It's not supposed to find anything but to check a box in corporate "enterprise" security compilance audits. With other words: Pointless theater to keep management happy. This is actually quite an important function (I'm serious!): Of course this won't do anything in regard to security. In fact the outage caused by Clownstrike shows that an XDR software might actually cause quite similiar issues like a ransomware. But the Clownstrike software wasn't installed to prevent ransomware in the first place but because government regulations and insurances against the consequences of cyber attacks demand to have something like clownstrike/PaloAltoNetworks Cortex/sentinelone installed. Now you may call this bullshit (and it is from a technical point of view!) but it serves as protection nonetheless: It protects managment (and in the end you the sysadmin) against legal issues caused by ransomware attacks. Now personally it pains me that we have to install this performance-eating "security software agents" in our Linux vms. But I can absolutely understand why a C-level person sleeps better if it's installed due to legal/compilance/regulation reasons.
I don't ask for it. The Op asks whether a support subscription will cover potential issues caused by an Antivirus or XDR software. The reason is quite uderstandable: If in theory it's possible to install such a performance-eleminator on the Proxmox host his security/compilance managment will demand it from him. On the other hand if Proxmox Server Solutions GmbH support or documentation would say: "We don't support running XDR/Antivirus/security software on the hypervisor or backupserver" he could make an case, that this requirement will be lifted. This is absolutely understandable since said software can and will wreak havock on the Performance of the Hypervisor nodes
See https://forum.proxmox.com/threads/running-edr-on-pve-host.163101/:
Now call me a snarky old man but imho the ability to run a security agent on PVE is actually a disadvantage compared to ESXi. It's also one of the few things I like on IBMs power i5 plattform: Although managing Linux-VMs (called partitions in IBM speech) is usually more painful compared to Vmware or ProxmoxVE the ppc64el architecture has one benefit compared to amd64 or aarch64: The usual suspects (Sentinelone, Clownstrike, Sentinelone) only offers agents for amd64 or aarch64 so if you happen to run Linux under IBM ppc64el you have a good and valid reason not to ruin your Linuxservers performance by running this "endpoint protection solutions"
Last edited:
