Views:

Apex One as a Service does not have a VDI plug-in like its on-premise version, since it requires a direct connection to VDI host servers and it’s not applicable in most environments.

However, Apex One as a Service can support VDI clients that meet the following conditions:

  • Using a supported client OS

    This information can be found in the system requirement.

  • Program Update is disabled

    Customers should regularly update VDI golden images to update Apex One as a Service agent programs.

    • Pattern update  can be enabled as usual.
    • This is to reduce high disk I/O during a program update being deployed to VDI agents.
  • Scheduled Scan is disabled

    As Scheduled Scan triggers lots of disk I/O at the same time, Trend Micro suggests disabling Scheduled Scan on VDI agents

VMware™Citrix™Microsoft™
  • ESX/ESXi Server (Server Edition) 5.x, 6.x
  • ESXi 7.0
  • Server (Server Edition) 1.0.3, 2
  • Workstation and Workstation ACE Edition 7.0, 7.1, 8.0, 9.0, 10.0, 11.0, 12.0, 14.0, 15.0
  • vCenter™ 5.0, 5.1, 5.5, 6.x
  • View™ 5.0, 5.1, 5.3, 6.x
  • Horizon® Air™ Desktops
  • Horizon® Mirage™ 5.x
  • Horizon® View™ 7
  • Horizon® View™ 8
  • XenDesktop 5.0, 5.5, 5.6, 7.x
  • XenServer 6.5, 7.0
  • XenApp 4.5, 5.0, 6.0, 6.5, 7.x
  • VDI-in-a-Box 5.1

Hyper-V Server:

  • Microsoft Hyper-V Server 2008/2008 R2 (64-bit)
  • Microsoft Hyper-V Server 2012/2012 R2 (64-bit)
  • Microsoft Hyper-V Server 2016 (64-bit)
  • Windows Server 2008/2008 R2 (64-bit) Hyper-V

Windows Server Hyper-V:

  • Windows Server 2008/2008 R2 (64-bit) Hyper-V
  • Windows Server 2012/2012 R2 (64-bit) Hyper-V
  • Windows Server 2016 (64-bit) Hyper-V
  • Windows 8/8.1 Pro/Enterprise (64-bit) Hyper-V
  • Windows 10 Pro/Enterprise (64-bit) Hyper-V

Windows Virtual Desktop

  1. Why does Apex Central report Windows 10 Enterprise multi-session (Azure VDI) as a Windows Server 2019 machine?

    Windows 10 Enterprise Multi-session is a virtual edition of Windows 10 Enterprise. One of the modifications on the ProductType leads the Apex One agent to identify these endpoints as Server instead of Desktop. This is a normal behavior based on the Windows 10 Enterprise multi-session FAQ article from Microsoft.

  2. Apex Central applies server-based policy settings to the target Azure WVD endpoint.

    Because of limitation (1), the Apex Central will apply server-based policy settings instead of client-based settings by default. Therefore, the administrator will need to create a separate policy for the Azure WVD VM and enable additional client-based protection settings.

    Please refer to Overview of Apex One as a Service Security Agent Features on Different Platforms for more information.

  3. Alert Notification shows up for every logged on User.

    Because Azure WVD is multi-session (shared vm), the Apex One alert notification will show up for every logged on user. A workaround is to disable notification display on the protection settings of each user.

  4. Threat detection logs (AV, BM, WRS, etc.) gets associated to the "Last Logon User".

    In a multi-session scenario (e.g. each logon user initiated a separate session), the Apex One as a Service agent can only associate users to Data Loss Prevention violation logs but not for other threat detections (e.g. Virus, Behavior Monitoring, etc.).

  5. When Apex One agent has been installed in a non-persistent VDI environment, the EDR features can work well in the desktop lifecycle until it has been destroyed.

    Once the desktop lifecycle has been destroyed, the Apex One agent will no longer be active. There are following limitations of EDR features.

    • Users can still do historical investigation before Apex One has removed inactive agents and purged their data.

      • Users can configure when to remove the inactive agent through the Apex One web console.
      • When to purge the data depends on the licenses purchased.
    • Users cannot do live investigation or response because the agent is inactive.
Keywords: VDI, VDI support information, VDI support condition