Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Agentless and Agent-based anti-malware protection functionalities in Deep Security

    • Updated:
    • 19 Aug 2016
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Platform:
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 5.1
Summary

Know which functionalities are available in Agentless (Deep Security Virtual Appliance-based) and in-guest (Deep Security Agent-based) anti-malware protection.

Details
Public

See the table below for the list of available functionalities in Agentless and Agent-based anti-malware protection:

 Agentless (DSVA)In-Guest (DSA)
Feature and Component
Take action upon malware filesYesYes
Take action upon malware in memoryNoYes
Registry cleanupNoYes
Stop malware processesNoYes
Leverage VMware EndpointYesNo
Security
Firewall functionalityYesYes
Deep Packet Inspection functionalityYesYes
Log Inspection functionalityNoYes
Integrity Monitoring functionalityFile-based Integrity Monitoring onlyYes
Recommendation scan functionalityNo (DS 8.0 and below)Yes

Advantages of Deep Security Virtual Appliance (DSVA)-based protection:

  • No footprint on protected virtual machines (VMs)
    Protection will not result to resource contention on the VMs.
  • Minimal update-related traffic
    The absence of components on the VMs means that only update-related traffic such as virus pattern update, scan engine update, etc. occurs on the DSVA. The VMs are not affected by component updates.

Disadvantages of DSVA-based protection:

  • Lack of in-memory scanning
    If a Trojan manages to enter the VM, subsequent pattern updates may be able to detect the file component of the malware, but will not be able remove its in-memory components.
  • No damage cleanup
    Because of the absence of an in-guest component, the DSVA does not have the Damage Cleanup Service functionality which addresses changes to the Windows registry and similar malicious alterations.
  • Limited HIDS capability
    The DSVA is only limited to File-based Integrity Monitoring. It does not have the Log Inspection functionality.
  • Lack of recommendation scan functionality (For DSVA 8.0 and below only)
    The DSVA cannot retrieve metadata from the VMs that it protects, so the Deep Security Manager is not able to automatically ascertain the security requirements. Thus, the assignment of Deep Packet Inspection (DPI) and Integrity Monitoring (IM) rules is manual.

These disadvantages can be addressed by installing a DSA on the VM. However, a DSA will negate the DSVA advantages on resource contention and bandwidth conservation. Thus, administrators must assess the security needs of their environment to determine the appropriate combination of DSA-based and DSVA-based protection.

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1097692
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.