This article clarifies the VDI support conditions for Apex One as a Service.
Apex One as a Service does not have a VDI plug-in like its on-premise version, since it requires a direct connection to VDI host servers and it’s not applicable in most environments.
However, Apex One as a Service can support VDI clients that meet the following conditions:
- Using a supported client OS
This information can be found in the system requirement.
- Program Update is disabled
Customers should regularly update VDI golden images to update Apex One as a Service agent programs.
- Pattern update can be enabled as usual.
- This is to reduce high disk I/O during a program update being deployed to VDI agents.
- Scheduled Scan is disabled
As Scheduled Scan triggers lots of disk I/O at the same time, Trend Micro suggests disabling Scheduled Scan on VDI agents
Windows Server Hyper-V:
Windows Virtual Desktop
In multi-session scenario (e.g. each logon user initiated a separate session), the Apex One as a Service agent can only associate users to Data Loss Prevention violation logs but not for other threat detections (e.g. Virus, Behavior Monitoring, etc.).
When Apex One agent has been installed in a non-persistent VDI environment, the EDR features can work well in the desktop lifecycle until it has been destroyed.
Once the desktop lifecycle has been destroyed, the Apex One agent will no longer be active. There are following limitations of EDR features.
Users can still do historical investigation before Apex One has removed inactive agents and purged their data.
- Users can configure when to remove the inactive agent through the Apex One web console.
- When to purge the data depends on the licenses purchased.
- Users cannot do live investigation or response because the agent is inactive.