MOVE Antivirus [Agentless]
McAfee MOVE AntiVirus Agentless provides virus protection for virtual machines and contains a Security Virtual Machine (SVM) delivered as an Open Virtualization Format (OVF) package.
The Agentless deployment option:
- Uses the VMware vShield Endpoint API to receive scan requests from virtual machines on the hypervisor.
- Relies on VirusScan Enterprise for Linux for SVA protection and updates.
- Uses ePolicy Orchestrator to manage the MOVE (Management for Optimized Virtualization Environments) configuration on the SVA.
- Leverages the McAfee Agent for policy and event handling.
- Provides reports on viruses that are discovered on the virtual machines using ePolicy Orchestrator.
Supported softwareMcAfee MOVE AntiVirus Agentless 4.7 is supported with:
- VMware ESXi 6.0, 6.5, 6.7.
- NSX Manager 6.3.0, 6.4.0, 6.4.1
EPSECLIB_BUILD_NUMBER_8226936
McAfee MOVE Antivirus Agentless 4.8 is supported with:
- VMware ESXi 6.0U2, 6.5, 6.7
- NSX Manager 6.3.3, 6.4.0, 6.4.1
EPSECLIB_BUILD_NUMBER_8226936
McAfee MOVE Antivirus Agentless 4.8.1 is supported with:
VMware ESXi 6.0U2, 6.5, 6.7
NSX Manager 6.4.0, 6.4.1, 6.4.2, 6.4.4, 6.4.5, 6.4.6
EPSECLIB_BUILD_NUMBER_8226936
McAfee MOVE Antivirus Agentless 4.9.0 is supported with:
VMware ESXi 6.0U2, 6.5, 6.7, 7.0
NSX Manager 6.4.0, 6.4.1, 6.4.2, 6.4.4, 6.4.5, 6.4.6, 6.4.8
EPSECLIB_BUILD_NUMBER_8226936
For more information on the additional supported software, see the
VMware Compatibility Guide.
Support information
TroubleshootingTo change the log level to DEBUG, run the following command:
sudo /opt/McAfee/move/bin/chloglevel DEBUG DEBUG DEBUG.
The logs are available at:
/opt/McAfee/move/log/ directory.
- mvsvc.log: This is the main service log for MOVE AV Agentless.
- mvmaprxy.log: This is the log for MOVE AV Agentless proxy service that interacts with McAfee Agent for policy enforcement, event generation and property collection. mvhypervisor.log and mvhyperout.log: These are the logs for MOVE AV Agentless JAVA service.
The EPSec logs will be available at /var/log/syslog in MOVE SVA. By default this will be disabled.
Before enabling epsec logging, disable
apparmor for move service.
- sudo aa-disable mvsvc
- sudo move service restart
Please follow this KB to enable epsec logging –
https://kb.vmware.com/s/article/2133428.
MOVE 4.7 product guideSteps to upgrade from previous partner solution versions:
https://kc.mcafee.com/corporate/index?page=content&id=PD27027.Support ProcessSLA
- Gold Customer Severity 1 - 4
- Gold Customer Severity 2 - 15
- Gold Customer Severity 3 - 50
- Platinum Customer Severity 1 - 2
- Platinum Customer Severity 2 - 10
- Platinum Customer Severity 3 - 21
For example: If the Severity is “1” for Gold customer, then engineering should provide a solution within 4 days and same for others.
Escalation Process
- Customer raises an SR.
- Support Tier1 does initial triaging.
- If it does get solved by tier-1, 2 and 3, the bug comes to engineering.