Solved

Anti-virus Kaspersky light agent for VMware

Posted on 2014-11-05
9
498 Views
Last Modified: 2014-11-12
Hi guys,

I'm evaluating which option is better for my environment as I'm using VMware essentials (3 hosts with vcenter) I need a agentless or something similar for my virtual machines. I've been reading and the agentless solution from Kaspersky is not good beucase it needs vshield, which is only available on the most expensive vmware enterprise licenses. As I'm using vmware essentials I can't have vshield.

The options left are the light agent and the normal kaspersky installed on each VM like done in a normal barebone hardware running Windows .

This light agent solution seems interesting as I'm going to have a central VM doing all the heavy work and storing the AV databases. But I would like to know from your guys opinion what other vendors might be doing regarding this approach, is there any other company competing in this area with Kaspersky? Anything as good, or even better?

Thanks!
0
Comment
Question by:Alex
  • 5
  • 4
9 Comments
 
LVL 119
ID: 40424591
Any vendor based anti-virus, real-time scanning engine, causes an overhead in the VM.

We look at what surrounds the VM, so we have anti-virus on the Internet Gateway, Mail Gateway, Exchange Servers, and File Servers, so we do our best have Anti-Virus products, and leave VMs without anti-virus installed.

Most these days are Browser based payloads and attacks, and WE don't use BROWSERS on Servers.

Is this for Desktop or Servers ?

Have you looked at Trend Suite ?
0
 

Author Comment

by:Alex
ID: 40425720
You mean you have anti-virus at the gateway in which way exactly, a normal client software installed on a machine that servers as gateway? Can you clarify please?

Well you say you leave your servers with AV and your VMs without. My servers are all VMs, so I'm not sure what do you mean by that.

We have Microsoft RDS servers, lots of them. Shared based session servers basically and all of them browse the web heavily for the thinclients.

I'm looking at trend, but it seems it needs vshield for the VMware solution, no in between fat client and agent less. Do you guys use it?
0
 
LVL 119
ID: 40425807
Proxy Server, or what ever mechanism you use for clients to access the internet.

Okay, so all your servers are VMs, so what is the risk?

Unless you use your Servers as Workstations?

Do you have firewalls enabled, do you have your servers regularly patched.

If you use Real Time scanning engines on RDS, performance will be affected.

We use Trend, some of our clients use Trend, some do not use Anti-virus, and some do use anti-virus, and understand the VM/RDS will take a performance hit, and therefore have more servers to take the loading.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Alex
ID: 40425897
I'm still checking what we will use as a proxy, perhaps Bloxx as we have already used before, or Barracuda as I'm going to test it later.

T wan to have a file level scanning running on file servers so if someone dumps something with a virus there, it is scanned and blocked so no one else can access in in case it is something dodgy as a fileshare. The RDS server will need to have real time scanning, memory, files open, browser activity too perhaps. I know performance will be affected but I'm looking for a solution that can minimise  the performance hit. So far Kaspersky seems interesting with the central repository/database/scanning as then it use light agents on each server to collect the information. I'm not sure in real life how it works, first time I'm doing this and it seems it is fairly new technology.

I use pfSense as a firewall.

So with Trend, do you use the normal fat client software on the servers you need protection? What do you do with protection for RDS servers?

Thanks!
0
 
LVL 119
ID: 40425915
We are not convinced by "light agents" all Agents, on a server scanning in real time will cause a performance hit.

Be careful, you don't end of with a broad cast a storm, hitting all your servers at the same time, causing performance issues on the datastores.

Trend for everything, Trend was one of the first Anti-virus packages to have RDS scanning. If not the first Anti-Virus product to be verified by Citrix.
0
 

Author Comment

by:Alex
ID: 40425928
Yeah, I'm not convinced too, it is fairly new. It goes down the line with vShield for VMware. Have you ever used it?

The light agent will cause performance hit, but we hope it causes a smaller hit with this centralised approach.

Wouldn't this storm be more likely to happen with standalone fat clients running on the servers for example?

How this RDS scanning works in your opinion? Does it work well for a RDS farm? We will have several servers, so I would like to understand if it can somehow not scan the same file several times because if is being accesses by differnet RDS servers.

So let's say USER1 open file at RDS1, what happens if USER2 opens the same file at RDS2? will it be scanned again?
0
 
LVL 119
ID: 40425953
Yes, we use vShield for VDI mainly, to prevent broadcast storms on the Datastore.

Anti-Virus is a compromise, between performance and security. (unless you use vShield!)

All transactions are scanned, but Trend, scans at the network layer, to stop the process getting into memory, some scan memory for the pattern file.

You need to evaluate them all, and see how performance affects your environment.
0
 

Author Comment

by:Alex
ID: 40433057
Just go a word from the reseller saying that the light agent won't work on Windows 2012 R2.

So with Trend is or the full fat client installed on each VM or then the vShield appliance, there is no in between right?
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40433222
That's correct.

Install the full fat client, and take the performance hit!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to remove VSphere from Host Machine 5 49
Vcenter 8 51
VMWare fails to boot after update 15 37
ESXi 5.5 incompatibility when migrating VM 9 63
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question