About the Symantec Virtual Image Exception (VIE) tool for Symantec Endpoint Protection (SEP) clients running on virtual machines.
The Virtual Image Exception (VIE) tool is designed specifically for environments leveraging virtualization technologies where a single baseline image is used to deploy many identical or nearly identical Virtual Desktop Infrastructure (VDI) clients. The VIE tool is used to add a new Extended File Attribute (EFA) value to all existing files on a machine before imaging. The EFA value remains valid until the file is modified.
The Symantec Endpoint Protection (SEP) client checks for this attribute before scanning files and skips scanning any files that are marked as "known good" by the VIE tool. Scans on VDI clients created with images processed by the VIE tool will experience lower I/O load, CPU usage, and network bandwidth usage during scheduled and manual scans.
Baseline Image Considerations
It is important to ensure that VIE is only run against baseline images that are clean of any infections or threats. The tool should be run as the last step before distributing the image. VIE should be run against all baseline images in the environment to ensure the maximum performance benefits.
VIE is a command-line tool. It requires the SEP client be installed before it will successfully execute and must be run from a virtual machine. It must be run from the "bin" directory (x86: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<version>\Bin\vietool.exe | x64: C:\Program Files\Symantec\Symantec Endpoint Protection\<version>\Bin\vietool64.exe)
The tool can be run with the following switches:
Note: VIETool64.exe is the 64-bit version of the utility and is included as an attachment to this article.
vietool.exe volume: --generate|clear|verify|hash [options ...]
Runs the Virtual Image Exception tool on all files on the volume specified. You cannot use this option with --clear.
For example: vietool c: --generate
Verifies that the Virtual Image Exception is set on all files on the specified volume. You cannot use this option with --clear.
For example: vietool c: --verify
Removes the Virtual Image Exception on all files on the volume specified.
For example: vietool.exe c: --clear
To delete a specific file: vietool.exe c:\Users\Administrator\target.file --clear
You can use a fully qualified path in place of the volume identifier to clear the Virtual Image Exception on a single file or the contents of a folder. Only one file name, folder name, or volume identifier per command line is allowed. You cannot use this command with --generate, --verify, or --hash.
You must restart the client after you run the --clear command.
Generates the hash value on all files on the volume specified.
The Virtual Image Exception tool uses the hashes to exclude local files from future scans. The clients compute file hashes separately to send to the Shared Insight Cache to store scan results. You cannot use this option with --clear.
For example: vietool.exe c: --generate --hash
Specifies the volume the tool scans.
This option can be a file when you use the --clear option. You must specify the volume, and it can be specified either with the volume flag or alone. For example, with the flag vietool.exe --volume c: --generate, or alone vietool.exe c: --generate.
Outputs to the console the maximum amount of program execution information.
Stops on the first error that the tool encounters. Otherwise the tool writes error information to the console and continues.
Displays this help message.
Examples and additional information on VIE are available in the Using the Virtual Image Exception tool on a base image.
Using the VIE tool is a two-part process. You must also enable the use of Virtual Image Exceptions in Symantec Endpoint Protection Manager. Once the feature is enabled, virtual clients look for the attribute that the tool inserted. Symantec Endpoint Protection then skips the scanning of base image files that contain the attribute.