Add the VMware EPSEC driver on each GVM / Master Image
vShield Endpoint monitors virtual machine file events and notifies the antivirus engine, via VMware EPSEC (Endpoint Security), which scans and returns a disposition. It also supports scheduled full and partial file scans initiated by the antivirus engine in the security virtual machine.
- Use the VMware Tools installer to install the EPSEC driver
Note: Perform a custom install and select vShield drivers under VMware device drivers/VMCI drivers, or perform a complete install
Enable Symantec Endpoint Protection clients to use a vShield-enabled Shared Insight Cache
- In the Symantec Endpoint Protection Manager console, open the appropriate Virus and Spyware Protection policy and click Miscellaneous
- On the Miscellaneous page, click Shared Insight Cache
- Check Enable Shared Insight Cache
- Click Shared Insight Cache using VMware vShield
Install SEP client on Base image
- Copy the SEP agent for VDI clients to the GVM or the master image
- Execute Setup.exe in Admin context
- Reboot the VDI client after installation and update definition to latest
- Confirm from the SEPM that the client is reporting
Run the Virtual Image Exception tool on the base image
You can use the Virtual Image Exception tool on a base image before you build out your virtual machines. The Virtual Image Exception tool lets your clients bypass the scanning of base image files for threats, which reduces the resource load on disk I/O. It also improves CPU scanning process performance in your virtual desktop infrastructure
Process for using the Virtual Image Exception tool on a base image
Step 1: On the base image, perform a full scan on all of the files to ensure that the files are clean
Running the Virtual Image Exception tool
- From the Symantec Endpoint Protection Tools product disc, download the following file to the base image:/Virtualization/VirtualImageException/vietool.exe
- Open a command prompt with administrative privileges
- Navigate to the directory where the Virtual Image Exception tool is installed
- Run the Virtual Image Exception tool with the arguments : vietool.exe c: –generate –hash
Step 4: Enable the feature in Symantec Endpoint Protection Manager so that your clients know to look for and bypass the marked files when a scan runs from SEPM > Policies > Virus and Spyware Protection Policy > Miscellaneous> Virtual Images
Prepare a Symantec Endpoint Protection 12.1 client for cloning
This tool will remove all Symantec Endpoint Protection client identifiers and leave the Endpoint Protection services stopped. It should be done as the last step in the image preparation process, before running ClientSideClonePrepTool and/or shutting down the system. If the system is rebooted or the Endpoint Protection client services are restarted then new identifiers will be generated and you must re-run the tool before cloning.
- Install the operating system, applications, and patches
- Install the Symantec Endpoint Protection Client and update the definitions
- Copy ClientSideClonePrepTool.exe to a folder on this computer
- Open a command prompt with administrative privileges
- Navigate to the directory where the ClientSideClonePrepTool.exe is copied
- Run ClientSideClonePrepTool.exe.
Non-persistent virtual desktop infrastructures
- Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures
- Setting up the base image for non-persistent guest virtual machines in virtual desktop infrastructures
- Creating a registry key to mark the base image Guest Virtual Machines (GVMs) as non-persistent clients
- Configuring a separate purge interval for offline non-persistent VDI clients
Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures
You can configure the Symantec Endpoint Protection client in your base image to indicate that it is a non-persistent virtual client. You can then configure a separate purge interval in Symantec Endpoint Protection for the offline guest virtual machines (GVMs) in non-persistent virtual desktop infrastructures.
Symantec Endpoint Protection Manager removes the non-persistent GVM clients that have been offline longer than the specified time period. This feature makes it simpler to manage the GVMs in Symantec Endpoint Protection Manager.
Creating a registry key to mark the base image Guest
Step 1: In Symantec Endpoint Protection Manager, disable Tamper Protection. This should be done by a SEP Admin.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\
2. Create a new key named Virtualization
3. Under Virtualization, create a key of type DWORD named Is NPVDI Client and set it to a value of 1
Configuring a separate purge interval for offline non-persistent VDI clients
Over time, obsolete clients can accumulate in the Symantec Endpoint Protection Manager database. Obsolete clients are those clients that have not connected to Symantec Endpoint Protection Manager for 30 days. Symantec Endpoint Protection Manager purges obsolete clients every 30 days by default.
If you do not want to wait the same number of days to purge obsolete non-persistent clients, you can configure a separate interval for them. If you do not configure a separate interval, then offline non-persistent VDI clients are purged at the same interval that non-virtual obsolete clients are purged.
Online non-persistent clients count toward the number of deployed licenses; offline non-persistent clients do not.
You can also filter the offline non-persistent clients out of the view on the Clients page.
To configure the purge interval for offline non-persistent VDI clients
Step 1: In the Symantec Endpoint Protection Manager console, on the Admin page, click Domains.
Step 2: In the Domains tree, click the desired domain.
Step 3: Under Tasks, click Edit Domain Properties.
Step 4: On the Edit Domain Properties > General tab, check the Delete non-persistent VDI clients that have not connected for specified time checkbox and change the days value to the desired number
Step 5: Click OK.
Weekly Scan Settings
You can select the frequency of the scans by going to the Administrator- Defined Scans and setup the scan with the scheduling details.
Check if you want to enbale Insight Lookup you can do so from the screen below.
This concludes the 3rd and the final part on Symantec Endpoint Protection integration with VMware Horizon View. I hope that this is useful and thank you for reading.