Virtualization Support

The Cybereason platform protects endpoints running various guest operating systems, which can be hosted on different virtualization and cloud computing platforms, such as Citrix, VMware, Azure, AWS, GCP, and more.

Note

The Cybereason platform supports all AVD/VDI deployments, as long as they are persistent virtual machines across login sessions. We offer limited support for non-persistent virtual machines (where every login is a new reset instance), and we plan to improve this support in the future.

Virtual Desktop (VDI) environments

In VDI environments, you install a Cybereason sensor on the following VDI platform components:

  • VMs

  • Underlying server operating system that supports the VDI platform.

VDI support

Note

Sensors that use Signature-based analysis (Anti-Malware > Signatures mode) require between 250-500 MB for the Cybereason platform to store and update the Signatures database. At least 250 MB of storage is required regardless of the update. Environments that lack these resources cannot operate correctly.

See Clone Machines and Sensors using a Golden Image for information on deploying a golden image on VMs.

In some virtual desktop environments, end users may experience slower logon times if a large number of virtual machines connect at the same time. To address this issue, contact Technical Support and request a sensor configuration change so that sensor collection starts within a configurable time range after the machine starts. The default time range is 30–90 seconds.

Virtual Application environments

You install a Cybereason sensor on the underlying server operating system that supports the virtual application platform.

You do not need to install the Cybereason sensor on the Virtual Applications (VA), such as Microsoft Word.

Virtual Application

Known Limitations

The guest VM operating systems run on a hypervisor using the full virtualization technique and not the para-virtualization technique.

WHAT ARE THE KNOWN LIMITATIONS FOR NON-PERSISTENT VDI ENVIRONMENTS?

Known Limitations for non-persistent VDI environments

The Cybereason platform supports all AVD/VDI deployments, as long as they are persistent virtual machines across login sessions.

We offer limited support for non-persistent virtual machines (where every login is a new reset instance, usually from a golden image). We plan to improve this support in the future.

Some known limitations for non-persistent VDI environments include:

  • Signatures mode (AV) - This feature is fully functional, however the Signature database updates may cause network traffic on golden images. Mitigation: You can reduce the update frequency and potentially use a Local Update server.

  • Sensor identification - Random machine names may cause a large number of historical entries of offline sensors to appear in the Sensors screen. Mitigation: You can configure how frequently offline sensors should be archived, decommissioned, or deleted from the Settings screen.