7.9. VM Anti-Virus¶
VM Anti-Virus is a service that defends the Virtual Machine from virus contagion and threats.
7.9.1. Available Features¶
You can use the following features in VM Anti-Virus.
| Feature | Overview |
| Real-Time scan | A feature that monitors the types of file access, such as write or read, generated inside the Virtual Machine, and scans for viruses. |
| Scheduled scan | A feature that scans for viruses in files existing on the Virtual Machine (including files that are not in use). |
| Actions | A feature that executes specified processes when viruses are detected. |
| Scan Exception | A feature that specifies exclusion from virus scan. |
| Automatic Security Update | A feature that periodically checks pattern file updates and performs updates. |
7.9.2. Real-Time Scan Feature¶
The Real Time Scan feature monitors the sorts of file access, such as write or read, generated inside the Virtual Machine, and can scan for viruses.
The items that can be specified for Real Time Scan are shown below.
| Item | Details |
| Directories and files to scan | Selects directories and files for file access monitoring.
Selects the targeted folders from “All Directories,” and “Directory List.”
Selects the targeted files from “All Files,” “File types scanned by IntelliScan,” and “Specified file extensions.”
|
| Schedule | Selects the file access monitoring time from “24 hours a day, 365 days a year” and “Custom Schedule.”
If “Custom Schedule” is selected, the weekly scheduled time is specified.
|
| Actions | For details, refer to “7.9.4 Actions”. |
| Scan Exceptions | For details, refer to “7.9.5 Scan Exception Featur”. |
Important
- Real-time scan is only provided for the Windows OS. It cannot be used in Linux OS.
7.9.3. Scheduled Scan Feature¶
You can scan for viruses in files existing on the Virtual Machine (including files that are not in use) according to a specified schedule.
The items that can be specified for the Scheduled Scan Feature are shown below.
| Item | Details |
| Directories and files to scan | Selects folders and files for file access monitoring.
Selects the targeted folders from “All directories,” and “Directory List.”
Selects the targeted files from “All Files,” “File types scanned by IntelliScan,” and “Specified file extensions.”
|
| Schedule | Selects the interval the scheduled scan runs from “Daily” “Weekly” or “Monthly,” and specifies the targeted time.
Daily: Specifies either “Every Day,” “Weekdays,” or “Every X Days.”
Weekly: Specifies either “Y day of each week” or “Y day of every X Weeks.”
Monthly: Specifies either “The Xth of each month” or ” Y day of the Xth week of each month.”
|
| Actions | For details, refer to “7.9.4 Actions”. |
| Scan Exceptions | For details, refer to “7.9.5 Scan Exception Feature”. |
X represents a number. Xth represents an ordinal number. Yday represents the name of each day of a week.
Important
- It cannot be set from 0:01 during 0:59 in scheduled scan.
7.9.4. Actions¶
You can set the processing method for the case where files that are infected by viruses are detected.
You can specify “Recommended Setting” or “Custom Setting.”
| Item | Details |
Recommended setting
(Use action determined by ActiveAction)
|
The virus processing method recommended by the developers and distributors of the devices making up the VM Anti-Virus feature. |
| Custom setting | The first process (primary process) when viruses are detected is specified from “Delete,” “Clean,” “Pass,” “Deny access” and “Quarantine.” |
Note
- The “recommended setting” virus processing method might be modified according to day-to-day operation, and the information concerning the handling method is not disclosed.
Any of the following can be specified as the first process (primary process) when viruses are detected. Note that the processing might differ depending on the Virtual Machine OS.
| Item | Primary Process Details | Secondary Process Details (Process when the primary process failed) |
Notification by email, etc. | |
|---|---|---|---|---|
| For Windows | For Linux | |||
| Delete | The same process as “Quarantine” is performed. | The files that are infected by viruses are deleted. | The same process as “Quarantine” is performed. | Notification is made when the secondary process fails. |
| Clean | The viruses are removed from the files that are infected with viruses, and they return to the pre-contamination state. | The same process as “Quarantine” is performed. | Notification is made when the secondary process fails. | |
| Pass | It is registered in the detection log. It does not take any action against the infected files. |
The secondary process is not performed. | Notification is made when viruses are detected. | |
| Deny access | During real time scanning, if some sort of file access, such as file write or read, is in a file infected with viruses, it is immediately blocked. | Real Time Scan is not supported. Access denial cannot be used. | The secondary process is not performed. | Notification is made when viruses are detected. |
| Quarantine | The backup data of the file that is infected with viruses is transferred to an isolation folder on the Virtual Machine, and the original file is deleted. | The secondary process is not performed. | If transfer to the isolation folder or deletion of the original file fails, notification is made. | |
Note
- If “Pass” or “Deny access” is selected and the process fails, the secondary process is not executed.
7.9.5. Scan Exception Feature¶
By specifying directories, files and extensions, you can specify files that will not be scanned for viruses.
7.9.6. Pattern File Automatic Update Feature¶
This feature checks periodically for pattern file update information on NTT Communications administration server, and updates pattern files automatically if there are updates available.
