VMware Communities
SteenSchmidt
Contributor
Contributor
‎05-20-2015 06:24 AM

Antivirus on VMs or on Host only?

Hi,

We use Symantec Endpoint Protection (SEP) on our host machines. Do you also install antivirus software on each VM, or do you reckon SEP will protect the running VMs as well? Will SEP even be able to scan into a shut down VM file system?

By running SEP on both the host machine and all the powered up VMs I fear a fight between mulitiple scanning processes, not to speak of the license cost.

Cheers,

Steen

Tags (1)
0 Kudos
4 Replies
wila
Immortal
Immortal
‎05-22-2015 12:38 AM

Hi,

Treat every VM as you treat your physical host and that means you should install antivirus into every VM.

Normally antivirus will not check your vmdk (virtual disk files) and if it does you should exclude the file type from your antivirus as like you say you wouldn't want the host OS antivirus to combat with the guest OS antivirus.

PS: I have not touched a Symantec antivirus product in a decade so cannot answer the SEP specific questions, but unless Symantec explicitly advertises with it to scan in your vmware virtual machines you can be quite certain it doesn't do that.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva
Chetan67
Contributor
Contributor
‎05-22-2015 12:40 PM

Hi,

I am Chetan Savade from Symantec Technical Support Team.

Symantec Endpoint Protection Manager and clients operate with the same functionality in virtual environments as they do in physical environments. Symantec Endpoint Protection provides the features that improve performance in virtual environments. Deploying the management server and clients in virtual infrastructures is identical to physical deployments. Every operating system let it be Physical or virtual it must have SEP installed.

SEP 12.1 has many new features.

It provides advanced virtualization support with the help of following features:

1) Virtual Image Exception – Allows to exclude all the files on a baseline image from scanning.

2) Shared Insight Cache – A stand alone server that enables clients to share scan results.  This allows clients to skip scanning files that have already been scanned by another client.

3) Virtual Client Tagging – Makes the clients virtualization aware and sends back the hypervisor vendor to SEPM.  That data can be used in client searching and reporting.

4) Offline Image Scanner – A stand alone tool to scan offline VMware image (VMDK) files.

Best practices for virtualization with Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/TECH197344

Managing Symantec Endpoint Protection in virtual environments

http://www.symantec.com/docs/HOWTO55356

Best Regards,

Chetan

SteenSchmidt
Contributor
Contributor
‎05-22-2015 01:02 PM

Thanks for your answer.

Do I need a separate SEP license for each VM, or can/may the host machine's license be used on the VMs it hosts as well? I couldn't find an answer to that on the Symantec website.

If it matters then the hosts we're talking about are Windows 7 workstations for use by a single developer, and all VMs are local to each host. It's not servers hosting virtual desktops for other users for instance.

Cheers,

Steen

0 Kudos
Chetan67
Contributor
Contributor
‎05-25-2015 06:28 AM

Hi,

Q. Do I need a separate SEP license for each VM, or can/may the host machine's license be used on the VMs it hosts as well

--> Each running instance (physical and/or virtual) must be licensed. A Symantec Endpoint Protection license applies to the Symantec Endpoint Protection clients. For instance, in a network with 50 endpoints, the license must provide for a minimum of 50 seats.

Licensing enforcement rules

http://www.symantec.com/docs/HOWTO55135


Best Regards,

Chetan

0 Kudos