This article provides information on the McAfee MOVE AntiVirus Agentless deployment option that is designed to integrate with VMware vSphere using NSX Manager.

Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see McAfee MOVE AntiVirus.

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x

MOVE Antivirus [Agentless]

McAfee MOVE AntiVirus Agentless provides virus protection for virtual machines and contains a Security Virtual Machine (SVM) delivered as an Open Virtualization Format (OVF) package.
The Agentless deployment option:

• Uses the VMware vShield Endpoint API to receive scan requests from virtual machines on the hypervisor.
• Relies on VirusScan Enterprise for Linux for SVA protection and updates.
• Uses ePolicy Orchestrator to manage the MOVE (Management for Optimized Virtualization Environments) configuration on the SVA.
• Leverages the McAfee Agent for policy and event handling.
• Provides reports on viruses that are discovered on the virtual machines using ePolicy Orchestrator.

Supported software

McAfee MOVE AntiVirus Agentless 4.7 is supported with:

• VMware ESXi 6.0, 6.5, 6.7.
• NSX Manager 6.3.0, 6.4.0, 6.4.1

EPSECLIB_BUILD_NUMBER_8226936

McAfee MOVE Antivirus Agentless 4.8 is supported with:

• VMware ESXi 6.0U2, 6.5, 6.7 
• NSX Manager 6.3.3, 6.4.0, 6.4.1 

EPSECLIB_BUILD_NUMBER_8226936 

McAfee MOVE Antivirus Agentless 4.8.1 is supported with:

VMware ESXi 6.0U2, 6.5, 6.7
NSX Manager 6.4.0, 6.4.1, 6.4.2, 6.4.4, 6.4.5, 6.4.6
EPSECLIB_BUILD_NUMBER_8226936

McAfee MOVE Antivirus Agentless 4.9.0 is supported with:

VMware ESXi 6.0U2, 6.5, 6.7, 7.0
NSX Manager 6.4.0, 6.4.1, 6.4.2, 6.4.4, 6.4.5, 6.4.6, 6.4.8
EPSECLIB_BUILD_NUMBER_8226936

For more information on the additional supported software, see the VMware Compatibility Guide.

Support information

• To download the product, see the McAfee Download Center.
• MOVE 4.7 Installation Guide

Troubleshooting

To change the log level to DEBUG, run the following command:

sudo /opt/McAfee/move/bin/chloglevel DEBUG DEBUG DEBUG.

The logs are available at: /opt/McAfee/move/log/ directory.

• mvsvc.log: This is the main service log for MOVE AV Agentless.
• mvmaprxy.log: This is the log for MOVE AV Agentless proxy service that interacts with McAfee Agent for policy enforcement, event generation and property collection. mvhypervisor.log and mvhyperout.log: These are the logs for MOVE AV Agentless JAVA service.

The EPSec logs will be available at /var/log/syslog in MOVE SVA. By default this will be disabled.

Before enabling epsec logging, disable apparmor for move service.

• sudo aa-disable mvsvc
• sudo move service restart

Please follow this KB to enable epsec logging – https://kb.vmware.com/s/article/2133428.
MOVE 4.7 product guide
Steps to upgrade from previous partner solution versions: https://kc.mcafee.com/corporate/index?page=content&id=PD27027.

Support Process

SLA

• Gold Customer Severity 1 - 4
• Gold Customer Severity 2 - 15
• Gold Customer Severity 3 - 50
• Platinum Customer Severity 1 - 2
• Platinum Customer Severity 2 - 10
• Platinum Customer Severity 3 - 21

For example: If the Severity is “1” for Gold customer, then engineering should provide a solution within 4 days and same for others.

Escalation Process

1. Customer raises an SR.
2. Support Tier1 does initial triaging.
3. If it does get solved by tier-1, 2 and 3, the bug comes to engineering.

Please visit VMware Compatibility Page for details