Virtualization Support

The Cybereason platform protects endpoints running various guest operating systems, which can be hosted on different virtualization and cloud computing platforms, such as Citrix, VMware, Azure, AWS, GCP, and more.

Note

The Cybereason platform supports all AVD/VDI deployments for persistent virtual machines across login sessions and non-persistent virtual (VDI)machines (where every login is a new reset instance). To ensure no sensor functionality is affected on non-persistent VDI machines, ensure you follow the Best Practices for Non-VPI Sensor Deployment.

Virtual Desktop (VDI) environments

In VDI environments, you install a Cybereason sensor on the following VDI platform components:

  • VMs

  • Underlying server operating system that supports the VDI platform.

VDI support

Note

Sensors that use Signature-based analysis (Anti-Malware > Signatures mode) require between 250-500 MB for the Cybereason platform to store and update the Signatures database. At least 250 MB of storage is required regardless of the update. Environments that lack these resources cannot operate correctly.

See Clone Machines and Sensors using a Golden Image for information on deploying a golden image on VMs.

In some virtual desktop environments, end users may experience slower logon times if a large number of virtual machines connect at the same time. To address this issue, contact Technical Support and request a sensor configuration change so that sensor collection starts within a configurable time range after the machine starts. The default time range is 30–90 seconds.

Virtual Application environments

You install a Cybereason sensor on the underlying server operating system that supports the virtual application platform.

You do not need to install the Cybereason sensor on the Virtual Applications (VA), such as Microsoft Word.

Virtual Application

Known Limitations

The following are limitations for virtualization and the Cybereason platform:

  • The guest VM operating systems run on a hypervisor using the full virtualization technique and not the para-virtualization technique.

  • In non-persistent VDI environments:

    • The Anti-Malware > Signatures mode (AV) is fully functional, but the Signature database updates may cause network traffic on golden images.

      You can reduce the update frequency and potentially use a Local Update server.

    • Sensor identification - Random machine names may cause a large number of historical entries of offline sensors to appear in the Sensors screen.

      You can configure how frequently offline sensors should be archived, decommissioned, or deleted from the Settings screen.