5 Replies Latest reply on Oct 15, 2013 11:59 PM by mbauman8

    Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO

    frederikatsecutec

      Can anybody advise on what the best practives are when you have to replace and existing VSE installation on virtual servers with MOVE AV Multi Platform 2.6.2?

       

      I am looking particularly towards migrating VSE policies (exclusions) to MOVE AV client General Policies.

       

      As you may or may not know many companies have multiple VSE policies containing many exclusions for various types of servers (Citrix, Domain Controllers, SQL, etc...).

       

      Is there a correct way of rapidly moving or copying (import/export) these exclusions from the VSE policy towards the Move policy, or do you realy have to manually copy/paste every exclusion from one to the other browser tab?

      I can see that there is an option in the MOVE policy to import exclusions from an file, but there is to my knowledge there is no way to export them in a correct format from the VSE policies.

       

      Any advise on that?

       

      Any other advise on best handling any other aspects of such a migration(scaling, deployment, HA,...) are welcome too.

       

      Thanks

        • 1. Re: Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO
          mbauman8

          Hi,

          For me the "rapidlymoving or copying (import/export) these exclusions from the VSE policy towardsthe Move policy" makes no sense!

          Exclusion for VSE8.8 maybeis not accuratefor MOVE.

          I would suggest that the first test is done without a degree, and only then could you possibly define one.

          I'm pretty sure that it does not need any special exclusions.

          If an exclusion must be made, I prefer to make it at the VSE88 Policy of the"offload scan server`s"

           

          NOT inside theMOVE Policy. This Policy only specifies what files/folder will be transferredto the "offload scan server`s" to scan.But that is a matter of taste. I handle this so. Andthere are no problems until now.

           

          Good Look

          Martin

          • 2. Re: Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO
            frederikatsecutec

            mbauman8 wrote:

             

            ....

            If an exclusion must be made, I prefer to make it at the VSE88 Policy of the"offload scan server`s"

             

            NOT inside theMOVE Policy. This Policy only specifies what files/folder will be transferredto the "offload scan server`s" to scan. ......

             

             

            But those VSE88 Policies would apply only to the offload scan server locally and won't be propogated to the virtual servers, will they?

            The point of exclusions in VSE88 is to prevent mcscan from scanning files or folders, defined by the customer, for what ever reason they feel it is necessary. (Latency, Performance, etc.)

            By your own words you say exacly the same and I believe this exactly to be the point for entering these exclusions in to the MOVE policy. The only difference is the files are transferred now to an offload scan server and are not scanned locally on the vm or vdi.

             

            Thanks.

            • 3. Re: Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO
              mbauman8

              Hi frederikat,

               

              No, they will not.

              Let me explaine the working of protection and as I think it works.

               

              You habe a citrix server with the the prozess XenGuestAgent.exe accessing to

               

              "C:\Program Files\Citrix\"

              "C:\Program Files (x86)\Citrix\"

              "C:\Program Files\Common Files\Citrix\"

               

              You setup the policy for servers as follows: Configure different scanning policies for high-risk, low-risk, and default processes

              1.jpg

               

              Inside a Low Risk Policy you specified the excludes for this and assine it to the scanning server:

               

              Prozess:

              2.jpg

               

              Path:

               

              3.jpg

              If you assine it to the offload scanning-server it will be excludet at scanning on this server for all Move 2.6.2 system as well.

              The citrix server send all to this offload scan server with will not scan if prozess is XenGuestAgent.exe accessing this path.

               

              @all: If I just lay there wrong please tell me.

              On my side (for performance issues ) I leave a On-Demand Scan --> fullscan of all local drives - runing from 02:00 AM to 05:00 AM to get the caching data of the new DAT file. GT +1h

               

              Feel free to exclude on Move Policy.

               


              Martin

              • 4. Re: Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO
                dhalliday

                What I have found is that you can export your VSE policies to XML and then import them into that Move policy.  This will only work for file paths though and you will have to remove any file exclusions.

                • 5. Re: Best Practices for replacing VSE 8.8.0.* with MOVE AV MP 2.6.2 on virtual servers using ePO
                  mbauman8

                  hi dhalliday,

                  yes I tested this; it works fine.

                  but it dos not import the prozesses. for example a Low-Risk exclude of vse. ;)

                  Martin