My organisation is testing virtualizing terminal service environment and come up with some issues with VSE8.5i with patch 4. We are using Parallel's Virtuozzo 4.
Host Server and virtual servers are running W2k3Sp1 and VSE8.5i p4. VSE8.5i, standard security and default setting.
On Virtual servers: Unable to start the MCShield, if I start the service it stops after a few seconds. As a result On-access scanner isn't enabled. Checked the McAfee KB40534, the filter driver mfehidk.sys is present but McAfee drivers aren't shown in the device manager. I have logged the case with McAfee now.
Virtuozze support; Should NOT install VSE onto host machine as it will push DLLs and config to VMs, and end up with conflict. Install VSE to individual VM instead, and leave the host machine clean as possible.
Basically, you need to install VSE8.5i onto the node(host) only, and this will protect all containers(virtual machines). *Please note: We have our support firm acting as first level support for Virtuozzo and the quote on previous post was from them and NOT from Parallels. Sorry for the confusion.
However, the EICAR test file downloaded on containers is sitting in the saved location, and NOT detected unless double clicked within the container or scan the directory on the node. I'm in talk with Parallels support if this is what supposed to happen.
Just a note: That type of detection is NORMAL for the EICAR file.. If the file is just sitting there, it won't be detected until a full system scan is done or the file is executed.. Most antivirus programs work the same way.. Infected files aren't detected by the background scanners until they are executed, copied, opened, or written to.. Of course, an "on demand" will find all such infected files.