vGW Series AntiVirus Configuration Overview

This topic gives an overview of the steps to follow to configure vGW Series AntiVirus protection for your virtualized environment.

Note: The vGW Series AntiVirus feature requires a license.

vGW Series AntiVirus provides two means of protecting your environment against malware and viruses:

When you configure the vGW AntiVirus scanner, you can specify the action to take in response to results of the scan, including quarantining an infected file or VM. Only On-Access scanning can result in a quarantined file or VM. Files and VMs are not quarantined as a result of an On-Demand scan.

You can configure both On-Access Scanning and On-Demand Scanning in a single vGW AntiVirus scanner configuration.

You use the vGW AntiVirus module tabs in concert:

Figure 54 shows the vGW AntiVirus dashboard that gives you a comprehensive view of vGW AntiVirus protection for your environment. It emphasizes a table that shows vGW AntiVirus details on individual VMs, including the kind of vGW AntiVirus protection it has and the current scan status on the VM. The dashboard also presents a pie chart that shows the vGW AntiVirus protection distribution across VMs. It includes a chart that shows the types and degrees of threats identified by vGW AntiVirus across a specific period of time, which you can adjust.

Figure 54: vGW AntiVirus Dashboard

vGW AntiVirus Dashboard

Figure 55 emphasizes the two scanning options that you can configure using the Scanner Config tab.

Figure 55: vGW AntiVirus Scanner Config Tab

 vGW AntiVirus Scanner Config Tab

A vGW AntiVirus On-Access scan can result in quarantined files or VMs:

Figure 56: VMs Quarantined as a Result of an On-Access Scan

VMs Quarantined as a Result of an On-Access
Scan

Quarantining a VM effectively restricts network traffic to and from it. Before you configure the vGW Series AntiVirus On-Access scanner, you must perform prerequisite tasks. These tasks configure other parts of the system that allow vGW AntiVirus to quarantine an entire VM with the Quarantine policy when the VM is compromised by a virus. They also initiate communication with the vGW Endpoint.

Complete these prerequisite tasks:

  1. Secure the ESX/ESXi hosts. Deploy the vGW Security VM out to the ESX/ESXi hosts in your environment. From the Settings module, select vGW Applications Settings > Installation for this purpose. See Installing vGW Security VMs on ESX/ESXi Hosts.

    If you do not deploy the vGW Security VM and you protect the VMs with the vGW firewall, On-Access scanning will not work. Configuring only the On-Access scanner for the VMs and enabling vGW AntiVirus is ineffective without this preliminary configuration.

  2. Secure the VMs. Configure the vGW Firewall for VMs that you want to protect with On-Access scanning. From the Firewall module, select the Manage Policy tab to create firewall policies and the Apply Policy tab to apply them. See Understanding and Using the vGW Series Firewall Module.

To configure vGW Series On-Access scanning for your environment, you must:

  1. Create an On-Access scanner configuration for the VMs.

    See Configuring vGW Series AntiVirus On-Access Scanning.

    Note: When you configure an On-Access scan, you do not configure a scanner schedule. On-Access scanning occurs in real time.

  2. Enable the vGW AntiVirus feature and download the vGW Endpoint.

    See Understanding and Configuring the vGW Series AntiVirus Settings.

  3. Install the vGW Endpoint on the VMs to be protected.

    See Understanding and Installing the vGW Endpoint. This topic explains how to install the vGW Endpoint on VMs, and it explains the pop-ups that the vGW Endpoint displays to inform you about various conditions, such as when a threat is detected.

    Note: You must install the vGW Endpoint on all VMs that you want to protect with On-Access scanning.

On-Demand scanning differs from On-Access scanning in the following ways:

Because you do not need to protect VMs with the vGW Firewall and you do not need to install the vGW Endpoint on the VM, On-Demand scans can be performed on virtual disk files from a protected location that is not compromised. This advantage increases the ability of the vGW Series to detect and locate rootkits. It can detect files with suspicious names such as mal.exe, simpletroj.exe, and other malware files.

To configure On-Demand scanning:

  1. Create an On-Demand scanner configuration for the VMs.

    See Configuring vGW Series AntiVirus On-Demand Scanning.

  2. Enable the vGW AntiVirus feature.

    See Understanding and Configuring the vGW Series AntiVirus Settings.

Related Documentation