Hyper-V scan

The current version of the Hyper-V scan supports scanning of the online or offline virtual system in Hyper-V. Supported types of scanning according to hosted Windows Hyper-V system and the state of the virtual system are shown here:

Hardware requirements

The server should have no performance issues running Virtual Machines. Scanning activity primarily uses CPU resources. To scan online VMs, free disk space is required. Disk space must be at least double the space used by checkpoints/snapshots and virtual disks.

Specific limitations

•Scanning on RAID storage, Spanned Volumes and Dynamic Disks are not supported due to the nature of Dynamic Disks. Therefore, we recommend you avoid using the Dynamic Disk type in your VMs.

•Scanning is always performed on the current VM and does not affect checkpoints or snapshots.

•Hyper-V running on a host in a cluster is currently not supported by ESET Server Security.

Virtual Machine to be scanned is "offline" – switched Off state

ESET Server Security uses Hyper-V Management to detect and to connect to virtual disks. This way, ESET Server Security has the same access to the virtual disk content when accessing data and files on any generic drive.

Virtual Machine to be scanned is "online" – Running, Paused, Saved state

ESET Server Security uses Hyper-V Management to detect virtual disks. An actual connection to these disks is not possible. Therefore, ESET Server Security creates a checkpoint/snapshot of the Virtual Machine, then connects to the checkpoint/snapshot. After the scan is completed, the checkpoint/snapshot is deleted. This means that read-only scan can be performed because the running Virtual Machine(s) are unaffected by scan activity.

Enable up to one minute for ESET Server Security to create a snapshot or checkpoint during scanning. It would help if you considered this when running a Hyper-V scan on a larger number of Virtual Machines.

Naming convention

The module of Hyper-V Scan uses the following naming convention:

VirtualMachineName\DiskX\VolumeY

Where X is the number of disks and Y is the number of volumes. For example:

Computer\Disk0\Volume1

The number suffix is added based on the detection order and is identical to the order seen in the Disk Manager of the VM. This naming convention is used in the tree-structured drop-down menu of targets to be scanned in the progress bar and log files.

Executing a scan

•On-demand click Hyper-V Scan to view a list of Virtual Machines and volumes available for scanning. Select the Virtual Machine(s), disk(s) or volume(s) you want to scan and click Scan.

•To create a scheduler task.

•Via ESET PROTECT as a Client Task called Server Scan.

•Hyper-V scan can be managed and started via eShell.

You can execute several Hyper-V scans simultaneously. You will receive a notification with a link to log files when a scan is complete.

Possible issues

•When executing the scan of an online Virtual Machine, a checkpoint/snapshot of the specific Virtual Machine has to be created. While creating a checkpoint/snapshot, some generic actions of the Virtual Machine might be limited or disabled.

•If an offline Virtual Machine is being scanned, it cannot be turned on until the scan is finished.

•Hyper-V Manager enables you to name two different Virtual Machines identically, which presents an issue when trying to differentiate the machines while reviewing the scan logs.

Hyper-V & Machine learning protection

Reporting is performed by detection engine and the machine learning component.

ThreatSense parameters

To modify scan parameters for Hyper-V scan.