This article clarifies the VDI support conditions for Apex One as a Service.
Apex One as a Service does not have a VDI plug-in like its on-premise version, since it requires a direct connection to VDI host servers and it’s not applicable in most environments.
However, Apex One as a Service can support VDI clients that meet the following conditions:
- Using a supported client OS
This information can be found in the system requirement.
- Program Update is disabled
Customers should regularly update VDI golden images to update Apex One as a Service agent programs.
- Pattern update can be enabled as usual.
- This is to reduce high disk I/O during a program update being deployed to VDI agents.
- Scheduled Scan is disabled
As Scheduled Scan triggers lots of disk I/O at the same time, Trend Micro suggests disabling Scheduled Scan on VDI agents
Windows Server Hyper-V:
Windows Virtual Desktop
- Why does Apex Central report Windows 10 Enterprise multi-session (Azure VDI) as a Windows Server 2019 machine?
Windows 10 Enterprise Multi-session is a virtual edition of Windows 10 Enterprise. One of the modifications on the ProductType leads the Apex One agent to identify these endpoints as Server instead of Desktop. This is a normal behavior based on the Windows 10 Enterprise multi-session FAQ article from Microsoft.
- Apex Central applies server-based policy settings to the target Azure WVD endpoint.
Because of limitation (1), the Apex Central will apply server-based policy settings instead of client-based settings by default. Therefore, the administrator will need to create a separate policy for the Azure WVD VM and enable additional client-based protection settings.
Please refer to Overview of Apex One as a Service Security Agent Features on Different Platforms for more information.
- Alert Notification shows up for every logged on User.
Because Azure WVD is multi-session (shared vm), the Apex One alert notification will show up for every logged on user. A workaround is to disable notification display on the protection settings of each user.
- Threat detection logs (AV, BM, WRS, etc.) gets associated to the "Last Logon User".
In a multi-session scenario (e.g. each logon user initiated a separate session), the Apex One as a Service agent can only associate users to Data Loss Prevention violation logs but not for other threat detections (e.g. Virus, Behavior Monitoring, etc.).
- When Apex One agent has been installed in a non-persistent VDI environment, the EDR features can work well in the desktop lifecycle until it has been destroyed.
Once the desktop lifecycle has been destroyed, the Apex One agent will no longer be active. There are following limitations of EDR features.
Users can still do historical investigation before Apex One has removed inactive agents and purged their data.
- Users can configure when to remove the inactive agent through the Apex One web console.
- When to purge the data depends on the licenses purchased.
- Users cannot do live investigation or response because the agent is inactive.