Deploy Aurora Protect Desktop on virtual machines

Review the Requirements and considerations for using Aurora Protect Desktop on virtual machines.
  1. Create a device policy that you will use to prepare the VDI gold image. Configure the following options in the policy:

    Device policy category

    Options

    File Actions

    Turn on Auto Quarantine with Execution Control for unsafe and abnormal file types

    Protection Settings
    • Turn on Background Threat Detection (Run Once)
    • Turn on Watch for New Files
  2. Prepare the VDI gold image.
    1. Install the Aurora Protect Desktop agent on the gold image. For example, use the following installation command and parameters:
      CODE 
      msiexec /i CylancePROTECTSetup_x64.msi /qn PIDKEY=<INSTALLATION TOKEN> VDI=1 LAUNCHAPP=1
    2. Apply the device policy that you created in step 1 to the gold image.
      Allow the background threat detection scan to complete. This can take several hours, depending on the size of the disk and the activity on the image as it is being scanned.
    3. Review the results of the background threat detection scan and, if necessary, add binaries detected on the gold image to the Aurora Protect Desktop quarantine or safe lists.
  3. Exclude the gold image device from device lifecycle management.
    1. In the management console, go to Assets > Devices.
    2. Find the gold image device and select the checkbox beside it.
    3. Click Lifecycle management > Exclude from Lifestyle management.
    4. Click Yes to confirm.
  4. On the gold image, clear the Fingerprint Values from the registry.
    1. Stop the CylanceSvc service. For more information, see KB 42221070647835.
    2. Using the Local Administrator account, take ownership of the registry key and add full control permissions to the following registry: HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop
    3. Back up or export the registry shown above.
    4. Remove the following registry keys: FP, FPMask, and FPVersion.
  5. Create the gold image.
  6. Create a device policy that is intended for production VDI workstations. Arctic Wolf recommends the following options in the policy, in addition to the options that you want to enable for your production workstations:

    Device policy category

    Options

    File Actions
    • Turn on Auto Quarantine with Execution Control for unsafe and abnormal file types
    • Turn on Auto Upload

    Protection Settings
    • Turn on Watch for New Files
    • Turn off Background Threat Detection
  7. Deploy and clone the gold image to production workstations. Each cloned image must have a unique UUID or ID that is different than the gold image.
  8. Apply the device policy from step 5 to the production workstations.
For the cloned devices, configure zone-based agent updates to Do Not Update or to a specific version of the agent. Updates should be managed on the gold image. See Update Aurora Protect Desktop on cloned devices.