8 Replies Latest reply on Jun 8, 2015 5:48 AM by joseph1980

    Does the MOVE "Agentless" option ONLY deal with file security

      Hello

       

      If JUST the MOVE "Agentless" option is used (i.e. vShield Endpoint) with a McAfee SVA etc.

       

      Would it be right to conclude that it ONLY deals with  file activity?

      or does it provide any other levels of protection?

       

      Does MOVE make use of the VMSafe API?


       

      Thanks

      -AL

       

      on 06/10/12 19:11:00 CDT
        • 1. Re: Does the MOVE "Agentless" option ONLY deal with file security
          georgec

          McAfee provies you with HIPS in the same commercial ofering as MOVE. As move provides only on access and on demand scanning, you will need protection against buffer overflow, software exploits and some firewall rules.

          1 of 1 people found this helpful
          • 2. Re: Does the MOVE "Agentless" option ONLY deal with file security

            Would that entail adding an Agent into the VM?

            (therefore meaning the AV solution isn't really "Agentless" in order to provide a more comprehensive protection level?!)

             

            Thanks

            -AL

            • 3. Re: Does the MOVE "Agentless" option ONLY deal with file security
              georgec

              Agentless is just a commercial propaganda. It's always with an agent, just that in agenetless you replace the MOVE client (used in multi-platform) with vShield endpoint, but you still need the McAfee Agent to be present on the machines in both scenarios (funny, right?). Further to that, you might want to install HIPS (which I recommend).

              The real advantage of using MOVE is the optimized usage of RAM and CPU and the OnDemand hipervisor awareness so it won`t start scanning all virtual machines at a time.

               

              + McAfee MOVE is one of the recommened solutions by Citrix for XenDesktop and XenApp (The other one is TrendMicro)

               

              Message was edited by: georgec on 10/7/12 10:10:54 AM CDT
              1 of 1 people found this helpful
              • 4. Re: Does the MOVE "Agentless" option ONLY deal with file security

                re: "you still need the McAfee Agent to be present on the machines in both scenarios"

                 

                IMHO the product guide is very unclear about that for the agentless scenario.

                Unlike the Multiplatform option which clearly shows the McAfee Agent and the MOVE Agent present, the Agentless option does not show the McAfee agent at all

                e.g. the pictures in the product guide :  "Introduction to McAfee MOVE AntiVirus Agentless" vs "Introduction to McAfee MOVE AntiVirus Multi-Platform"

                (i've included an annotated verison below)

                 

                The only relevant mention in the (2.6) product guide which I can find is this:

                “Security Virtual Appliance (SVA) — Provides anti virus protection for VMs and communicates with the loadable kernel module on the hypervisor, ePolicy Orchestrator, and the GTI servers. The SVA is the only system directly managed by ePolicy Orchestrator, but you can install the McAfee Agent and other McAfee products on the VMs

                 

                i.e. it says "you can install the McAfee Agent ... on the VMs" but it dosnt say you must  install the McAfee agent on the VMs.

                 

                Just to be 100% clear on this : Is it  an absolutle pre-requisite even in a (so called) "Agentless" scenario (i.e. when using VMware Endpoint) to have a McAfee Agent installed in all client VMs ?!

                 

                Thanks

                -AL


                MOVE_options.jpg

                 

                Message was edited by: alistg (to add picture) on 07/10/12 10:56:41 CDT
                • 5. Re: Does the MOVE "Agentless" option ONLY deal with file security
                  georgec

                  I'm not 100% on this, but one of my colleagues who installed the agentless setup on MOVE 2.5 said he couldn`t get vShield to delete infected files until he installed the McAfee Agent.

                   

                  I'm experienced with multi-platform setup which has one major advantaje: user popups In agentless configuration, users are not notified when a virus is found and files just vanish leaving them wondering why.

                   

                  Btw, you can use multiplatform on VMware. The only drawback is the licensing of the offload scanning servers (which must run windows), but from the ease of administration and features point of view, this is far better than agentless.

                   

                   

                   

                  on 10/7/12 12:27:44 PM CDT
                  • 6. Re: Does the MOVE "Agentless" option ONLY deal with file security
                    kylecompassion

                    You do not need an agent on the VM's when using the Agentless setup. We are running Agentless in our VMware View environment, have never installed an agent in our environment, and the EICAR test gets cleaned without issue and reported to ePO just fine.

                    1 of 1 people found this helpful
                    • 7. Re: Does the MOVE "Agentless" option ONLY deal with file security
                      georgec

                      Kyle, you have vShield on those vms, and vShield is a software agent managed by vShield Manager!

                      • 8. Re: Does the MOVE "Agentless" option ONLY deal with file security
                        joseph1980

                        Just gone through this question and got clarification after spending a day on research :-)

                         

                        Found this link which explains clear differences between McAfee Agentless and Multi-Platform with components of each product.

                         

                        Cheers!!