Security for Virtualized Environments (SVE) is the first comprehensive security solution for virtualized datacenters. The solution protects virtualized Windows, Linux, and Solaris systems, both servers and desktops. While integrated with VMware vShield, the unique architecture of the solution allows it to be leveraged when using any system virtualization offering.
This article provides information on the improvements introduced in Security for Virtualized Environments version 1.2.3 (released on August 8, 2012), the list of known and resolved issues and the upgrade procedure. Starting with version 1.2.2, all references to Citrix and Microsoft environments use the Multi-Platform attribute instead.
Version 1.2.3 is a minor update to version 1.2 (it is also referred to as Version 1.2 Update 3). This version delivers a number of minor improvements and fixes some of the known issues mentioned in Version 1.2.2 Release Notes.
New Features and Improvements
- Custom Real Time Scan policies can now be assigned to objects from the Hosts and Clusters inventory view, including hosts, clusters, resource pools, vApps, folders. By assigning a policy to a resource pool, you can make sure that any VM added to that resource pool complies with the assigned policy.
An inventory object can have multiple policies assigned at the same time, but at different levels in the inventory tree (for example, one policy directly assigned to a VM, and another one assigned to the parent host or datacenter of the VM). Only one policy is active at any time: last created/modified policy. If the object is moved inside another parent object, it keeps the current active policy only if that policy is assigned directly to it. If the active policy was inherited from the parent object, then it is replaced with the active policy of the new parent object. A policy assigned to a container from the Hosts and Clusters view has priority over a policy assigned to a container from the Virtual Machines view.
- Policies can be assigned to vApps from both Hosts and Clusters and Virtual Machines views.
- Improved log messages, status messages and execution report for scan tasks.
- Optimized log messages related to updates.
- Security Console remembers the VM inventory view (Virtual Machines or Hosts and Clusters) preferred by the user. Inventory view no longer defaults to Virtual Machines.
- To ensure improved performance, file and email archive scanning options are by default disabled in Real Time Scan policies. This configuration does not leave virtual machines vulnerable because (a) infected archived files must first be extracted for the malware to be able to spread, and (b) in case someone accesses an infected file from an archive, that file is scanned and the malware is removed or contained automatically on-access.
- The Quarantine Tool executable file for Windows was digitally signed to ensure its authenticity and, thus, avoid browser warnings.
- Added options to Real-time Scan policy to enable/disable Silent Agent system tray icon and notifications. Enable Silent Mode to hide Silent Agent system tray icon and notifications. If you want to display notification pop-ups on users’ screen, disable Silent Mode and enable the notification pop-ups option. This option helps keep users aware of Bitdefender’s actions in VDI deployments. (Introduced by a subsequent minor update to version 1.2.3, released on August 23, 2012)
Following issues discovered after the release of version 1.2.2 were fixed:
- The Security Virtual Appliance obtains IP address via DHCP with large delay.
- NTFS Alternate Data Streams are not scanned during an offline scan.
- Security Console accepts two username syntaxes when logging in with local vCenterServer users, LocalUser and Hostname\LocalUser, but treats them as separate users. To avoid this issue, Bitdefender recommends to always use the same syntax (version LocalUser is preferred).
- Security Console and Security Virtual Appliance might fail to boot up after deployment if the time of the ESXi host is incorrectly set to a past date. In such situations, the appliance console in vSphere Client displays fsck errors reporting that the last mount time of extended partitions is in the future. The workaround is to ignore the fsck errors by pressing the I key in the appliance console. The issue does not reproduce for subsequent reboots.
To prevent this issue, make sure the ESXi hosts in your environment are synchronized with a reliable time source. For example, with a Network Time Protocol (NTP) server.
- Silent Agent is only available in English.
- Offline Scan does not work when logged in to Security Console with a user that does not have administrator permission on the root vCenter Server.
- Offline Scan does not scan LVM, SVM or GPT partitions.
- Windows VMs going into sleep or hibernation, or booting up, might trigger Antimalware OFF notifications.
- Some features and options are not available for Linux and Solaris VMs.
o Real-time scan and corresponding policy
o Following options in On Demand Scan and Quick Scan policies and corresponding tasks: Scan memory, Scan detachable volumes, Scan shadow copy volumes
o Memory Scan task
- Locked files can be quarantined multiple times.
