VMware Support Community
Luca82
Enthusiast
Enthusiast
‎12-10-2018 05:38 AM
Jump to solution

Does AppDefense still need an antivirus

Hi everyone, this seems to be the first question in this community.

I'm starting to explore AppDefense and its functionality. From now I can say that it is an awesome solution. But I have some doubts and misunderstandings. One of that is about the integration with other security product as well as monitoring tools. For example, with AppDefense, do I still need to use a traditional antivirus? Could AppDefense replace vShield Endpoint? And moreover, I saw and understood the integration with vRealize Automation.... but nowhere I see about integration with vRealize Operation.... I think it should be used in order to detect resource anomalies....or perhaps AppDefense already do it?

1 Solution

Accepted Solutions
chriscorde
VMware Employee
VMware Employee
‎02-11-2019 05:09 PM
Jump to solution

Hello - sorry for the delayed reply, and appreciate you taking a look at AppDefense.

The answer is somewhat complex, since it depends on how you've configured AppDefense on your servers. With the product you have the capability to set a response action to events. if you set a Block response to process execution, we would block anything that ran outside your expected set of applications. In this context AV would be mostly useless since malicious software would never have a change to run.

Some customers don't feel comfortable Blocking, however, so they run AppDefense in Alert mode where it acts more like an Intrusion Detection System. In that case we would recommend running alongside AV. The benefit of alert mode is it requires less overhead to manage.

If I understand your comment on vROps, are you saying AppDefense should detect something like a spike in CPU utilization and send that to vROps?

View solution in original post

1 Reply
chriscorde
VMware Employee
VMware Employee
‎02-11-2019 05:09 PM
Jump to solution

Hello - sorry for the delayed reply, and appreciate you taking a look at AppDefense.

The answer is somewhat complex, since it depends on how you've configured AppDefense on your servers. With the product you have the capability to set a response action to events. if you set a Block response to process execution, we would block anything that ran outside your expected set of applications. In this context AV would be mostly useless since malicious software would never have a change to run.

Some customers don't feel comfortable Blocking, however, so they run AppDefense in Alert mode where it acts more like an Intrusion Detection System. In that case we would recommend running alongside AV. The benefit of alert mode is it requires less overhead to manage.

If I understand your comment on vROps, are you saying AppDefense should detect something like a spike in CPU utilization and send that to vROps?