cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 6
‎01-20-2015 03:07 PM

Staggering Scanning on Virtual Platforms

Is there a good way to manually stagger scans or file updates for virtual platforms? With VMotion or Live migration, I cannot guarantee any one VM will be on a particular host. So simply tagging machines into groups, over the long term, will not be very robust. There is MOVE which I am looking into, but we have a fair number of non-Windows and thus does not get me all of what I need.

Is this just forever a game of whack-a-mole in tagging? Does DataCenter connector for Vsphere have any options which allow tagging or other identifiers to be present which so I can assign a scanning policy?

At least with DAT updates, I can set randomization to a few minutes since it does not seem to be terribly resource intensive.

0 Kudos
Reply
5 Replies
Artfulbodger
Level 13
Report Inappropriate Content
Message 2 of 6
‎01-26-2015 08:08 AM

Re: Staggering Scanning on Virtual Platforms

Hi

To cover some of your points one by one.

  • DataCenter connector for vSphere - You can tag a machine as it is discover/refreshed but this is per Cloud Account (vCentre), so If you operate one vCentre with all you HA's available, it doesn't really help since they all get tagged the same.
  • You cannot auto tag any machine by any of the attributes which are discovered through the vSphere DCC, such as Host name (which would have been nice)
  • If you go down the MOVE-AV route you don't need to do the DAT updates since there is is no scan engine on the guests, but the exclusions/low-risk-process policies are separate from VSE so you end up duplicating your work for the other Endpoint Technologies.

We are running MOVE-AV for VDI and Servers. If you have any specific questions surrounding MOVE-AV feel free to ask.

Regards

Rich

Volunteer Moderator.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 6
‎02-05-2015 07:32 AM

Re: Staggering Scanning on Virtual Platforms

Hi

Honestly, MOVE AV is confusing. Hopefully you can shed some light.

In an agentfull application (i.e. no vshield) Is Linux supported or not? https://kc.mcafee.com/corporate/index?page=content&id=KB72839 says 2.5 or later. http://www.mcafee.com/us/products/move-anti-virus.aspx#vt=vtab-SystemRequirements says no.

If yes, it is my understanding that MOVE Scheduler is only for Windows?

Other than that, what does the load on the offload scanner appliance look like? When it is down, of course scanning will stop but will clients notice? Does network latency come into play at all?

0 Kudos
Reply
Artfulbodger
Level 13
Report Inappropriate Content
Message 4 of 6
‎02-05-2015 07:54 AM

Re: Staggering Scanning on Virtual Platforms

Hi

I have just a a quick look at the Product Guide for MOVE AV Multi-Platform 3.5 (no vShield)

The McAfee MOVE AV client software requires one of these operating systems:

• Windows XP SP3 (32-bit)

• Windows 2003 R2 SP2 (32-bit)

• Windows Vista (32-bit or 64-bit)

• Windows 2008 SP2 (32-bit or 64-bit)

• Windows 7 (32-bit or 64-bit)

• Windows 2008 R2 SP1 (64-bit)

• Windows 8 (32-bit or 64 bit)

• Windows 2012

• Windows 8.1 (32-bit or 64 bit)

• Windows 2012 R2 (64-bit)

Short answer - No Linux Support.

Load on the Offload Scan Server (OSS) - This will depend on the exclusion policies and the on access quantity and number of clients using the OSS, of which their is a hard limit.

OSS Down, the client will time out on the scan request, but best practise is to use a Primary AND secondary OSS, normally configured in the SVA policy.

Network Latency - Yes this will come into play, since the file is 'sent' to the OSS to be scanned by the VirusScan engine at the far end, so the Network latency will have an effect on the time it takes for the file to be sent to the OSS to be scanned.

I hope this helps.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

0 Kudos
Reply
Dvanmeter
Level 10
Report Inappropriate Content
Message 5 of 6
‎02-05-2015 01:11 PM

Re: Staggering Scanning on Virtual Platforms

A technique I use is running a scan or update by tag.  In order to equally balance the number of virtual devices that get scanned at one time I use the last digit of the mac address.  If the mac address ends in digit 0-5 then you are given a tag "group 1", if 6-9 then you are given the tag "group 2", if a-d then "group 3" and so on. This will create a pretty easy and automated way to may equal number of groups.  New machines will automatically be placed in to the appropriate group without intervention.  Then you can run a scan at 1:00pm on group 1,  A scan at 2:00pm on group 2.  Dat files can be run the same way.

Hope this make sense. It works really well for me.

Reply
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 6
‎03-20-2015 06:26 AM

Re: Staggering Scanning on Virtual Platforms

Good points from both. Thanks very much guys. Some good info to get me started.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC