Deploy CylancePROTECT Desktop on virtual machines Skip Navigation

Deploy
CylancePROTECT Desktop
on virtual machines

  1. Create a device policy that you will use to prepare the VDI gold image. Configure the following options in the policy:
    Device policy category
    Options
    File Actions
    • Turn on
      Auto Quarantine with Execution Control
      for unsafe and abnormal file types
    Protection Settings
    • Turn on
      Background Threat Detection
      (
      Run Once
      )
    • Turn on
      Watch for New Files
  2. Prepare the VDI gold image.
  3. Apply the device policy that you created in step 1 to the gold image.
    Allow the background threat detection scan to complete. This can take several hours, depending on the size of the disk and the activity on the image as it is being scanned.
  4. Create a device policy that is intended for production VDI workstations.
    BlackBerry
    recommends the following options in the policy, in addition to the options that you want to enable for your production workstations:
    Device policy category
    Options
    File Actions
    • Turn on
      Auto Quarantine with Execution Control
      for unsafe and abnormal file types
    • Turn on
      Auto Upload
    Protection Settings
    • Turn on
      Watch for New Files
    • Turn off
      Background Threat Detection
  5. When the gold image is ready for production, apply the device policy from step 6 to the gold image.
  6. Deploy the gold image onto production machines. Deploy each cloned image with a unique UUID or ID that is different than the gold image.
For the cloned devices, configure zone-based agent updates to
Do Not Update
or to a specific version of the agent. Updates should be managed on the gold image. See Update CylancePROTECT Desktop on cloned devices.