Hi while documentation explains all the steps needed (https://help.f-secure.com/product.html#business/fsvs/latest/en/task_A9D53BA712464958B4D6E683AE28731F-fsvs-latest-en) You have to understand the following: 1) The installation is not agent-less 2) The software installed on the VDI will still receive certain updates. So if your "golden image" becomes old, F-Secure will be somewhat "old". So, if you provide a new image on a daily basis the software will be pretty recent. Still it will download new updates for engines that reside in the Host and are not located on the SRS. 3) The scenario is to start all VDIs from a golden image, but depending on your setup you might trash that VDI in the evening or reuse it until a new image is provided. The first will also delete all previous information on that client including temp files, logs, errors, events just all forensic history that is needed in case of an incident or for debugging. IMHO resetting a VDI on shutdown as a means to have a "clean environment every day" is a bad idea from the start, you then better think about why it gets unclean. Restarting a system with the same vulnerabilities every day, having to patch them after startup (or even leave them unpatched) while also the AV-Software gets reset to the same old egines and modules, creates a dangerous threat vector. Reusing the same VDI on the next day (at least until the image was rebuild) will counter that threat, but also requires a diffenrent setup and more diskspace to store the engine state. 4) SRS is remembering (caching) the hashes it has previously analyzed. If a rebooted client ask an already know hash SRS will quickly return the answer. Usually the Client remembers the answer as well, caching it too, which will speed up the start of the client. After a reset this cache will be clean and the client will need to refetch the information from SRS. Depending on the number of SRSs and the amount of VDIs starting at the same time this might add same additional IO-load. One trick to overcome some of the above problems VDIs can be pre-started. Sowhenever a User logs on, he gets a machine that is "clean" in the means of XEN, but also has updated everything in the background already. Still LOGs, History aso. are gone. Hope this helps. For a more specific recommendation I would rather ask you to query for a consultatnt. We'd be happy to advise you. M.
... View more