Endpoint Protection

Hello guys , sorry in advance if my question is rally naieve becuase I have some confusion on this , I would really appreciate if you can tell me if it is somewhat misleading or not. I am attaching a datasheet for SEP for VDI.

Now as per this Datasheet it says that SEP for VDI is agentless meaning we do not need to install any SEP agent on the Guest VMs ( GVMs) .  In the data sheet in System requirements it is mentioning DCS as well.   As per my understanding the true agentless Antivirus solution from Symantec is DCS.

This Datasheet is confusing me. Could you please tell me if this SEP for VDI a separate product or the same traditional SEP that we have been using.

 

As per my understanding we still need to require SEP agent on each GVM in VDI envoirement. However the benifet we get is there are some features that are optimized for Virtual envoirements like SVA , Share insight cache for sharing scan results etc etc.

Your help and guidance would be appreciated.

 

Thanks

Here is the datahsset

Datahsheet is attached

Hello Outrageous you are right, YOu need to have SEP on each VM Desktop ( Separate Vms sitting on the same SAN). instead of scanning the same files over and over again, u use the  SVA to mimimize the impact on the storage.there is no separate product for it, its the same SEP.

 

Thanks for your reply Brian I know that . But the only thing that is strange in the attached data sheet ( DATASHEET SYMANTEC ENDPOINT PROTECTION FOR VDI-1-1115.pdf)   is that it is agentless . How is it agentless ?

I meant rafeeq, my bad :(

Hi Rafeeq , can you please review the datasheet ?

Hi Outrageous,

Regardless of the nature of the machine (Physical, Virtual, citrix) each machine should have SEP installed to it. if you are really looking for a agent less protection there is another product called critical system protect, you might want to give it a try, its not a replacement for tradition AV, but a enhancement to it.

 

That was really confusing, this is what I have found out

https://blogs.vmware.com/security/2013/01/a-new-year-and-new-vmware-vshield-protection-symantec-endpoint-protection.html

Don’t get your hopes up. From what I can tell, Symantec only uses vShield component to offload their Insight Caching Technology. For actual file-scanning engine, you still need the Symantec agent.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2039762

But why they have made this Datasheet so confusing and tried to given the impression that it is agentless meaning no SEP agent needs to be installed on each guest VM

its bad that symantec has given a false notion. 

SEP needs to be installed on every endpoint (doesn't matter physical or virtual).

 

Symantec Data Center Security provides Agentless Threat Protection and Hardening for Your VMware Environment. Not on Hyper-V (as of now). This is a different product from Symantec.

References: 

http://www.symantec.com/data-center-security/

http://www.symantec.com/content/en/us/enterprise/fact_sheets/data-center-security-6.5-product-matrix-en.pdf

 

Seyad I completely agree your point that only DCS is the true agentless antimalware solution from Symantec but why  (DATASHEET SYMANTEC ENDPOINT PROTECTION FOR VDI-1-1115.pdf)  is so confusing which gives people the impression that SEP for VDI is agentless. Many people have pointed to me that in the datasheet it is mentioned that SEP for VDI is agentless.  It should have been clear and precise.

 

Regard,

DCS agentless supports vShield and NSX for agentless anti-malware scanning and agentless reputation.For the agentless newtork IPS it is NSX only. The SEP AV policy is essentially blank/empty since SEP cannot be in machine without an AV policy, that should change in a later release. You can choose to not run, or run, other SEP policies in machine.

https://support.symantec.com/en_US/article.HOWTO124251.html