number of virtual machines deployed without security agents, i.e. test and development and private cloud deployments.

.Brian's picture

Unless I'm missing something, the SIC sort of acts like the repository for all the files that are scanned and determined to be good or not. So files on the clients will be skipped if deemed good by the SIC. So I guess you could somewhat see this as agentless in some sense but you still need the client on each one so it can talk with the SIC.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Symantec is not currently using the vShield Endpoint API for agent-less AV on virtual machines in Symantec Endpoint Protection (SEP) 12.1. vShield support is planned to be integrated into future releases of the product.

Check this Article:

Does Symantec Endpoint Protection 12.1 support VMWare vShield?

http://www.symantec.com/docs/TECH175568

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

vxaxv17's picture

Your post directly contradicts this article:

 

https://www-secure.symantec.com/connect/blogs/symantec-endpoint-protection-12-adds-vshield-integration-increases-security-effectiveness

 

Can you please clarify if symantec is using vshield integration once and for all?  I have been trying to get this answer for weeks now and its been most frustrating.

mjg00's picture

in order to manage the guest virtual machine clients am i required to install the SEP12.1 RU2 client on the VM

if using vmware view linked clones am i required to install the sep12 client on the base vm prior to pool deployment?

i am able to get everything running except i can't seem to find any way to link the client GVM to the sep12 management server

i can see all my SVAs deployed and online with zero clients...

 

i'm running esxi 5.0 U2 and vshield 5.1 with latest tools

bjohn's picture

Yes, to both of your questions.
There is no agent-less SEP, SEP vshield integration is more or less a gimmick (or at least not how the other AV vendors implemented it).

vxaxv17's picture

Yes I've had numerous discussions with our account reps and basically the statement that SEP integrates with vmware using vshield is a total joke. All the integration provides is a shared storage (on a virtual appliance) that keeps track of what files were scanned so every virtual machine doesnt scan the same files. Great, but you still need a full client on each VM which is not how true vshield integration is supposed to work. Not that we needed another reason to stop using symantec but this has been the last thing which caused us to move to another vendor.