I managed to find several older posts regarding vShield anti-virus but nothing recent so here goes.I'm looking to implement a clientless vShield integrated anti-virus solution in a vSphere 5.1 environment and a separate vSphere 5.5 environment.So far I've found the below info.Trend Micro - Not yet compatible with vSphere 5.5. ETA sometime in Q2/Q3.Sophos - Requires a DHCP server. While not the end of the world, we don't currently have DHCP in our environment and haven't needed it for anything in the past 5 years, I hesitate to implement it for this.Kaspersky - Waiting on a call from sales to setup a demo.Symantec - Not interested, have been using them for the past several years and had a poor experience.BitDefender - Not interested, used them in the past and was not a happy customer.If you have any experience/recommendations implementing or managing a vShield AV solution with vSphere 5.5 I would really appreciate any feedback.
Thanks as always. What got our attention (in addition to the agentless client) was that our VMware vendor told us TrendMicro works hand-in-hand with VMware.
In fact it was a marketing point during Trend's sales pitch to us. We were going to immediately hop onboard that train.
However, during their demo in December we found out like you, that v.5.5 was not supported yet. They told us February release and we told them to call us back then; since we were not interested in installing agents on all our VMs and then removing them.It took an e-mail on our part asking what the status was of the agentless solution to find out it was released. This precipitated a flurry of e-mails back and forth and without going into great detail lets just say that since making contact with them in December, Trend's sales force leave a lot to be desired.We are very interested to hear your experience with Sophos.
TBS, I received a hard push from my VAR for Trend as well. I've had a good experience with Sophos in the past so I'm looking at both vendors. I had asked my Trend sales contact to let me know when 5.5 support was released and I hadn't heard from them yet.
I emailed them today after reading your post and they confirmed your info but told me that 'it's not something they can publicly announce at this time.' Whatever that means.
Regarding your comment about Trend's sales team, I'm having the same experience with Sophos so you're not alone.Maxim, that's great news thank you very much for commenting. I will hold off until that release to deploy in my test environment. Personally our company had an awful experience with Trend.It broke some features including vMotion and recomposing VMware View images, let a mass virus through.We ended up dropping Trend Micro and going with Kaspersky.The added benefit was Kaspersky was significantly easier to implement from an installation point of view and integrates seamlessly with the Kaspersky Management Console.Now i will say that this was back in the 4. days so they may have improved their game since then.My 2 cents. William,In a nutshell the Sophos VMware solution is nothing but a scanner. We participated in a demo of their solution and during the demonstration was told by the engineer that the product scans for viruses/malware and if something is found we then must download their tool to remove the infection.
The engineer indicated he believed the removal tool was free from their web site.We want an all-in-one type solution so we are revisiting TrendMicro and are scheduled to start a product evaluation this Friday. TBS9555 wrote:William,In a nutshell the Sophos VMware solution is nothing but a scanner. We participated in a demo of their solution and during the demonstration was told by the engineer that the product scans for viruses/malware and if something is found we then must download their tool to remove the infection.
The engineer indicated he believed the removal tool was free from their web site.We want an all-in-one type solution so we are revisiting TrendMicro and are scheduled to start a product evaluation this Friday.That's a fair point. Sophos Antivirus for vShield is an anti-virus/anti-malware scanner. A fast, effective, agentless scanner with than competing products, but still just a scanner. It can block, quarantine, or delete infected files it discovers, but it can't clean up after an infection. It's worth noting that this is also true of our competitors' products when they're used in agentless mode. This is a limitation of VMware's vShield Endpoint driver.
Some competing products do offer endpoint cleanup and additional capabilities through the option of a 'thin agent' that can be deployed to your virtual machines. We have this on the roadmap for our product, as well. Michaelben-yehuda wrote:Tbs9555,How did the Trend Micro eval go?We are looking for a similar solution as well.From reading this thread I'm not encouraged.Has Sophos released anything new?We decided to go with Trendmicro, we implemented it and have been running it for a couple months.A few points/issues:. Trendmicro is pretty straightforward to deploy, great web-based GUI. Although about half the time I was deploying protection to hosts or VMs it would fail the first time, second time succeeded. So far VM protection has been very good, lightweight as far as I can tell, easy to deploy and manage. Their support is not great.
Twice so far I've gotten nowhere with their offshore support and have had to email my Trend sales rep directly. She was then able to escalate to a local support engineer who resolved my issues. This despite us paying for premium support. A word on their premium 24x7 support. So far I've found that means someone will answer the phone and create a case.
They have first level reps available outside of business hours but any complex issues will be handled next business day. Deep Security won't clean network storage.
It can scan Windows Mapped Network Drives but clean and quarantine will fail. Supposedly they removed the ability to clean/quarantine network storage in the latest build(s) of 9.0. I have no idea why they would do this. Keep this in mind if you use CIFS shares or the like with your VMs.
The final issue I ran into was with scanning NAS/SAN CIFS file shares. I have many large file shares that I wanted to manually scan. This turned out to be surprisingly impossible with Deep Security. See #4 above, that it won't clean network shares. But the bigger issue is that there isn't a very effective way to manually scan.
Norton Antivirus Protection
Unlike every other AV I've ever used there is no local GUI on the protected servers, VMs or even physical servers with the agent installed. There is no option to right-click a drive and 'scan now'.
The only option is to kick off a manual scan in the web-based GUI. This shows no progress or details. In my scenario I have a CIFS share with 2 million files. A manual AV scan could take days.
I don't want to kick off a scan using their web GUI and just assume it's going to finish in a couple days with no progress indicators. So this use case failed for us. In the end I downloaded a 30 day trial of Trendmicro ServerProtect, which is a legacy product but does have the ability to manually scan network shares.In the end I'm not sure I would recommend Trendmicro. I would take a stronger look at Kaspersky if I were doing this again. We looked at them initially but the Trendmicro GUI and ease of use looked better. And in a 100% virtual environment Trend may be the winner.
But in our mixed virtual/physical environment Trend definitely falls short.
Vshield Antivirus Symantec 2016
The Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. The Security Virtual Appliance integrates with VMware's vShield Endpoint. The Shared Insight Cache runs in the appliance and lets Windows-based Guest Virtual Machines (GVMs) with the Symantec Endpoint Protection client installed share scan results. Identical files are trusted and therefore skipped across all of the GVMs on the ESX/ESXi host. Shared Insight Cache improves full scan performance by reducing disk I/O and CPU usage.