Selects the schedule for the pattern file automatic updates, from “Daily” “Weekly” or “Monthly,” and specifies the targeted time.
| Item | Details |
| Hourly | Specifies “X minute every hour.” |
| Daily | Specifies either “Every Day,” “Weekdays,” or “Every X Days.” |
| Weekly | Specifies either “Y day of each week” or “Yday of every X weeks.” |
| Monthly | Specifies either “The Xth of each month” or “Y day of the Xth week of each month.” |
* X represents a number. Xth represents an ordinal number. Yday represents the name of each day of a week.
7.9.7. Important Points¶
Virtual Machine System RequirementsThe system requirements (Memory capacity, Disk capacity, and OS) for the software agent that uses VM Anti-Virus are shown below.
| Item | Overview |
| Memory capacity | 512 MB or greater |
| Disk capacity | 1 GB or greater |
| OS | The OSs listed in “Supported OS List of VM Anti-Virus, VM Virtual Patch, and VM Firewall” of the available OSs in Enterprise Cloud |
Important
- When using Linux OS, it is necessary to confirm the kernel version.
- Please set IPv6 to ON or OFF correctly on Guest OS when using VM Anti-Virus.
In order to use VM Anti-Virus, upload and install agent software on the Virtual Machine. For details, refer to the agent software installation guide.
Important
- You cannot use the VM Anti-Virus at the same time as other anti-virus software. Before installing VM Anti-Virus agent software, always make sure to uninstall other antivirus software.
- Do not upload agents by mounting ISO image files or CD/DVD drives, when uploading it to the VMs.
- For the virtual server on which the agent software is installed, time needs to be synchronized by using NTP, etc. If the time is not synchronized, activation of the agent software may fail.
- The port 4118 port is used as the standby port for the agent software. This port number cannot be changed so that be sure to confirm that the same number is not used in other application in the Virtual Server where agent software is installed.
- The network interface stops while installing the agent software and it takes a few seconds to restore. New request is generated while using DHCP so that different IP address may be assigned to the recovered connection. See the following Web site for details.
Note
- We ask you to install the agent software on the Virtual Machine.
- It is necessary to log in to the target host as the administrator when installing the agent software.
Agent Software Default Install Location
The agent software default install location differs depending on the Virtual Machine OS.
| OS | Default Install Location |
| Windows | C:\Program Files\Trend Micro\Deep Security Agent |
| Linux | System files:/opt/ds_agent, /var/opt/ds_agent
Startup scripts:/etc/init.d/ds_agent, /etc/init.d/ds_filter
Communication channel between user and kernel mode components:/dev/dsa, /dev/dsa_ssl, /proc/driver/dsa
|
Note
- You can change where it is installed. Also, the install location might change due to agent software version updates, etc.
The Virtual Machine that uses the VM Anti-Virus must have communication with the Manager administered by NTT Communications.
Please set the routing and the DNS name resolution setting.
Routing Settings
- Please set the routing from the Virtual Machine to vFirewall/Integrated Network Appliance using either of the following methods.
- Set the Virtual Machine default gateway to vFirewall/Integrated Network Appliance
- Set vFirewall/Integrated Network Appliance as the static route gateway for communication addressed to the Manager administered by NTT Communications
- If the Virtual Machine that uses VM Anti-Virus is connected to a Server Segment that is not directly connected to vFirewall/Integrated Network Appliance, additional Server Segment is required to directly connect the vFirewall/Integrated Network Appliance and the Virtual Machine.
DNS name resolution
In order to communicate with the Manager administered by NTT Communications, name resolution for the manager is required. Please use the DNS server inside your environment or the Virtual Machine hosts file to set name resolution for the Manager administered by NTT Communications.
The following files are not targeted for virus scan.
- Encrypted files
- Files set with passwords
- Corrupted files
- Compressed files that have been compressed using unsupported formats
- Compressed files that have been compressed six or more times in supported formats
- Files with extracted file sizes of 10 MB or greater (real time scan default value)
- Files with extracted file sizes of 30 MB or greater (scheduled or manual scan default value)
You cannot set directories or files inside the network drive as targets for virus scan.
We recommend that you do not target directories or files for virus scan that have a high write frequency, such as databases and Active Directories. If you target them for virus scan, the server performance will be reduced.
We ask you to assume responsibility for monitoring agent software (checking to make sure it is activated at all times).
- If you use a Private Catalog to create a template of the Virtual Machine image and store it, please do it before installing the VM Anti-Virus agent software.If a template is created and saved from the Virtual Machine image of a Virtual Machine where VM Anti-Virus agent software is installed, or installation and activation (registration to the Manager administered by NTT Communications) is complete, when a Virtual Machine is created using that template, VM Anti-Virus can no longer be used with the Virtual Machine used for creating the template and the newly-built Virtual Machine. The same applies when used for image backup.
VM Anti-Virus does not guarantee that the provided VM Anti-Virus feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the pattern files provided by the developers or distributors of the software that makes up the VM Anti-Virus feature is not guaranteed.
The following information might be provided to the developers or distributors of the devices making up the VM Anti-Virus feature.
- Configuration information obtained from providing VM Anti-Virus
- Information obtained from VM Anti-Virus
We cannot guarantee recovery from failures that might occur due to incompatibility between VM Anti-Virus and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s environment. This is not applied when we judge the maintenance work urgent to continue service.
Note for Enterprise Cloud 2.0 Host based Security user, if you have inquiry about that menu, please use ticket system in Enterprise Cloud 2.0.