I think these guys are talking about vmware server 1.x/2.0 or hyper-v which all run off windows.
In the scenario where I had 4 servers running vmware1.x and 14 guests across them, we did not run AV on the host machine. We did a complete lockdown, including put the network card in a different subnet (disabling it didn't work btw, it disabled it in the guest too ;) ). Since the machine's exposure is hack, av isn't going to help you here anyway. Look at typical hardening procedures for your o/s. I treat any windows vm like a web server in the dmz for my lockdowns (disable workstation,server,browser,help, remote registry, force ntlmv2 etc). On that note, esxi is free now, why not see if you can move to that and claim your windows license back :) -----Original Message----- From: Devin Meade [mailto:[email protected]] Sent: Tuesday, December 30, 2008 13:05 To: NT System Admin Issues Subject: Re: A/V on VM Host I run AV on our VMWare server host boxes and exclude the local folder for the guests. I am contemplating removing this to recapture the AV licenses. Actually I plan on moving these boxes to ESXi. Betcha ESXi won't run AV software (have not checked that). But that's three of four projects from now :-/ I consider it kind of like running file based AV on an SQL or Exchange server. Yes you can do it but exlcude everything of value (so why do it anyway?). Devin On Tue, Dec 30, 2008 at 9:49 AM, Roger Wright <[email protected]> wrote: > Would the anti-virus package on a host machine also protect the guest VMs? > > > > I was wondering if, say, VirusScan is installed on the host box, wouldn't it > be scanning all data streaming across the NIC, including that which is > destined for the VMs? > > > > Is there a flaw in my thinking? > > > > > > > > Roger Wright > > Network Administrator > > Evatone, Inc. > > 727.572.7076 x388 > > > > _____ > > > > > > -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
