Methods used to prevent antivirus storms and improve antivirus efficiency

21

You are advised to deploy antivirus software that is optimized for virtualization platforms, such as Symantec SEP 12.1 and later.
(1) Preventing antivirus storms.
A control center provides unified scheduling for antivirus tasks. Set automatic virus removal and database update to be performed during low traffic hours.
(2) Sharing scan results and improving system efficiency.
The HASH value in a VM's scan result file is sent to the control center, which sends this value to other VMs. The antivirus software on other VMs stores a HASH value list locally.

Other related questions:
How can I install Trend antivirus software?
To install Trend antivirus software: Trend antivirus software is used only as a part of the solution but does not belong to Huawei. To install Trend antivirus software, refer to the Antivirus Software Deployment Guide. During installation, the most important step is to apply for the license. You are advised to apply for the license before installing Trend antivirus software. If the license is not obtained, do not perform any installation operations. To apply for the license, provide Huawei contract ID for Huawei product manager. Then, Huawei product manager logs in to http://support.huawei.com/enterprise, chooses Support > Get License > Order Management > Permission Application, and clicks the link to submit an application. (Trend license: The OfficeScan product activation code is a string of 31 letters and digits, which is applied for by Huawei engineers.)

Antivirus detection on the USG6000
The antivirus function detects and processes virus files by using a professional intelligent detection engine based on a virus signature database that is updated constantly. Virus detection and processing are described as follows: 1. Virus detection Virus detection is performed by the intelligent detection engine. After traffic flows into the intelligent detection engine, the engine: (1) Performs in-depth analysis on the traffic and identifies the protocol type of the traffic and the file transmission direction. (2) Determines whether virus detection is supported for the file transmission protocol and the file transmission direction. The USG6000 supports virus detection for files transmitted through the following protocols: FTP, HTTP, POP3, SMTP, IMAP, NFS, and SMB. The USG6000 supports virus detection for files transmitted in different directions. a. Upload: The client sends files to the server. b. Download: The server sends files to the client. (3) Virus detection The intelligent detection engine extracts the signature of a file meeting virus detection conditions, and matches the extracted signature with the signatures in the virus signature database. If the signature is matched, this file is a virus file and is processed based on the configuration file. If the signature is not matched, the file is transmitted. The virus signature database contains common virus signatures collected by Huawei. The virus signature database defines common virus signatures and assigns a unique virus ID to each virus signature. After the virus signature database is loaded to the device, viruses defined in the signature database can be identified. The virus signature database must be updated from the security center (sec.huawei.com) constantly to ensure that latest viruses are identified in a timely manner. 2. Antivirus processing When a virus file is detected: (1) The intelligent detection engine determines whether the virus file is a virus exception. If so, the file is transmitted. (2) If the virus file is not a virus exception, the intelligent detection engine determines whether the virus file is an application exception. If so, the specified action (transmitting the file, raising an alarm, or blocking the file) is taken. (3) If the virus file is not a virus exception or an application exception, the action specified in the configuration file is taken.

Whether the USG6000 supports the antivirus function
The antivirus function can be used only after a license is purchased and activated. The whole USG6000 series devices support the antivirus function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top