Jump to content

ESET Virtualization Security for VMware NSX - some questions


Recommended Posts

Hi,

 

I've successfully deployed EVS for NSX in my lab environment, however I ran into some problems:

1. For some reason, EVS appliance(the one that does the actual scan) would stop working at some point, all protected guest VMs becomes frozen, i.e. mouse cursor can still move but applications cannot run, looks like filesystem activity is entirely blocked. The only way to fix this is to force restart EVS appliance. I checked /var/log/messages and see a huge number of entries like this:

Mar  3 01:09:07 evs-appliance evs_sva[12722]: [WARNING] (EPSEC) [0x3278] Exceeded maximum concurrent events for /vmfs/volumes/57687926-b4eb627e-80fe-1c98ec284388/XXX.vmx 

full log is attached. This happened twice already and I've only deployed it for 2 days. 

Is there anything I've mis-configured here? please help. 

evs_log_messages.zip

 

2. How to deal with quarantined files in case of false positive? I've tried Upload Quarantine task on protected VM and it fails with message "Ignoring invalid task for VAgentHost".

 

3. Is Linux guest supported? I tried installing guest introspection driver on a Linux guest and it gets picked up by VAgentHost as protected VM, but it doesn't seem there's any protection, I can download and read Eicar file without getting detected. 

 

Edited by V2TW
Link to comment
Share on other sites

  • ESET Staff

Hi V2TW, 

1, we'll need to analyze this log. Thank you for submission

2, please follow userguide here: https://download.eset.com/com/eset/apps/business/evsa/nsx/latest/eset_evs_nsx_userguide_enu.pdf section 7.3

3, currently Linux guest introspection is not supported, but it's planned for version 1.6

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...