Controlling Virtual Machine use w/ HostChecker in ...

javi_cesp_ · ‎10-19-2014

Hi Everybody.

I want to know if is possible to control with host checker in MAC the uses of Virtual Machines.

I want to control the traffic when a user is connected by VPN.

Resuming:

- Disable split tunneling ( to avoid other channel connection to Internet)
- Enable route monitor (control the manipulation of endpoint routes)
- Enable Host Checker (to check AV, Patch management, local process)

The inconvenient is with the VM's in the Endpoint. If a user has a VM can bypass my controls and navigate out of vpn tunnel into the VM. I was thinking to unable the vpn access if the user has a VM up with host checker (In MAC).

Somebody did it? Somebody control VM running in MAC with host checker?

Best regards!

Javier

SharePoint_ · ‎10-22-2014

Hi Javier,

Under MAC OS you have the following options for Host Checker checking:

- antivirus
- firewall
- antispyware
- ports
- process
- file

So I think process checking would be useful here. Just just need to check which processess are running VM service, but that wouldn't be so hard I guess.

And you can put rule like this:

Host Checker Policy - rule type: process: rule name > Process name (for example /usr/lib/vmware/bin/vmware-vmx) - ACTION: DENY!

You than enable this host checker rule checking on realm or on role, depending what is your configuration / role assignment.

Haven't played with this, since I don't have Mac.

Regards

Damjan

Controlling Virtual Machine use w/ HostChecker in MAC

Controlling Virtual Machine use w/ HostChecker in MAC

Re: Controlling Virtual Machine use w/ HostChecker in MAC