- Restoring files from quarantine does not currently work.
- On-demand scans follow symlinks outside the specified scan target, also disregarding file and folder exclusions. If a scanned symlink references a file or folder not included in the scan target or explicitly excluded from scanning, that file or folder will be scanned and actions will be taken on detected threats.
- If a user has configured email notifications in Security Console and changes the user password in vCenter Server, email notifications cannot be sent until the user logs in to Security Console. The workaround for this issue is to log in to Security Console immediately after changing the user password in vCenter Server.
New Features and Improvements
- Upgraded the Silent Agent file driver with a new version designed to improve performance.
- Added new option on the General > Display policy settings page to allow displaying Silent Agent notifications. This option helps keep users aware of Bitdefender’s actions in VDI deployments. (Introduced by a subsequent minor update to version 1.2.3, released on August 23, 2012)
- Policy allows specifying multiple Security Virtual Appliances that Silent Agent can use for scanning (settings available on the General > Advanced page). Silent Agent selects one of the specified Security Virtual Appliances based on their priority and availability. If the Security Virtual Appliance with priority 1 is initially unavailable, or becomes unavailable later on, Silent Agent attempts to connect to the Security Virtual Appliance with priority 2 and so on, until it finds a Security Virtual Appliance that is available. The preferred Security Virtual Appliance for the specific group of agents selected in the policy target must be set with priority 1.
- Added option on the General > Display policy settings page to enable/disable Silent Mode (hide/show Silent Agent icon in the Windows notification area). When Silent Mode is enabled, the Silent Agent GUI is not loaded automatically at startup, freeing up associated resources. Even if the notification area icon is not available, users can still access the main program window from the Windows Start menu.
- Communication between Silent Agent and Security Virtual Appliance can be secured using Secure Sockets Layer (SSL). Related options are available as follows:
o Under the Company Account, on the account page (click the account name in the upper-right corner of the page)
o Under any administrator account, on the General > Advanced policy settings page
The port used for SSL-secured communication is 7083. The port used for unsecured communication is the same (7081).
- When manually removing Silent Agent from virtual machines, they do not disappear from Security Console.
- Some formatting issues might appear in policy settings windows.
- Multi-platform Silent Agent does not currently support Solaris.
- Silent Agent is only available in English.
- Some managed virtual machines might also appear as unmanaged, but with different IPs.
- If the Silent Agent daemons are stopped on Linux clients and an Uninstall task is run from Security Console, clients are removed from console, but Silent Agent is not.
For information on upgrading from a version prior to 1.2, refer to this KB article.
To upgrade from version 1.2.x, follow the information provided hereinafter. You need to upgrade both the SVE appliances and agents.
Upgrading from version 1.2.x (VMware vShield)
Upgrade can be performed from Security Console:
1. Prerequisite: Check that all Security Virtual Appliance instances installed in your environment are up and running and that they communicate with the Security Console appliance. For example, appliances must be powered on.
2. Connect to Security Console via HTTPS.
3. Go to the Computers > Security VMs page. You can see that updates are available for installed appliances.
4. Click the Update link corresponding to the Security Console appliance to upgrade all installed appliances.
5. Wait for all appliances to be upgraded.
6. If you have deployed Silent Agent on virtual machines, go to the Computers > Silent Agents page to upgrade them.
a. Select all VMs listed in the table.
b. Click Actions and choose Upgrade Silent Agent.
Upgrading from version 1.2.x (Multi-Platform)
The upgrade procedure requires manually updating each installed appliance from the command line interface of each virtual machine.
Upgrade can be performed by following these steps:
1. Upgrade Security Console by running the following commands in the appliance’s CLI:
$ apt-get update
$ apt-get install bitdefender-web-server
2. Upgrade Security Virtual Appliance by running the following commands in the appliance’s CLI:
$ apt-get update
$ apt-get install bitdefender-scan-server
3. Windows Silent Agent is automatically upgraded during regular update process. Linux Silent Agent must be upgraded by reinstalling it using the new packages available in the upgraded Security Console version. For more information on installing Linux Silent Agent, refer to the Administrator’s Guide.