You want to know new features about virtualization within Symantec Endpoint Protection 12.1 (SEP 12.1).
SEP 12.1 has many new features.
It provides advanced virtualization support with the help of following features:
1) Virtual Image Exception – Allows to exclude all the files on a baseline image from scanning.
2) Shared Insight Cache – A stand alone server that enables clients to share scan results. This allows clients to skip scanning files that have already been scanned by another client.
3) Virtual Client Tagging – Makes the clients virtualization aware and sends back the hypervisor vendor to SEPM. That data can be used in client searching and reporting.
4) Offline Image Scanner – A stand alone tool to scan offline VMware image (VMDK) files.
Virtual Image Exception
Administrators leverage base images to build virtual machines for their virtual desktop infrastructure (VDI) environment. The Symantec Virtual Image Exception (VIE) tool lets your clients bypass scanning base image files for threats, which reduces the resource load on disk I/O. It also improves CPU scanning process performance in your VDI environment.
Virtual Image Exception(VIE) is a tool that gives administrators the ability to easily set exclusions for files in a virtual operating environment.
Available only in Enterprise Edition. Not available in Small Business Edition (SBE).
Runs as a stand alone application and doesn’t require a traditional install
Must be run from within a virtual machine (VMware, Citrix, of Hyper-V)
Runs on Windows XP SP2, SP3, Vista, Windows 7, and Windows 2008 R2
Command-line options for silent and automated operation
Detailed logging/reporting capabilities
Provides configurable options in SEPM for Administrators to turn on and off VIE exceptions for auto-protect and administrator defined scans.
Before you enable this feature in Symantec Endpoint Protection Manager (SEPM), first run the Virtual Image Exception tool against the base image files. The Virtual Image Exception tool marks the base image files by adding an attribute. If the file changes, this attribute is removed. Administrators can enable the exclusions or disable the exclusions from being used via the AV Policy for both On-Demand and Auto-Protect.
VIE is found in the /tools/VirtualImageException folder on the Symantec Endpoint Protection product disc. For more information about how to use this tool, see the Symantec Endpoint Protection Virtual Image Exception User Guide, which is located in the same folder or from the following link:
This feature is disabled by default. Enable the feature so that when your client goes to scan a file, it looks for this attribute. If the base image file is marked and remains unchanged, the client skips scanning the file.
Symantec Endpoint Protection supports the Virtual Image Exception tool for both managed clients and unmanaged clients.
Enable the settings through following location:
SEPM --> Policies --> Virus & Spyware Protection Policy --> Edit the policy --> Go to Miscellaneous--> Virtual Images
Shared Insight Cache
Shared Insight Cache (SIC) is a server application which caches known clean files in order to optimize scan performances. The SIC server is mainly designed for virtual environment but usage on physical system is supported given that network latency is kept at an absolute low. SIC server keeps a record in memory (RAM) of files which are voted clean by the system performing scans
First SEP client needs to scan a file. It queries SIC and finds no record. SEP then scans the file and sends the results to the SIC.
Subsequent SEP clients need to scan the same file. They query the cache server and find the file has already been scanned with the same version of definitions and the file is clean. SEP client skips scanning the file.
When a second client run the scan it goes though the same process and since the file is cached on the SIC therefore will skip the scan.
Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans.
Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure the Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with Shared Insight Cache. No special license is required to install or run Shared Insight Cache.
Enterprise Edition only. Not available in SBE.
Targeted for virtual environments but can be used on physical clients too
Applies to all On-Demand Scans (User Initiated, Scheduled, Admin Defined).Does not apply to auto-protect.
Scalable to thousands of clients per server
Communication between client and SIC is HTTP. Optional configuration for HTTPS and authentication is available
Applies to all files (Not just Binary Executables)
The tool is located on SEP 12.1 DVD under \Tools\SharedInsightCache