VMware Cloud Community
Gr2
Contributor
Contributor
‎02-17-2010 04:01 AM
Jump to solution

What VMware files should be excluded from VM's under ESX 3.5 when using Symantec Antivirue 10.x

Hi there

I am new to VMware

I am trying to improve the performance of our VM's

We are using ESX 3.5 (3 hosts Servers) and all our VM's are running Win2003 Sp2

All our servers have Symantec AV corp 10.x installed on them with default Auto protect / scanning options

I got this from Symantec:

When VMWare is running it makes continuous

open, write, and close calls to the sessions hard drive files, which

causes Realtime to scan these files repeatedly. To improve scan

performance exclude VMWare files as well as the session disk files

What VMWare / Session files are they referring to? Is this the VMware hosts or Virtual machines?

The only files I find related to VMware on my VM's is:

C:\Program Files\Vmware Tools

Any ideas?

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎02-17-2010 08:46 AM
Jump to solution

Hello,

There are two ways to do AV within ESX.

1) From the Host, you would exclude anything residing on a VMFS

2) From within the VM, you would not use a continuous mode but a staggered scan across your VMs.... Ie. not too many VMs scanning simultaneously. Continuous scans open quite a few files, etc. But in a VM there are no 'session' files, etc. that I am aware, they all reside upon the VMFS/Datastore in question.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
1 Reply
Texiwill
Leadership
Leadership
‎02-17-2010 08:46 AM
Jump to solution

Hello,

There are two ways to do AV within ESX.

1) From the Host, you would exclude anything residing on a VMFS

2) From within the VM, you would not use a continuous mode but a staggered scan across your VMs.... Ie. not too many VMs scanning simultaneously. Continuous scans open quite a few files, etc. But in a VM there are no 'session' files, etc. that I am aware, they all reside upon the VMFS/Datastore in question.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos