The vShield Endpoint driver is back in the bad books this week.
Looks like it is now causing our virtual machines to blue screen. grrrrr
If its not an issue with Trend Micro Deep Security, its an issue with vShield Endpoint!
This affected our Citrix Xenapp Provisioned Services Servers quite severely. They were blue screening every day. This has only affected one of our standard virtual machines – a file server crashed during the day the other week.
This will affect anyone using the latest officially released vShield driver 220.127.116.11 build-652273 and older versions.
This issue is confirmed by VMware to be fixed in a new version of the vShield Endpoint driver 18.104.22.168 build-813867 — another reason to contact VMware to get your hands on this driver as it has not been officially released yet.
I just noticed a new issue today with Microsoft’s ForeFront UAG and Trend Micro Deep Security.
The UAG does not recognise the Trend Micro Deep Security Agent as a compliant antivirus product and therefore any clients using the Trend Micro Deep Security agent will not gain privileged session access to the UAG.
Interestingly enough, the UAG ForeFront Endpoint Scanner detects the Trend Firewall component.
To confirm this is from a physical desktop with the DS agent installed. The DS agent is offering anti-malware protection, not a Deep Security Virtual Appliance, so the UAG should be able to detect it.
I can understand virtual servers or desktops not being recognised there will not be way for the UAG to verify whether the client has AV services running on it.
What I have done is following the instructions here to try and customise the endpoint components detection script.
Thankfully the detection script DETECTION.VBS already has Trend Micro Office Scan so I have added a new check ‘DetectTrendMicroDeepSecurityAntiVirus’ in the script for Trend Micro Deep Security to validate whether it is installed and running but determining whether it is up to date is beyond me.
I have escalated to Trend Engineering to see if they can assist.
Trend DS 8 not detected in UAG Endpoint Detection
If you are like me and you like to include the latest drivers in your SOE I have a word of warning about the vShield Endpoint Driver.
I included this in our 2008 R2 SP1 SOE as I knew we were going to be rolling out Trend Micro Deep Security.
Bad idea! The vShield Endpoint Driver makes the server practically unusable. You won’t be able to map network drives, you’ll get RPC replication issues, it will behave as if the most anal anti virus software has been installed with all features enabled.
Took me weeks to figure out it was this innocuous driver which wasn’t supposed to be doing anything…