vGW AntiVirus Configuration Overview

This topic gives an overview of the steps to follow to configure vGW AntiVirus protection for your virtualized environment.

Note: The vGW AntiVirus feature requires a license.

For vGW Series to scan a VM, the VM must be included in one of the VM groups that you include in the scan scope, which you define when you configure a scan. You use the AntiVirus module Scanner Config page to configure scans. If a VM is not included in one of the groups in the scope, it will not be protected by vGW AntiVirus. You can define at a granular level the files on a VM to be scanned based on file type and file location. For example, you can configure a scan to scan all file types, only certain file types, files at all locations or only files at certain locations. You can combine these options, for example, to scan all file types but only at a certain location. You can also refine the scan by excluding types of files or files at certain locations from it.

vGW AntiVirus provides two means of protecting your environment against malware and viruses:

When you configure the vGW AntiVirus scanner, you can specify the action to take in response to results of the scan. Both On-Access and On-Demand scanning can result in a quarantined VM. However, files can be quarantined only as a result of an On-Access scan.

You can configure both On-Access Scanning and On-Demand Scanning in a single vGW AntiVirus scanner configuration.

You use the vGW AntiVirus module tabs in concert:

Figure 82 shows the vGW AntiVirus dashboard that gives you a comprehensive view of vGW AntiVirus protection for your environment. It emphasizes a table that shows vGW AntiVirus details on individual VMs, including the kind of vGW AntiVirus protection it has and the current scan status on the VM. The dashboard also presents a pie chart that shows the vGW AntiVirus protection distribution across VMs. It includes a chart that shows the types and degrees of threats identified by vGW AntiVirus across a specific period of time, which you can adjust.

Note: There must be no items for a VM in quarantine for that VM to appear as non-infected, that is,in a “clean” state, on the dashboard. However, simply because a VM is not quarantined and none of its items are quarantined does not mean that the VM is clean. But you can be assured that it is never the case that a VM that has items in quarantine is clean.

Figure 82: vGW AntiVirus Dashboard

vGW AntiVirus Dashboard

Figure 83 shows the two scanning options that you can configure using the Scanner Config tab.

Figure 83: Scanner Config Tab

Scanner Config Tab

A vGW AntiVirus On-Access scan can result in quarantined files or VMs:

Complete these prerequisite tasks:

  1. Secure the ESX/ESXi hosts. Deploy the vGW Security VM out to the ESX/ESXi hosts in your environment. From the Settings module, select vGW Application Settings > Installation for this purpose. See Installing vGW Security VMs on ESX/ESXi Hosts.

    If you do not deploy the vGW Security VM and you protect the VMs with the vGW firewall, On-Access scanning will not work. Configuring only the On-Access scanner for the VMs and enabling vGW AntiVirus is ineffective without this preliminary configuration.

  2. Secure the VMs. Configure the vGW Firewall for VMs that you want to protect with On-Access scanning. From the Firewall module, select the Manage Policy tab to create firewall policies and the Apply Policy tab to apply them. See Understanding the vGW Series Firewall Module.

To configure vGW Series On-Access scanning for your environment, you must:

  1. Create an On-Access scanner configuration for the VMs.

    See Configuring vGW Series AntiVirus On-Access Scanning.

    Note: When you configure an On-Access scan, you do not configure a scanner schedule. On-Access scanning occurs in real time.

  2. Enable the vGW AntiVirus feature and download the vGW Endpoint.

    See Understanding and Configuring the vGW Series AntiVirus Settings.

  3. Install the vGW Endpoint on the VMs to be protected.

    See Understanding and Installing the vGW Endpoint. This topic explains how to install the vGW Endpoint on VMs, and it explains the pop-ups that the vGW Endpoint displays to inform you about various conditions, such as when a threat is detected.

    Note: You must install the vGW Endpoint on all VMs that you want to protect with On-Access scanning.

On-Demand scanning differs from On-Access scanning in the following ways:

Because you do not need to protect VMs with the vGW Firewall and you do not need to install the vGW Endpoint on the VM, On-Demand scans can be performed on virtual disk files from a protected location that is not compromised. This advantage increases the ability of the vGW Series to detect and locate rootkits. It can detect files with suspicious names such as mal.exe, simpletroj.exe, and other malware files.

To configure On-Demand scanning:

  1. Create an On-Demand scanner configuration for the VMs.

    See Configuring vGW Series AntiVirus On-Demand Scanning.

  2. Enable the vGW AntiVirus feature.

    See Understanding and Configuring the vGW Series AntiVirus Settings.

Related Documentation