I need to exclude some virtual servers from agentless policy/scan. I dont want Agentless SCAN/SVA policy to be applied on some servers in my Vmware Infra.
Just to let you know I have all VM's updated with vShield Drivers(Vmtool).
Is there any way we can implement this?
Any comment will be highly apprieciated.
Thanks in advance!!
Yes!! I am planning to have VSE on some SQL/Exchage Servers, and dont want Agentless SCAN policy on these servers.
If both product will scan servers then we may face some critical performance issues.
Have you tested vm-based scan configuration??
3.6.0: MOVE AV Agentless -> Scan Settings -> VM-based scan configuration: Enabled.
Just build a Scan policy for a host where scanning is disabled.
I have not tested it, but perhaps it works.
If it works, please let us know.
The PPVM feature is for Agentless. If you start using this feature for running VSE, will be very confusing later. So better would be to unnistall the vsepflt driver.
if Move Agentless is in place we just have two options.
-removing the VMCI Drivers from the VmWare Tools.
- Disabling SVA scanning on SVA
There is no McAfee product installed on the endpoint when using vShield endpoint, therefore the only option is to disable scanning for a virtual system on SVA. If this works, from my side, anything could be managed by EPO.
I did mention to remove the vsepflt driver so that you can remove the delay in scanning when you have 2 drivers - one from vmware and one by VSE. If that is ok, then go by your approach.