Trend Micro OfficeScan VDI Image Install

Today we are working on the gold image for our Microsoft RDS VDI environment. This build runs Windows 7 x86 along with core apps and is protected by Trend Micro OfficeScan.

As I’m sure many people will know anti-malware software does not always take kindly to being imaged. Usually there is either a tool, script or manual task to be run which removes whatever GUID is in place for the client. Trend is no different in this respect and the OfficeScan package comes with a VDI tool which allows you to pre-scan your image and then remove the GUID ready for image deployment.

The tool is called TCacheGen.exe – there are different versions for x86 and x64 as well as command line EXEs. The default path on the OfficeScan server is c:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Admin\Utility\TCacheGen

TCacheGen.exe

The process is simple, drop the relevant EXE onto your gold image and run as administrator to be sure you don’t encounter any permissions issues.

Launching the GUI version will bring up a new window with 2 options.

VDI Pre-Scan Template Generation Tool

The first option will perform both a pre-scan and remove the GUID while the second option only removes the GUID.

If we check the command line tool the options are the same with a simple command syntax –

C:\>TCacheGenCli_x64.exe
USAGE:
          TCacheGenCli [ GENERATE_TEMPLATE | REMOVE_GUID ]

where
          GENERATE_TEMPLATE       Generate pre-scan template.
          REMOVE_GUID             Remove GUID from template.

C:\>TCacheGenCli_x64.exe GENERATE_TEMPLATE

 

If you read the notes regarding pre-scan you will see that it can really benefit your setup by validating the image now and then only scanning the parts that have changed on subsequent image deployments. Obviously if you are running a lot of clients this can make a big difference in terms of resource overhead. You don’t want to have hundreds of VDI images (all basically identical) running AV scans across the same data it’s just a waste of resource.

I have seen some people suggest not installing any anti-malware protection on a VDI image as they spin up and then (in most cases, ignoring persistent images here) get deleted so why go to the effort of protecting something with such a short lifespan? Well the obvious answer is these machines are a hole in your security – users will browse the Internet and access network resources so we must ensure the images are secured.

Typically I would suggest using Trend Deep Security (agentless protection) for a VDI deployment however as we are stuck using Microsoft Server 2012 R2 RDS/VDI this isn’t currently an option.

2 thoughts on “Trend Micro OfficeScan VDI Image Install”

  1. As far as I know Deep Security agentless doesn’t have essential components like (anti-crypto) you want to have on your desktop. We changed back to Officescan on RDS 2008r2 and 2012r2 for these features.

    Reply
    • I believe there is some protection in Deep Security (Ransomware Detection and Prevention in Deep Security) though with the latest XG version of OfficeScan I’d tend to agree that it offers a more ‘complete’ solution for desktops/VDI systems. It will be interesting to see whether Deep Security receives similar enhancements, OfficeScan has certainly come on quite a bit in the past year.

      All that being said I’m not too bothered about somebody encrypting anything on the VDI VM itself, my file shares which actually hold user data are the resources I focus more of my ‘protection’ efforts on. Certainly interested to hear what else you do in your environment to secure the platform if you care to share.

      Reply

Leave a Reply to A Trend Micro userCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.