Endpoint Protection

http://www.symantec.com/connect/blogs/symantec-endpoint-protection-12-adds-vshield-integration-increases-security-effectiveness

Why does the above blog seem to say there is agent-less vshield integration with the newest version of SEP?

 

 

Yeah, I know about all that, but none of that makes it agentless, does it?

No, you still need the agents

OK, that's what I thought. Basically the blog post from the Director of something something.. is wrong then.

 

From the blog:

VMware vShield Endpoint provides Symantec anti-malware protection with an additional layer of defense in-depth, agent-less and directly from VMware cloud infrastructure. This can improve the overall security posture and compliance for a growing number of virtual machines deployed without security agents, i.e. test and development and private cloud deployments.

Unless I'm missing something, the SIC sort of acts like the repository for all the files that are scanned and determined to be good or not. So files on the clients will be skipped if deemed good by the SIC. So I guess you could somewhat see this as agentless in some sense but you still need the client on each one so it can talk with the SIC.

Hello,

Symantec is not currently using the vShield Endpoint API for agent-less AV on virtual machines in Symantec Endpoint Protection (SEP) 12.1. vShield support is planned to be integrated into future releases of the product.

Check this Article:

Does Symantec Endpoint Protection 12.1 support VMWare vShield?

http://www.symantec.com/docs/TECH175568

Hope that helps!!

Your post directly contradicts this article:

 

https://www-secure.symantec.com/connect/blogs/symantec-endpoint-protection-12-adds-vshield-integration-increases-security-effectiveness

 

Can you please clarify if symantec is using vshield integration once and for all?  I have been trying to get this answer for weeks now and its been most frustrating.

in order to manage the guest virtual machine clients am i required to install the SEP12.1 RU2 client on the VM

if using vmware view linked clones am i required to install the sep12 client on the base vm prior to pool deployment?

i am able to get everything running except i can't seem to find any way to link the client GVM to the sep12 management server

i can see all my SVAs deployed and online with zero clients...

 

i'm running esxi 5.0 U2 and vshield 5.1 with latest tools

Yes, to both of your questions. There is no agent-less SEP, SEP vshield integration is more or less a gimmick (or at least not how the other AV vendors implemented it).

Yes I've had numerous discussions with our account reps and basically the statement that SEP integrates with vmware using vshield is a total joke. All the integration provides is a shared storage (on a virtual appliance) that keeps track of what files were scanned so every virtual machine doesnt scan the same files. Great, but you still need a full client on each VM which is not how true vshield integration is supposed to work. Not that we needed another reason to stop using symantec but this has been the last thing which caused us to move to another vendor.