You want to know new features about virtualization within Symantec Endpoint Protection 12.1 (SEP 12.1).
SEP 12.1 has many new features.
It provides advanced virtualization support with the help of following features:
1) Virtual Image Exception – Allows to exclude all the files on a baseline image from scanning.
2) Shared Insight Cache – A stand alone server that enables clients to share scan results. This allows clients to skip scanning files that have already been scanned by another client.
3) Virtual Client Tagging – Makes the clients virtualization aware and sends back the hypervisor vendor to SEPM. That data can be used in client searching and reporting.
4) Offline Image Scanner – A stand alone tool to scan offline VMware image (VMDK) files.
Virtual Image Exception
Administrators leverage base images to build virtual machines for their virtual desktop infrastructure (VDI) environment. The Symantec Virtual Image Exception (VIE) tool lets your clients bypass scanning base image files for threats, which reduces the resource load on disk I/O. It also improves CPU scanning process performance in your VDI environment.
Virtual Image Exception(VIE) is a tool that gives administrators the ability to easily set exclusions for files in a virtual operating environment.
Before you enable this feature in Symantec Endpoint Protection Manager (SEPM), first run the Virtual Image Exception tool against the base image files. The Virtual Image Exception tool marks the base image files by adding an attribute. If the file changes, this attribute is removed. Administrators can enable the exclusions or disable the exclusions from being used via the AV Policy for both On-Demand and Auto-Protect.
VIE is found in the /tools/VirtualImageException folder on the Symantec Endpoint Protection product disc. For more information about how to use this tool, see the Symantec Endpoint Protection Virtual Image Exception User Guide, which is located in the same folder or from the following link:
Symantec Endpoint Protection Virtual Image Exception User Guide 12.1
This feature is disabled by default. Enable the feature so that when your client goes to scan a file, it looks for this attribute. If the base image file is marked and remains unchanged, the client skips scanning the file.
Symantec Endpoint Protection supports the Virtual Image Exception tool for both managed clients and unmanaged clients.
Enable the settings through following location:
SEPM --> Policies --> Virus & Spyware Protection Policy --> Edit the policy --> Go to Miscellaneous--> Virtual Images
Shared Insight Cache
Shared Insight Cache (SIC) is a server application which caches known clean files in order to optimize scan performances. The SIC server is mainly designed for virtual environment but usage on physical system is supported given that network latency is kept at an absolute low. SIC server keeps a record in memory (RAM) of files which are voted clean by the system performing scans
First SEP client needs to scan a file. It queries SIC and finds no record. SEP then scans the file and sends the results to the SIC.
Subsequent SEP clients need to scan the same file. They query the cache server and find the file has already been scanned with the same version of definitions and the file is clean. SEP client skips scanning the file.
When a second client run the scan it goes though the same process and since the file is cached on the SIC therefore will skip the scan.
Shared Insight Cache is only available for the clients that perform scheduled scans and manual scans.
Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure the Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with Shared Insight Cache. No special license is required to install or run Shared Insight Cache.
Check this blog for more details about Shared insight cache: http://bit.ly/KLI6vZ
SEPM --> Policies --> Virus & Spyware Protection Policy --> Edit the policy --> Go to Global Scan Options--> Shared Insight Cache
Virtual Client Tagging
Virtual Client Tagging gives administrators the ability to determine if the SEP client is running in a Virtual Environment.
Offline Image Scanner
The Symantec Offline Image Scanner (SOIS) gives administrators the ability to scan and detect malware in offline VMware images.
This tool is found in the /tools/offlineimagescanner folder on the Symantec Endpoint Protection product disc
Settings tab is as below:
By default it browse to AV definitions location. SEP should be installed.