hyper-v & antivirus protection

I'd been doing some research around this myself.  here's some answer I could get so far.  There're products in the market that can help you scan the Virtual machines while they're offline (shutdown or powered off), rather than on-line (switched on).  

While the VMs are online, you would require the AV installed in each of your clients as you mentioned).  However, when the VMs are offline, you could stack them together in file-system (like HyperV, ISO, VirtualPC, VMWare workstation) into a folder based structure and initiate a scan using specially constructud AV software.  In case your VMs are ESX images, you could manage them through Virtual Infrastructure Client using resource pools and get them scanned offline through the same/different AV software.  

okay, now the most important part.  At the moment, only two vendors have these 'specialized AV software' that can support offline VM scans, as far as i know - McAfee and TrendMicro.  NOTE: I've used McAfee's software, and not TrendMicro.

If you've any more queries, I would be happy to assit you with as much as i know...

one thing I forgot to add - HyperV scan is supported too, among other file-based scanners.

nope, i think you misunderstood.  What I was trying to say was exactly opposite - you won't need to install them on all client VMs (virtual machines), as far as you're okay scanning them while they're powered off/shutdown.  

let's look briefly at what're virtual machines?  They're nothing but a defined group of files (I'm taking VMWare as an example here) - like vmdk, .vmx, .nvram etc.  What makes these files behave like virtual machines?  these contain specialized data that can be read by software solutions like VMWare player and recreate a machine 'virtually' on a host machine, through the concept of a hypervisor.  If you keep apart this, these are just ordinary files.  any action that you can normally perform on a regular file, is applicable to these too - among many things you can do to these files, is to scan them too using AV.

the only issue about scanning (or even accessing them, for that matter) these files is that once the VMWare player starts playing these virtual machines, they can't be read by any other softwares - including AV.  So, you'll have shut the machines down or power them off, to enable scan on these files.

All you'll need to do is:

- poweroff your virtual machines (applies to VMWare, hyperV, ESX, Virtual PC etc)
- Install your AV onto host machine (the one that hosts your offline virtual machines)
- add scan tasks into your AV software to scan these files.  For scanning multiple virtual machines, you can just store each in a folder and scan the root folder, just like on-demand scan.

I just realized that my reply can be misinterpreted in a very very bad way!  

In fact, I just resorted to this explanation so that you can understand it easier.

Note that scanning virtual images are 'internally' treated as entirely different from scanning regular files.  Because of the fact that, the AV has to actually 'load' the virtual machine before initiating a scan similar to what a VMWare player software will do.  It can't treat the files just like any ordinary file in the file-system.  I hope you're able to get what I'm trying to say here.

Protection should be real time for best protection so you need to have AV installed on each Virtual Machine for realtime protection--period.  Now the question becomes, is your host machine robust enough to host the virtual machines?  

You need to install AV in each Virtual machine like leew stated each VM is just like a physical computer but instead of needing hardware for each server you use a file system instead. The OS is still run just like you would in a physical environment.

I prefer Trend Micro's Worry Free Business Security.

Trend Micro has been known to cause issues with Windows 2008 Servers. McAfee and AVG haven't given me one issue. I have used both in Hyper-V environments and non-Hyper-v environments.

Hi,
If you would like to keep the product VM high availability, I am not sure, you may use failover clustering technology using shared iSCSI  LUN.
There are no quickly way which can against Antivirus without utilize system resource, we just want to say that also a factor we need to consideration in host server sizing phase. the goal is make sure system running smoothly without security issue also apply governments compliance.

Hi,
That's hard to provide recommendation, i am not clear know what the laptop model and not recommend you the type. but some factors which need us look into:
1). Processor: support virtual technology, how many processor need arrange to virtual machine
2). Disk drive: if you would like to use ESX server, would use SAS disk, how many size disks you would like to assign to VM
3). Network: one is enough.
4). physical laptop hardware performance is recommend use the total VM performance requirement plus addition 15%

hope this useful.

darisug, I would be interested in knowing what issues.  I use Trend in Hyper-V and Server 2008 environments and haven't had any issues.  Any references you can provide?

Personal experience also post that I have worked on EE with network communication and hanging of the OS.

McAfee is the best solution

McAfee Total protection

I have seen the Trend Micro deletes Guest details when powering on problem before.  There is no problem when running Trend Micro from within the guest, only on the host.    To fix the problem on the host you just need to exclude the guest directories on the host from being scanned.   Here is a post with the same problem:
http://www.experts-exchange.com/Microsoft/Applications/Virtual_Server/Hyper-V/Q_24384173.html

I would suggest it is best practices to exclude these directories no matter what AV you are using