Back in May during Citrix Synergy in San Francisco, Citrix and McAfee announced a partnership to take antivirus to a deeper level when used with VDI – or more specifically XenDesktop. This was a two-phase partnership where McAfee would first deliver a VDI-optimized antivirus solution. Phase two would introduce a single out-of-band security agent that control the whole virtual infrastructure through hypervisor’s APIs (something the industry usually calls introspection).
MOVE is based on a lightweight agent, that pseudo-randomizes some of its activities on the virtual desktops’ virtual hard drive, and that doesn’t carry on the scanning and removal engine. The core activities are in fact executed out of band, in a remote, dedicated virtual appliance. What the optimized agents, which are centrally managed by McAfee ePolicy Orchestrator (ePO), really do is copying the suspicious files from the potentially infected virtual desktop to the security virtual appliance, over a secure channel.