Skip Navigation

Requirements and considerations for using
CylancePROTECT Desktop
on virtual machines

Requirements or considerations
Supported enterprise virtualization technologies
  • Microsoft
  • Citrix XenDesktop
  • VMware
  • VMware
  • VMware
Non-persistent virtual machines
A non-persistent VM is deleted when the session ends and is replaced with the same gold image. When a new VM is created, the
CylancePROTECT Desktop
agent registers the VM with the management console, resulting in duplicate devices registered for what should be the same endpoint (older registrations are treated as offline duplicate device records that never come back online).
Use one of the following installation parameters when you install the
CylancePROTECT Desktop
agent on the gold image to prevent the duplicate registration of the same VM device:
  • VDI=
    : The value of
    is a counter that determines when the agent starts identifying the virtual machine using VDI fingerprinting instead of the default agent fingerprinting mechanism. Duplicate devices are not registered when the agent uses VDI fingerprinting.
    • For example, you install the agent on a gold image using the parameter
      . You use the gold image to create a parent image. You then use the parent image to create a workstation image. The agent will start to use VDI fingerprinting for the workstation image because the counter of 2 has been met by the gold image and the parent image.
  • AD=1
    : This parameter works the same as
    , except there is no counter to define when the agent starts to use VDI fingerprinting. The agent will use VDI fingerprinting on the gold image and for any images that you create from the gold image. This parameter is not supported for the .exe format of the unified
    CylancePROTECT Desktop
Memory protection and script control features
Consider the following before you enable memory protection and script control features in a VDI environment:
  • Both features use process injection to identify and block unwanted or unauthorized code. Plug-ins, tools, or DLLs in virtualized environments may cause adverse effects, so you should test memory protection and script control options before you deploy them to production workstations.
  • It is a best practice to test memory protection options in alert only mode and make more stringent device policy changes from there. If the system becomes unstable, you can turn off memory protection.
  • If system conflicts or instabilities occur, as a failsafe option, you can enable compatibility mode for memory protection.
Option to disable the agent UI
You have the option to disable the
CylancePROTECT Desktop
agent UI to conserve overall system resources. For more information, see Windows installation parameters.
Known issues
To review the issues reported when running the
CylancePROTECT Desktop
agent in a virtual environment, see VDI Trending Issues.