When I was looking McAfee MOVE Anti-Virus solution for one
of my customers, I was confused with these variants of McAfee MOVE (McAfee MOVE
Agentless and Multi-Platform). After spending a day on research, I got what
they are and function of each product.
Writing this article for anyone come across the situation
where they need to decide which product they need to choose as an Anti-Virus
solution as part of the solution design. In recent times, installing agentless
Anti-Virus solution for virtual infrastructure (VMware vSphere/ Microsoft Hyper
V) become a common practice for virtual desktop and servers to offload virus
scan job from virtual machines to a dedicated virtual appliance or offload scan
server.
 |
| Source : McAfee |
At a high level, McAfee MOVE agent solution is aimed for
VMware hypervisor which uses vCloud
Networking and Security (vCNS/ vShield manager) and it leverages vShield
Endpoint Thin Agent installed as part of the VMware tools. Whereas McAfee MOVE
multi-platform works with VMware and other well-known virtualisation
technologies Hyper-V and XenServer.
McAfee
MOVE Agentless
|
McAfee
MOVE Multi-Platform
|
Solution
Components:
-
McAfee
ePolicy Orchestrator (ePO Server)
- Hypervisor
(ESXi)
-
vCloud
Networking and Security ( vCNS/ vShield manager)
-
vShield
EndPoint
-
MOVE
Security Virtual Appliance( SVA) on each hypervisor host
- VMware
NSX Manager - Optional
|
Solution
Components:
-
McAfee
ePolicy Orchestrator (ePO Server)
Hypervisor
(ESXi or Hyper-V or XenServer)
- McAfee Agent
- MOVE
AV Offload Scan Server (OSS)
- VirusScan
Enterprise ( Installed as part of the OSS server)
- MOVE
Security Virtual Appliance( SVA)
- Data
Center Connector for vSphere- Optional
|
It’s highly
dependent on VMware tools
|
VMware tools
optional – only if you want to configure Data Center connector for vSphere to
auto discover client virtual machines
|
Solution is made
for VMware vSphere hypervisor
|
Solution is
suitable for VMware and other hypervisors like Hyper-V and Citrix XenServer
|
No McAfee agent or
client on the client machine. The solution leverages vShield Endpoint Thin Agent installed
as part of the VMware tool
|
McAfee agent
needs to be installed on virtual machines
|
For detailed instructions to install and configure McAfee MOVE Multi-Platform solution, refer "McAfee MOVE Multi-Platform Install and config steps"
In addition to the above high-level information, I found the following table from McAfee communities. Adding here as I think it helps the community.
AV
Features
|
Multi-platform
deployment
|
Agentless
deployment
|
On-Access Scanning
|
YES
|
YES
|
On-Demand Scanning
|
Weekly and Instant scheduling
|
Weekly scheduling
|
Quarantine restore
|
Restore from ePO
|
Restore from utility
|
Automatic SVA
deployment through NSX
|
YES
|
|
Flexible tuning
policies
|
YES
|
YES since version 3.6
|
Exclusions
|
Path-based & Process name
|
Path-based only
|
GTI File Reputation
|
YES
|
YES
|
Please feel free to leave your
thoughts/ comments or if anything missed.
Please share on social media if you found this post helpful. If you have a comment or question, please post and add your voice to the conversation
Please share on social media if you found this post helpful. If you have a comment or question, please post and add your voice to the conversation
Dude, thank you!
ReplyDeleteThank you so much :-)
ReplyDeleteThank you very much my friend!!
ReplyDeleteThanks!
ReplyDelete