4 Replies Latest reply on May 20, 2015 6:01 AM by JayMan

    Move 3.5 not working

    epodaniel

      Hi, I just installed move 3.5 on esxi 5.5 host but I can't get it to work. It seems that move is correctly configured but it's not finding EICAR virus file on one of virtual machines.

      Move configuration:

      * registered in vShield and visible in Endpoint tab

      1.png

      1.png

      * SVA is registered in ePO

      1.png

      * vm with virus is protected

      1.png

      * SVA is on the same host as vm with virus

      * vm with virus has vshield driver installed

       

       

      Any idea what is the problem?

        • 1. Re: Move 3.5 not working
          rajinp

          This is interesting.

          Could you run the "fltmc" command on this VM and see if the "vsepflt" driver is loaded ?

          If it loaded and still eicar is not detected, uninstall the driver once and install it again and try once.

          • 2. Re: Move 3.5 not working
            epodaniel

            vsepflt is loaded

            1.png

            2.png

            I reinstalled vmtools with driver and checked it on another vm and it's still not working.

            I guess this is not driver problem but rather SVA problem.

            • 3. Re: Move 3.5 not working
              rajinp

              It cannot be a SVA problem because the VMware components is sending events to SVA. So if the vents does not even reach the SVA, how the scanning could happen. You can also see if this OS is compatible with the vSphere version being used.

               

              Are you saying that only this Windows system has the problem where eicar is not getting detected.

              Are these VM's in a cluster ?

              Did it vMotion to diff vSphere ?

               

              You can enable debug logs in SVA and see whether you are getting any events from this VM?

              • 4. Re: Move 3.5 not working
                JayMan

                Been a while since I've used Agentless/vshield... But from memory in the vshield console it should show a list of VMs & there protected/unprotected status, do you see the expected info there?