Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Can the agent run on a clustered Hyper-V host server?

App Control: Can the agent run on a clustered Hyper-V host server?

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Hyper-V Virtual Host Server

Question

Does the Agent support Clustered Shared Volumes on Hyper-V Host Server?

Answer

No, Hyper-V Servers running CSV (Clustered Shared Volumes) are not supported. This is due in part to the Agent being unable to detect the changes between different nodes of the Cluster.

Additional Notes

  • Essentially, in a CSV (Clustered Shared Volumes) environment the Agent’s inventory will not be fully accurate. When changes are made to one node, the Agent running on the other node will not be aware of the change.
  • Thus, when that file executes from the other node, the file will be seen as new and will block in High or Medium Enforcement if the file is not otherwise Globally Approved.
  • The opposite is also possible where you could have an Approved file that both nodes initialized. On one node, a malicious/unapproved/banned file could override it. The node that saw the modification would block the execution, but the node that didn’t would still think that the file was approved.
  • The filter driver on the Hyper-V host can also change the direct access of the shared disks and change them to indirect storage, making the communication with the disks very slow. This would have a very negative effect on the performance of the VM's running on the host.

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-21-2019
Views:
2411
Contributors