A lot of times this question has been asked, is there such a thing as an anti-virus for virtual machines, not at the operating system level but at a virtual infrastructure level. For example, an antivirus ‘server’ that could monitor all activity in your VMs, independent of their operating systems (Windows, Linux, Unix). A central engine or vm that could scan all your IP ranges in your virtual infrastructure.

Centralized Virus scanning for all your virtual machines:

Enter the world of ‘agentless scanning’ ! With agentless scanning, you have a light weight central scanner that works with your VDI (virtual desktop infrastructure) and servers seamlessly. There is no need to deploy and maintain individual virus scanners or scan engines for each of your virtual machines. You can also use a SWG to protect against internet-based threats.

Advantages of agentless scanning for your Virtual Infrastructure:

The obvious advantages are lower maintenance, centralized administration, faster performance of the virtual machines due to low resource consumption. Updates are all done centrally, no need to install individual virus scanners on each machine. Functionality is exactly the same as the traditional anti virus solution. These central virtual machine scanning servers are very easy to deploy and integrate well into your infrastructure, most vendors will supply this as a virtual appliance often coupled with VPNs and Firewalls. Also, some memory viruses have the ability to disable the resident anti virus agent, by having an agentless technology for your VM, that threat is averted.

Disadvantages of centralized virus scanning of your virtual machines:

There are not many cons of agentless scanning, perhaps the only and most significant that it causes repeated traffic on the network and might contribute to slight congestion due to VM scans and discovery. This can be easily mitigated by having the balance between your network discovery of new virtual machines and reporting. Some network re-routing might also be necessary in the beginning to deploy the scanning node at the right place in your VDI. Endpoint protection only may not be enough as it provides protection against signature based attacks, not always protection against vulnerabilities from unpatched applications, social media type hacks.

Vendors offering anti virus solutions for virtual machines:

There are many vendors offering products for virtual environment like manufacturing ICS and OT cybersecurity, in particular agentless anti virus or protection at the hypervisor level, not inside the virtual machine.  Following is a quick list:

– Sophos VShield Security provides comprehensive agentless solution at endpoints as well a centrally managed security model for deployments inside virtual machines
– McAfee MOVE: This is more a centralized deployment and scanning tool for security inside of virtual machines, its not agentless but does help in standardizing security at a hypervisor level
– vMware Endpont VShield: VMware vShield Endpoint lets you manage anti-virus and anti-malware policies for virtualized environments with the same management interfaces you use to secure physical infrastructure. vShield Endpoint strengthens virtualization security with enhanced endpoint protection by offloading AV processing to a secure virtual appliance supplied by VMware partners

In conclusion, using endpoint solutions agentless or otherwise definitely weigh more on the Pros than the Cons. Added security might be needed from within, at an operating system level for the virtual machines unless there are more advanced solutions that gives you the best of both worlds in terms of anti virus solutions for the virtual environment