Endpoint Protection Device Control rules are not applying to guest VM
search cancel

Endpoint Protection Device Control rules are not applying to guest VM

book

Article ID: 175304

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A machine is running guest Virtual Machines (VMs).  Symantec Endpoint Protection (SEP) is installed to the host, but not to the guest/clients.  Application and Device Control (ADC) device control policies are not getting triggered on the guest/client VMs when new devices are added.

Cause

That type of communication will bypass the host and will not be detected by Application and Device Control (ADC).  The virtual client is not going to be using Windows APIs on the host to access the allocated hardware.  That client communication to the assigned hardware will not be visible to the host. 

Resolution

To prevent access to prohibited devices, safeguards will need to be put in place to prevent that such as:

  • Ensuring that SEP is installed on the guest operating systems.
  • Preventing the use of virtual players on workstations where proper safeguards cannot be put in place.