Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Can the agent run on a clustered Hyper-V host server?

App Control: Can the agent run on a clustered Hyper-V host server?

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows Server: All Supported Versions
  • Hyper-V Virtual Host Server

Question

Can the agent run on a clustered Hyper-V host server?

Answer

No, Hyper-V servers running CSV (Clustered Shared Volumes) are not supported, because the agent will be unable to detect changes that occur on one node of the cluster on the other nodes.

Additional Notes

  • Essentially, in a CSV (Clustered Shared Volumes) environment, the agent’s inventory will not be fully accurate. When changes are made to one node, the agent running on the other node will not be aware of the change (modifications happen without CB Protection agent seeing), thus when that file goes to execute from the other node, the file will be seen as new and will block in high or medium enforcement if the file is not globally approved.
  • The opposite is also possible where you could have an approved file that both nodes initialized. On one node, a malicious/unapproved/banned file could override it. The node that saw the modification would block the execution, but the node that didn’t would still think that the file was approved.
  • The filter driver on the Hyper-V host can also change the direct access of the shared disks and change them to indirect storage, making the communication with the disks very slow. This would have a huge negatrive effect on the VM's running on the host.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-21-2019
Views:
1567
Contributors