In general, VMware recommends, where possible, using one of the supported antivirus products. If using an unsupported antivirus product, use this general advice.

Consult and implement the antivirus manufacturer’s advice, as VMware guidelines often follow these recommendations.

General Principles

Do not use file level antivirus to protect application server databases like, Microsoft SQL Server databases. The nature of database contents can cause false positives in virus detection leading to failure of database applications and data integrity errors. Performance is also affected. For more information, see the Microsoft Knowledge Base reference at the end of this article.

VMware recommends not replicating file level antivirus temp files when implementing VMware vCenter Server Heartbeat.

The file level antivirus software running on the Primary server must be the same as the software that runs on the Secondary server. In addition, the same file level antivirus application must run during both active and passive roles.

The file level antivirus must be configured to use the management IP address on the passive server for virus definition updates. If this is not possible, it may be necessary to update Virus Definitions manually on the passive server.

After installing vCenter Server Heartbeat, any changes made to the configuration of file level scanning on the active server must be repeated manually on the passive server.

The following vCenter Server Heartbeat directories must be excluded from File Level AntiVirus Scans:

• C:\<install_directory>\VMware\VMware vCenter Server Heartbeat\R2\logs
• C:\< install_directory>\VMware\VMware vCenter Server Heartbeat\\r2\log
• C:\ <install_directory>\VMware\VMware vCenter Server Heartbeat \R2\FSMTemp
  
  Note: This directory and its contents are deleted by the File State Manager when not in use.

For related information, vCSHB-Ref-146 or Retrieving the VMware vCenter Server Heartbeat logs and other useful information for support purposes (1008124).