Knowledgebase:
The use of Virtualization software or Sandbox Technologies in Antivirus / AntiMalware packages may result in unknown (rouge) machines reporting into the Deep Freeze Cloud or Faronics Deploy Console.
Posted by Adam Zilliax, Last modified by Adam Zilliax on 12 February 2020 01:57 PM

As Antivirus and AntiMalware production evolves security vendors are implementing features that allow the software to be run in isolation before running on a live system to ensure that they can properly analyze the actions taken by each product on a system.

This feature may be described as “Sandboxing”, or may make reference to using Virtualization technology to evaluate and review suspicious software.

In some cases, the security product will use the sandbox in a way that makes it impossible to differentiate between the sandbox and a real computer. This is being done to prevent the application from changing its behavior due to it being evaluated in a Sandbox.

In the event that the Sandbox has access to the internet, there is a possibility that a duplicate entry can be created in the Deep Freeze Cloud or Faronics Deploy console while the sandbox is executing the agent software.

These machines may appear in several ways;

  • Machines with random names that do not match the customers existing naming scheme.
  • Machines that appear to be duplicates of existing systems that only report once.
  • Machines that appear to be partially installed or in an invalid state.
  • Machines that will never appear to respond to tasks, commands, or other actions taken on them.



The existence of these machines will not impact the performance of the cloud-based platform or other systems being managed. They will however potentially consume a license from the customer’s pool of available licenses until removed from the console.

At this time there is no way to reliability identify these machines and filter them out automatically due to security vendors taking steps to avoid the software from realizing that is is in a sandbox. If customers are using security software with features that use sandboxing they may need to manually remove rouge machines from time to time to ensure licenses are not consumed by these sandboxed installs.




(0 vote(s))
Helpful
Not helpful

Comments (0)