LinkedIn Twitter
Director, OpenShift Strategy at Red Hat. Founder of Rishidot Research, a research community focused on services world. His focus is on Platform Services, Infrastructure and the role of Open Source in the services era. Krish has been writing @ CloudAve from its inception and had also been part of GigaOm Pro Analyst Group. The opinions expressed here are his own and are neither representative of his employer, Red Hat, nor CloudAve, nor its sponsors.

6 responses to “Understanding VMware vShield Endpoint And Agentless Malware Protection”

  1. Daniel Schrader

    I’m less impressed by vShield. The problem is that it is just what you said, “… a library and APIs for integrating partner security appliances that can introspect into file activity at the hypervisor layer.”

    You see, this is only about file level security. Look at any decent endpoint protection product – and you will see layers of protection including packet inspection, real-time behavioral analysis, HIPS, device control, application control, sandboxing . . .

    vShield doesn’t allow for any of the non-file based security. Sure, Trend claims to support it – but has anyone tested if they detect anything? No, their solution has not been certified by Virus Bulletin, av-comparatives.org, av-test.org . . . . in fact the only recent test of their detection that I know of is from PC Magazine – and it wasn’t pretty and it wasn’t of of their far more limited VMware product.

    vShield isn’t ready for prime-time.

  2. Dennis

    If you look deeper and see what exactly is needed to be installed on each VM, you can see file system filter driver called “Antivirus”. This is what is installed at each VM. So, basically I do not see any difference between agentfull and agentless AV in this very case. And, if you look at the overall scheme, you can see that vShield Endpoint makes it easier just to maintain the databases. Nothing else is not improved. This filter driver is really EASY to overcome by any more or less modern virus or rootkit, as it is plain file system filter driver, nothing sophisticated.
    In general, I would be much more interested in real agentless solution, which is NOT depending on anything installed inside the VM, thus, not possible to circumvent from inside the VM.
    Unfortunately, nothing similar exists at the market.


    Dennis.

  3. anonymous

    >>>Next week, I will build upon this and talk about how Trend Micro tapped into
    >>>vShield Endpoint to offer powerful malware protection without “any” impact
    >>>on the performance.
    Couldn’t find ‘next week’ post, have you finished it yet? The topic is very exciting.
    By the way, it Endpoint API documented? I think, it could be interesting to try it out and build smth.

  4. Andy Seal

    Looking forward to the followup to this post.

  5. xiaohua

    hi,I know that trend micro use VMsafe API to integrete antivirus ability in vmware vitirual mathines.but i can not understand what is VMware vShield Endpoint different from VMsafe API.and how does trend use VMsafe API togeter with vShield Endpoint to give strong secure ability?