- Messages
- 4,373
- Location
- Hafnarfjörður IS
Hi there.
Can't seem to find any sensible consensus on this topic - and it never seems to be discussed so am I missing something here.
If say I have a Windows Guest running its own AV software whether it's Windows defender or anything else then it seems to me that by having the HOST also running an AV software we are going to have two pieces of AV software running on the same data areas (the VM Disks).
It would seem to make sense to exclude the VM directories from the HOST's AV scan when the VM's are running -- but I haven't seen any mechanism to dynamically turn off parts of the AV system -- it's either an ALL or NONE mechanism.
I'm sure the performance of both HOST and GUESTS could be enhanced if AV software was ONLY running on the machines it needed to be - but AV software doesn't seem to allow for excluding certain parts of the machines.
If I have up and running say 4 VM's - that's my normal usage - then on the Virtual Machine directory on the Host I could have 5 (yes FIVE) AV pieces of software scanning / protecting it (The VM directories / data areas) at all times -- I think even the most security conscious person on the planet would suggest that this is indeed grossly overkill. - The VM's of course need to be individually protected if they are on the Net.
If you use VM's a lot (and I do) you want to get as much performance as possible out of them. As an individual I can't afford masses amount of hardware like enterprises have but I still want my VM's to run as efficiently as possible.
Cheers
jimbo
Can't seem to find any sensible consensus on this topic - and it never seems to be discussed so am I missing something here.
If say I have a Windows Guest running its own AV software whether it's Windows defender or anything else then it seems to me that by having the HOST also running an AV software we are going to have two pieces of AV software running on the same data areas (the VM Disks).
It would seem to make sense to exclude the VM directories from the HOST's AV scan when the VM's are running -- but I haven't seen any mechanism to dynamically turn off parts of the AV system -- it's either an ALL or NONE mechanism.
I'm sure the performance of both HOST and GUESTS could be enhanced if AV software was ONLY running on the machines it needed to be - but AV software doesn't seem to allow for excluding certain parts of the machines.
If I have up and running say 4 VM's - that's my normal usage - then on the Virtual Machine directory on the Host I could have 5 (yes FIVE) AV pieces of software scanning / protecting it (The VM directories / data areas) at all times -- I think even the most security conscious person on the planet would suggest that this is indeed grossly overkill. - The VM's of course need to be individually protected if they are on the Net.
If you use VM's a lot (and I do) you want to get as much performance as possible out of them. As an individual I can't afford masses amount of hardware like enterprises have but I still want my VM's to run as efficiently as possible.
Cheers
jimbo
My Computer
System One
-
- OS
- Linux Centos 7, W8.1, W7, W2K3 Server W10
- Computer type
- PC/Desktop
- Monitor(s) Displays
- 1 X LG 40 inch TV
- Hard Drives
- SSD's * 3 (Samsung 840 series) 250 GB
2 X 3 TB sata
5 X 1 TB sata
- Internet Speed
- 0.12 GB/s (120Mb/s)