Welcome to MSDN Blogs Sign in | Join | Help

Virtual PC / Virtual Server and Antivirus programs on the host computer

Occasionally we hear reports of customer seeing bad interactions between Virtual PC / Virtual Server and antivirus programs on their host operating system.  This seems to happen because Virtual PC / Virtual Server are making large amounts of changes to very large files - and this is not a typical file access pattern that Antivirus programs are expecting.

Problems that people usually see are random errors opening .VHD files and degraded performance of virtual machines.

To address this we recommend that users check their antivirus program to see if it can exclude .VHD, .VUD and .VSV files from live virus scanning.  Doing this usually solves any problems - and does not increase the users risk to viruses as the host based virus scanner would not be able to detect a virus in the virtual machines by scanning these files anyway.

Cheers,
Ben

Published Wednesday, September 14, 2005 11:23 AM by Virtual PC Guy

Comments

Wednesday, September 14, 2005 7:44 PM by Paul

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

Except, of course, if someone puts a virus in a file, gives it a vhd extension, and finds some way of executing it ... but I can't think of any :)
Wednesday, September 14, 2005 10:41 PM by Norman Diamond

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

How does the user detect that an antivirus program is slowing down accesses to VHD files?

The suggested workaround reminds me of the way some antivirus programs automatically refrain from scanning DBX files (Outlook Express folders). Some offer options and let the user know if the DBX files are included in scans or not, but some don't say.
Thursday, September 15, 2005 3:03 AM by Jonathan

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

"How does the user detect that an antivirus program is slowing down accesses to VHD files?"

1. Guests seems to run really slow.
2. User looks for cause, sees real-time AV on the host, thinks "those AV programs alway cause trouble!", disables real-time AV on the host.
3. Guests run better.
Friday, September 16, 2005 7:09 AM by bfallar3

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

so does the vmadditions.iso to support Windows Vista works? Can you guide me step by step?
Saturday, September 17, 2005 6:35 AM by Phillip

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

What anti-virus programs (and versions) allow setting exclusions? Are there factors to look for on running an anti-virus inside a VM?

I think the latest McAfee does not, and the Symantec and TrendMicro do.

A side question, is this a hole in the anti-virus programs that do? Wouldn't a virus be able to configure the program to not scan it?
Saturday, September 17, 2005 1:17 PM by tobias

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

ben, I think that advice is rather pointing potential virus writers to name their files with the extensions you provided. I would only follow you to the point to exclude some file (identified by absolute path) from scanning.

Even though some AV software allows excluding all files of a certain extension, I regard this a bad idea.

how about Microsoft publishing some hints for AV software vendors as to efficiently scan Virtual Server / Virtual PCs files?

Cheers,

tobias
Monday, September 19, 2005 2:41 PM by Virtual PC Guy

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

Phillip -

I do not know which AV programs offer this specific option or not.

Tobias -

As was noted earlier in the thread there is littel risk from doing this as the .VHD file is a data file and not an executable file. It is highly unlikely that you would get a host vectored virus in a .VHD.

Cheers,
Ben
Wednesday, October 05, 2005 7:56 AM by Chris

# re: Virtual PC / Virtual Server and Antivirus programs on the host computer

Some anti-spyware and backup applications can also cause the same issue.
New Comments to this post are disabled
 
Page view tracker