ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

About the Symantec Virtual Image Exception tool

book

Article ID: 155238

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

About the Symantec Virtual Image Exception (VIE) tool for Symantec Endpoint Protection (SEP) clients running on virtual machines. 

Resolution

The Virtual Image Exception (VIE) tool is designed specifically for environments leveraging virtualization technologies where a single baseline image is used to deploy many identical or nearly identical Virtual Desktop Infrastructure (VDI) clients. The VIE tool is used to add a new Extended File Attribute (EFA) value to all existing files on a machine before imaging. The EFA value remains valid until the file is modified.

The Symantec Endpoint Protection (SEP) client checks for this attribute before scanning files and skips scanning any files that are marked as "known good" by the VIE tool. Scans on VDI clients created with images processed by the VIE tool will experience lower I/O load, CPU usage, and network bandwidth usage during scheduled and manual scans.

 

Baseline Image Considerations

It is important to ensure that VIE is only run against baseline images that are clean of any infections or threats. The tool should be run as the last step before distributing the image. VIE should be run against all baseline images in the environment to ensure the maximum performance benefits.

 

VIE Usage

VIE is a command-line tool. It requires the SEP client be installed before it will successfully execute and must be run from a virtual machine. It must be run from the "bin" directory (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<version>\Bin)
The tool can be run with the following switches:
 

vietool.exe volume:  --generate|clear|verify|hash [options ...] 

--generate
Runs the Virtual Image Exception tool on all files on the volume specified. You cannot use this option with --clear.
For example: vietool c: --generate


--verify
Verifies that the Virtual Image Exception is set on all files on the specified volume. You cannot use this option with --clear.
For example: vietool c: --verify


--clear
Removes the Virtual Image Exception on all files on the volume specified.
For example: vietool.exe c: --clear
To delete a specific file: vietool.exe c:\Users\Administrator\target.file --clear
You can use a fully qualified path in place of the volume identifier to clear the Virtual Image Exception on a single file or the contents of a folder. Only one file name, folder name, or volume identifier per command line is allowed. You cannot use this command with --generate, --verify, or --hash.
You must restart the client after you run the --clear command.


--hash
Generates the hash value on all files on the volume specified.
The Virtual Image Exception tool uses the hashes to exclude local files from future scans. The clients compute file hashes separately to send to the Shared Insight Cache to store scan results. You cannot use this option with --clear.
For example: vietool.exe c: --generate --hash


--volume arg
Specifies the volume the tool scans.
This option can be a file when you use the --clear option. You must specify the volume, and it can be specified either with the volume flag or alone. For example, with the flag vietool.exe --volume c: --generate, or alone vietool.exe c: --generate.


--verbose
Outputs to the console the maximum amount of program execution information.


--stop
Stops on the first error that the tool encounters. Otherwise the tool writes error information to the console and continues.


--help
Displays this help message.

Examples and additional information on VIE are available in the Using the Virtual Image Exception tool on a base image.

Using the VIE tool is a two-part process. You must also enable the use of Virtual Image Exceptions in Symantec Endpoint Protection Manager. Once the feature is enabled, virtual clients look for the attribute that the tool inserted. Symantec Endpoint Protection then skips the scanning of base image files that contain the attribute.

Configuring Symantec Endpoint Protection to bypass the scanning of base image files

 

Additional Information

System requirements for the Virtual Image Exception tool

Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures