Execellent links Petedr. I understand some shops have a security mandate to install AV in the SC, but we need to stop treating every OS as if were Windows. How about we install Norton in a Cisco IOS, a KVM switch or a SAN? At some point the people driving these security mandates to install AV in everything (because that is what they are used to in the windows world) have to be educated on how separation of traffic and other security measures protect the ESX COS.

Hello,

Moved to the Security Forum.

have a security mandate to install AV in the SC, but we need to stop treating every OS as if were Windows

This is true, but if you do install AV in the SC, just take special care on how you scan things. You asked whether VMsafe solves this, and the answer is maybe.

TrendMicro has a product that uses the VDDK (vStorage APIs) to scan VM disk whether they are running or not. This is a great way to do things as you can keep track of AV even if the VM is powered down.

Other than that, VMsafe will not help with disk scans, it will help if you have a network IPS available to VMsafe-net.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]