Configuring vGW Series AntiVirus On-Demand Scanning

This topic explains how to configure the On-Demand vGW AntiVirus scan feature that allows you to schedule an offline full disk scan. For a smaller scan footprint, you can identify the parts of your disk that you want scanned, or you can exclude parts of it from the overall scan. To gain an overall understanding of AntiVirus configuration, before you read this topic, read vGW AntiVirus Configuration Overview .

Note: On-Demand scans are performed without any impact to the VM. The scanning is done outside the VM on the ESX/ESXi host’s vGW Security VM. Therefore it not necessary to re-configure a VM after an On-Demand scan.

On-Demand scanning does not require that any software be installed in the VM. That is, you do not need to install the vGW Endpoint, which is required for On-Access scans.

On-Demand scanning can be used for many purposes. Some companies run On-Demand scans regularly to check for compliance. Public clouds that host many customer VMs but that do not have jurisdiction to install vGW Endpoints on the VMs use On-Demand AntiVirus scanning.

Note: You can configure both On-Access Scanning and On-Demand Scanning in a single AntiVirus configuration.

The On-Demand scanner performs rootkit detection. The vGW AntiVirus engine contains signatures that help to identify rootkit files. It can detect files with suspicious names such as mal.exe, and simpletroj.exe. Because you do not need to protect VMs with the vGW firewall and you do not need to install the vGW Endpoint on the VM, On-Demand scans can be performed on virtual disk files from a protected location that is not compromised. This advantage increases the ability of vGW AntiVirus to detect and locate rootkits. The vGW AntiVirus engine contains signatures that help to identify rootkit files. It can detect files with suspicious names such as mal.exe, simpletroj.exe, and so on.

vGW Series scans one VM at a time to avoid problems such as brown-outs that could ensue during an On-Demand full disk scan if all VMs were scanned concurrently. The entire disk is scanned according to the schedule configuration specifications, but VMs are scanned sequentially. This approach applies also to custom scans in which only selected areas of a disk are scanned.

For On-Demand scans, vGW Series scans 500 MB per second. To gain an understanding of how long a disk scan takes, consider the following equation:

<VM memory size> x < number of VMs on disk> / 500 MB per second

To create an On-Demand vGW AntiVirus configuration or add a new one:

  1. Select the vGW AntiVirus module. On the main vGW AntiVirus page, select the Scanner Config tab, and click Add. Figure 88 shows the configuration page that appears.

    Figure 88: Scanner Config Tab

    Scanner Config Tab
  2. Specify a name for the vGW AntiVirus On-Demand configuration scan.
  3. Select the On-Demand Scanning option button.
  4. (Optional) Give a brief description of the configuration so that it is quickly recognizable.
  5. From the All Groups list in the Scope box, identify the VM groups to be scanned. See Figure 89.

    Figure 89: Step 2: Scan Schedule

    Step 2: Scan Schedule
  6. In the Step 2 Scan Schedule pane, specify when you want the vGW Series to perform the scan.

    You can schedule daily, weekly, or monthly scans.

  7. In the Step 3 Scan Engine Configuration pane, select the type of scan to perform, either Typical Scan or Custom Scan. For this example, select the Typical Scan option button.
  8. In the Step 4 Action pane, specify the action to take when the scan detects a virus:

    Caution: For On-Demand scans, you cannot quarantine files or VMs.

    • Alert when a virus is detected—The Virus Alerts tab displays information on the VMs or files that are infected.
    • Suspend the VM—You can suspend the VM entirely.

To create a custom scan that allows you to specify the files to be scanned:

  1. In the Step 3 Scan Engine Configuration pane, under the On-Demand file types/extensions scanning selection, select the Custom Scan option button.
  2. Select the files to scan.

    The file types and the file locations that you specify in this section work together to clearly identify the files to scan. For example, if you select Scan All File Types and Scan Only (specified locations, for example c:\user\share), then all the files at that location are scanned, but only those files.

    Take into account the following characteristics when you configure a custom On-Demand scan:

    • vGW Series recognizes the global wildcards * and ?.

      For example, you could specify C:\Program Files\MS*. You could also use the wildcard on an extension, for example doc*.

    • For file locations, drive letters are ignored. For example, C:\Program Files matches the following directories, and files in both these locations are scanned:

      C:\Program Files and D:\Program

      vGW Series performs an On-Demand scan offline and does not take into account drive letters.

    Select the Scan Archives check box to scan all files archived in various formats. For improved performance, do not scan archive files.

  3. Select the types of files to scan. Select one of the following:
    • Scan All File Types—Scans all types of files, delimited by the selected file location.
    • Scan Only—Scans only specified file types, delimited by the selected file location. You can delete file types from the provided list to exclude them from the scan.
    • Ignore only—Scans all types of files except the specified types.
  4. Select the locations where the files to scan reside.
    • Scan All Locations—Scans files in all locations, delimited by the selected types of files to scan.
    • Scan only—Scans files only at the specified location, delimited by the selected types of files to scan.
    • Ignore only—Scans all files except those that reside at the specified locations.

Related Documentation