Virtual PC / Virtual Server and Antivirus programs on the host computer

Virtual PC / Virtual Server and Antivirus programs on the host computer

  • Comments 8

Occasionally we hear reports of customer seeing bad interactions between Virtual PC / Virtual Server and antivirus programs on their host operating system.  This seems to happen because Virtual PC / Virtual Server are making large amounts of changes to very large files - and this is not a typical file access pattern that Antivirus programs are expecting.

Problems that people usually see are random errors opening .VHD files and degraded performance of virtual machines.

To address this we recommend that users check their antivirus program to see if it can exclude .VHD, .VUD and .VSV files from live virus scanning.  Doing this usually solves any problems - and does not increase the users risk to viruses as the host based virus scanner would not be able to detect a virus in the virtual machines by scanning these files anyway.

Cheers,
Ben

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
  • Except, of course, if someone puts a virus in a file, gives it a vhd extension, and finds some way of executing it ... but I can't think of any :)
  • How does the user detect that an antivirus program is slowing down accesses to VHD files?

    The suggested workaround reminds me of the way some antivirus programs automatically refrain from scanning DBX files (Outlook Express folders). Some offer options and let the user know if the DBX files are included in scans or not, but some don't say.
  • "How does the user detect that an antivirus program is slowing down accesses to VHD files?"

    1. Guests seems to run really slow.
    2. User looks for cause, sees real-time AV on the host, thinks "those AV programs alway cause trouble!", disables real-time AV on the host.
    3. Guests run better.
  • so does the vmadditions.iso to support Windows Vista works? Can you guide me step by step?
  • What anti-virus programs (and versions) allow setting exclusions? Are there factors to look for on running an anti-virus inside a VM?

    I think the latest McAfee does not, and the Symantec and TrendMicro do.

    A side question, is this a hole in the anti-virus programs that do? Wouldn't a virus be able to configure the program to not scan it?
  • ben, I think that advice is rather pointing potential virus writers to name their files with the extensions you provided. I would only follow you to the point to exclude some file (identified by absolute path) from scanning.

    Even though some AV software allows excluding all files of a certain extension, I regard this a bad idea.

    how about Microsoft publishing some hints for AV software vendors as to efficiently scan Virtual Server / Virtual PCs files?

    Cheers,

    tobias
  • Phillip -

    I do not know which AV programs offer this specific option or not.

    Tobias -

    As was noted earlier in the thread there is littel risk from doing this as the .VHD file is a data file and not an executable file. It is highly unlikely that you would get a host vectored virus in a .VHD.

    Cheers,
    Ben
  • Some anti-spyware and backup applications can also cause the same issue.
Page 1 of 1 (8 items)