We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
1
9
2017
3.1.2023

Avoid Virtual Machine Performance Problems from Antivirus Tools

Last updated:
9.16.2020
3.1.2023
No items found.
antivirus for virtual machines can cause performance problems

You’re probably familiar with the kind of performance issues inherent in antivirus/antimalware tools. Anyone who has used a PC when the antivirus scan boots up can attest to sluggish performance. The same issues rear their head when using antivirus in a virtual environment – but virtual machines come with their own set of wrinkles.

Antivirus software can be installed either on the VM itself or on the host. Depending on your approach, you’ll want to consider these key factors to maximize performance.
 

Agent or agentless?

For VMware cloud environments, an agentless antivirus is often the best option for maximum performance. Agentless AV software installs on its own VM that then scans the other VMs. This VM is called a Security Virtual Appliance or SVA. Agentless AVs can typically take advantage of applied policies, scheduling, and optimization. VMware’s own vShield is one example of an SVA, but other vendors like Trend Micro integrate their VSAs with vShield APIs.

Agentless solutions may be more basic in their scanning as they don’t always have quarantine. They generally provide file scanning but not active processes in CPU or memory.

Installing an agent-based antivirus program is much more similar to the antivirus tools you may already have on your PC. In this case, the software is installed on each VM itself and operates in a similar manner to desktop scans.

Agent-based security solutions might have more granular scanning abilities (which is not even always true), but they come with a high performance price tag. Each VM takes a memory and CPU hit, which adds up significantly over an entire virtual data center. Another problem is antivirus storms, which occur when multiple machines run their scans or updates at the same time, dramatically increasing resource demand.

Agent-based AVs also require more involved administration, as each VM must have software deployed and updated individually. When VMs are migrated or change state, the AV must often be reconfigured.

 

Configuring for performance

While it may slightly increase risk, for best performance you will likely want to exclude some VMware files from the AV scan, namely the:

Many AV tools can not read these types of files in any case, and they are unlikely to be used as an attack vector. If they do attempt to scan them, scanning the disk files while accessing them can negatively affect administration of the VM.

Some allocation rules of thumb can help improve performance when using AV, too. Dynamic memory allocation can assign additional memory when needed, but you’ll want to set limits or risk running up a high bill for your cloud. Same with CPU — your AV should have configuration options for maximum CPU consumption. Disk I/O increases during a scan, as well. Because of the performance toll, you will want to randomize your scans or set up a staggered schedule to avoid AV storms.

 

Ultimately, running an AV for your virtual environment is not much more difficult than administrating AVs for desktops or physical servers. If you need help setting up an AV or want to purchase a license as part of your cloud deployment, Green House Data can help maximize your performance and manage your licensing, updates, scheduling, and more.

Recent Blog Posts

lunavi logo alternate white and yellow
3.27.2024
03
.
27
.
2024
Utilizing Bicep Parameter Files with ALZ-Bicep

Ready to achieve more efficient Azure Deployments? You can use Bicep parameters instead of JSON which opens new opportunities for deployment. Let Lunavi expert, Joe Thompson, show you how.

Learn more
lunavi logo alternate white and yellow
3.26.2024
03
.
04
.
2024
Anticipating Surges in Cyber Attacks and Bolstering Your InfoSec Defenses in 2024

Learn how to navigate 2024 with the right InfoSec defenses to protect your organization against a rising number of cyber attacks.

Learn more
lunavi logo alternate white and yellow
3.26.2024
01
.
03
.
2024
Microsoft Copilot is Re-Shaping the Innovation Frontier

Microsoft 365 Copilot has been released, and it's changing the way we work. More than OpenAI or ChatGPT, read how Copilot can seamlessly integrate with your workflow.

Learn more