Endpoint Protection

 View Only
  • 1.  Scanning of virtual machines

    Posted Nov 20, 2009 07:37 AM
    My organisation uses virtual machines that host several servers on each machine. As far as we've been led to believe, only the host machine needs SEP installed; the virtual ones will be protected by that as well. Is this the case or should we be installing SEP on every virtual machine and the host server? (I seriously hope not as the performance hit would be immense)

    Thanks in advance
    Gill


  • 2.  RE: Scanning of virtual machines

    Posted Nov 20, 2009 07:42 AM
     You need to install SEP on host machine and VIrtual Machines.
    On the host machine SEP will just see the Virtual machine as a one VMX file/files.
    TO protect your virtual servers/machines you need to install SEP on them.


  • 3.  RE: Scanning of virtual machines

    Posted Nov 20, 2009 08:03 AM
    You can check the below article from Microsoft
    Error code when you create or start a virtual machine on a Windows Server 2008-based computer that has Hyper-V or on a Microsoft Hyper-V Server 2008-based computer: "0x800704C8", "0x80070037" or "0x800703E3"

      In this doc they are recommended about certain exclusions to be done for antivirus scanning for avoiding some problems. 
    As vikram told you need to install SEP on each virtual machine.
    ref: above article


  • 4.  RE: Scanning of virtual machines

    Posted Nov 20, 2009 08:29 AM
    The rumours of not needing protection on each virtual machine are exaggerated. Like they said - the individual machines need it too.
    I've had chats with a fellow at a major company where I used to work, they are big into terminal server and virtual machines and all - every image, every machine, physical or virtual gets protection installed. I guess they learned some things.....


  • 5.  RE: Scanning of virtual machines

    Posted Nov 20, 2009 10:44 AM

    No, Installing Symantec Endpoint Protection on the computer hosting virtual machines will protect the host computer, but not the virtual machines. You will need to install Symantec Endpoint Protection on the host computer as well as the virtual machines.

    The reason we are saying this is beacuse  even the VM will contact to the internet and downlaod stuff. If SEP is not installed on that there will be no Real time protection  or Network Protection  on the image. The SEP on the host machine will only come into the picture while running the scan
     



  • 6.  RE: Scanning of virtual machines

    Posted Nov 23, 2009 04:17 AM

    Thanks to you all for replying.

    Sorry, I should have been more specific. I agree with what you're saying for the VMWare servers we have, and we do have SEP running on them, but is that the case specifically for Virtuozzo servers as well? They're still virtual servers but they all share the host OS files, making the virtual servers tiny.

    Thanks
    Gill



  • 7.  RE: Scanning of virtual machines

    Posted Nov 23, 2009 06:22 AM
     Well Yes even in that case you will need a SEP on both the Parallel OS.
    As both the OS are independent of each other.They will only share some part of the memory.
    Both OS will have their own user space and temp memory which will neither be shared nor can be accessed by the other OS programs like AV.
    So as a best security practise you should install AV on both.

    However if you install AV on one OS it will protect most part of your HDD from being infected but not all.




  • 8.  RE: Scanning of virtual machines
    Best Answer

    Posted Dec 01, 2009 07:39 AM
    To help anyone searching for the solution to this, the official word from both Parallels (Virtuozzo) and Symantec is that you DO NOT have to run SEP on both node and containers as they share the same OS. Unlike VMWare the containers (virtual machines) aren't held within a single file on the node(s) but in one folder per container which is a flat structure and therefore gets scanned normally.

    All very clever...

    Gill


  • 9.  RE: Scanning of virtual machines

    Posted Dec 01, 2009 08:10 AM
    Knowing that TINY detail makes a huge difference! Most folks will "Assume" VMWare as that's the most prolific, and there IS a common misconception about VMWare going around.......
    VMWare servers get HUGE because the files are the same size as the "server" and the drive of that server. Then take snapshots - it's get really hairy.