Virtual Desktop – Antivirus
If using hosted shared desktops or hosted VM-based VDI desktops, those virtual desktops are located within the data center with other critical systems. If a virus made it into the data center, the entire infrastructure is at serious risk. However, simply adding an antivirus solution to the virtual desktop can protect the environment. So what’s the big deal? Just do it right? Well, nothing is as simple as one expects it to be. Antivirus can have a major impact on the virtualization infrastructure, and even cause users to experience poor virtual desktop performance, if done improperly.
If the virtual desktops are streamed with Provisioning services, and those desktops start a full system scan at roughly the same time. Provisioning services only streams the portions of the disk image that are required. However, if a full system scan is done, those virtual desktops will eventually request the entire vDisk image. This not only overwhelms the network and Provisioning services, but also impacts the storage infrastructure as the write cache is utilized and explodes in size. Overcoming these issues is a fairly easy matter and is based on the following recommendations:
- The desktop image must be free from viruses. It is recommended to do a full system scan in private image (read/write) mode. This guarantees the image is clean.
- When the desktop image is in standard mode (read-only), the antivirus should be configured as follows:
- Only scan create/modify activities of files
- Scan on write events only
- Scan local drives only
- Exclusions
- Pagefile
- Print Spooler directory
- Write cache file
- EdgeSight database
- ICA client’s bitmap cache directory
- Remove the antivirus configurations from the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\Current Version\Run registry key
- Reconfigure antivirus so that the virus definitions file is stored on a persistent disk so antivirus doens’t have to download the entire definition file on each startup.
