1 Reply Latest reply on Oct 29, 2012 7:53 AM by SupportKM

    vCenter Protect AV


      I've posted on here a few times already with some questions on patching and that is all working amazingly well now.  We have agents pushed out and scheduled tasks for threat scans, asset scans, and patching (both windows and third-party software).  We even used vCetner Protect to push out IE9 to our entire environment and to move from java 6 to java 7.  Now that we are getting more familiar with how vCenter Protect works and learning the nuances we are ready to take the next step, AV.


      We have the license that included AV and have turned it on in our test agent policy where we just have a few machines. We have set it up and it appears to be working on those few test machines but we ran into some questions.


      1) When we install the agent for patches does that included the AV agent and it’s just disabled if you have it off in the agent policy?


      2) We have some settings from our current AV that we will need to duplicate for example on a few servers we need to allow the McAfee "prevent mass mailing worms from sending mail" and "prevent IRC communication" rules.  Is there something similar in vCenter Protect?


      3) Not really an AV question I don’t think, but we made a machine group with our ESXi hosts, which is cool and all but how is that use full. When we did that then had each VM show up twice under the agent manager once with the agent we already installed and once with no agent I am assuming from when we added the hosts.  Can we install an agent on the Hosts for some reason? Maybe we can even run the AV in on the hosts in the hypervisor or is that a completely separate product (vSheild I think?).



      Thanks in advance,


        • 1. Re: vCenter Protect AV



          1) When you install an agent, it will only install the components necessary for it to function within that policy.  So if you don't have active protection or any AV tasks specified in your policy, it will only install the agent itself.  If you have patch tasks specified it will install the patching components as well.  If you add these features to the policy later, the agent will download them the next time it checks in.


          2) As far as analogues to the features of McAfee, which if I read correctly you are bypassing, we have no such features.  Our agent only monitors the client machine itself for viruses, it does not monitor or block network traffic.


          3) If you have machines showing up twice in the agent manager, it typically means you have duplicate entries in machine view.  If you locate the entries of the machines in machine view which show no agent installed and delete them, they will be removed from the agent manager screen.  We are only able to install our agents on windows operating systems, we cannot install them on ESXI hosts, just the guest OS'.