App Control: Can the agent run on a clustered Hyper-V host server?
book
Article ID: 286697
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Does the Agent support Clustered Shared Volumes on Hyper-V Host Server?
Environment
App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Hyper-V Virtual Host Server
Resolution
No, Hyper-V Servers running CSV (Clustered Shared Volumes) are not supported. This is due in part to the Agent being unable to detect the changes between different nodes of the Cluster.
Additional Information
Essentially, in a CSV (Clustered Shared Volumes) environment the Agent’s inventory will not be fully accurate. When changes are made to one node, the Agent running on the other node will not be aware of the change.
Thus, when that file executes from the other node, the file will be seen as new and will block in High or Medium Enforcement if the file is not otherwise Globally Approved.
The opposite is also possible where you could have an Approved file that both nodes initialized. On one node, a malicious/unapproved/banned file could override it. The node that saw the modification would block the execution, but the node that didn’t would still think that the file was approved.
The filter driver on the Hyper-V host can also change the direct access of the shared disks and change them to indirect storage, making the communication with the disks very slow. This would have a very negative effect on the performance of the VM's running on the host.