In post #1, I looked briefly at McAfee MOVE and what needed to be done to setup the environment in regards to VMware Tools setup and the Update Master Repository task on the EPO server. In this post, I’ll walk through the creation of the task to update the DAT files on the McAfee SVAs to ensure the VMs are fully protected with the latest virus definitions.
Check the current DAT File Version and Date
1. In the EPO GUI, you can check the date of the installed DAT file by clicking System Tree | SVA Folder and then double-click a given SVA. Click the Products “tab” and review the DAT Version and Date as highlighted below:
Creating the Update DAT File Task
2. On the System Tree screen, click Assigned Client Tasks, then click Actions | New Client Task Assignment
3. On the Client Task Assignment screen, select McAfee Agent | Product Update | Create New Task
4. Enter a Task Name and Description and select all appropriate options and click Save.
5. When returned to the Client Task Assignment screen, verify the new task is highlighted and click Next.
6. Enable a task schedule and click Next.
Verify Success of the Client Task
7. Once the task has executed, connect to the Products tab of the SVAs and verify the DAT Version and DAT Date have updated.
As the number of virtual servers/desktops increase, one may begin to ponder…”Do I really need to have AV agents running on ALL of my VMs? Is there anything I can do to optimize all of this AV scanning/updating?” To that end, I’ve seen more customers consider an agentless AV solution that integrates with VMware vShield. Going into too much detail is beyond the scope of this post, but I hope it sufficient to say that VMware vShield offloads antivirus and anti-malware agent scanning and processing to a dedicated secure virtual appliance delivered by select VMware partners such as McAfee, Trend Micro, and Kaspersky among others. An excellent resource to review in regards to AV best practices in a VMware View environment can be found here:
Typically, when our customers transition to vShield and agentless AV scanning, they have chosen McAfee MOVE. A very high level diagram of vShield and MOVE is shown below:
The only statement I really disagree with is “VMware VMs are instantly protected with VMtools”…..when installing VMware tools on your VMs, select a Custom setup and be sure that the vShield drivers are selected.
Referencing back to the first picture, the MOVE SVA (Security Virtual Appliance) is the scanning machine…its responsible for the VMs residing on its ESX host; additionally, each ESX host should have its own MOVE SVA. The operating system of the SVA is Linux and so the software used to perform the scans is McAfee VirusScan Enterprise for Linux. Similar to physical systems, the SVA will have the McAfee Agent installed and to protect the “agentless” VMs with the latest virus definitions, you must perform a DAT update on your SVA system by assigning a DAT update task (to be covered in part 2) to your SVA system.
The first step in setting up automatic DAT file updates is to verify that the Update Master Repository server task is enabled and running on the EPO (ePolicy Orchestrator) server. On the EPO server, launch the EPO administrator utility and login with valid credentials.
Click Menu | Automation | Server Tasks
Look for the Update Master Repository task and check the settings as this task is responsible for downloading the DAT files from McAfee onto the EPO server. Verify that the task is Enabled and has executed by reviewing the Last Run column in the EPO administrative GUI.
I’ll cover creating a new DAT file update task on the next post which will cover updating the DAT file on the SVA from the EPO server but the Update Master Repository server task must be checked first to ensure the DAT file update will work correctly on the SVA.