Requirements and considerations for using

CylancePROTECT Desktop

on virtual machines

A non-persistent VM is deleted when the session ends and is replaced with the same gold image. When a new VM is created, the

CylancePROTECT Desktop

agent registers the VM with the management console, resulting in duplicate devices registered for what should be the same endpoint (older registrations are treated as offline duplicate device records that never come back online).

Use one of the following installation parameters when you install the

CylancePROTECT Desktop

agent on the gold image to prevent the duplicate registration of the same VM device:

VDI=
<X>
: The value of
<X>
is a counter that determines when the agent starts identifying the virtual machine using VDI fingerprinting instead of the default agent fingerprinting mechanism. Duplicate devices are not registered when the agent uses VDI fingerprinting.
For example, you install the agent on a gold image using the parameter
VDI=2
. You use the gold image to create a parent image. You then use the parent image to create a workstation image. The agent will start to use VDI fingerprinting for the workstation image because the counter of 2 has been met by the gold image and the parent image.
AD=1
: This parameter works the same as
VDI=
<X>
, except there is no counter to define when the agent starts to use VDI fingerprinting. The agent will use VDI fingerprinting on the gold image and for any images that you create from the gold image. This parameter is not supported for the .exe format of the unified
CylancePROTECT Desktop
and
CylanceOPTICS
installer.

Consider the following before you enable memory protection and script control features in a VDI environment:

Both features use process injection to identify and block unwanted or unauthorized code. Plug-ins, tools, or DLLs in virtualized environments may cause adverse effects, so you should test memory protection and script control options before you deploy them to production workstations.
It is a best practice to test memory protection options in alert only mode and make more stringent device policy changes from there. If the system becomes unstable, you can turn off memory protection.
If system conflicts or instabilities occur, as a failsafe option, you can enable compatibility mode for memory protection.
See Known incompatibilities for Memory Protection and Script Control v2 in Protect 1580 and later.

You have the option to disable the

CylancePROTECT Desktop

agent UI to conserve overall system resources. For more information, see Windows installation parameters.

To review the issues reported when running the

CylancePROTECT Desktop

agent in a virtual environment, see VDI Trending Issues.