Desktop Virtualization and Malware Scans: On-Access versus On-Demand

When securing a Virtual Desktop Infrastructure (VDI), it seems natural to centralize anti-virus/anti-malware activity on the centralized desktop. The traditional "on-demand" or remote scanning associated with this central approach, however, can put undue stress on your infrastructure in the form of "AV storms". These storms occur when a scheduled scan executes across multiple desktop images simultaneously. And since a single image can be responsible for multiple users, the strain on the infrastructure can be extreme.
 
An alternative approach is to rely on the "on-access" capabilities of your anti-malware solution. On-access protection scans files as they are accessed, denying execution of potentially infected files and applications. The scanning happens at the endpoint level, and is spread across systems, regardless of which VDI image serves the user.
 
A recent Tolly Report, sponsored by Sophos, details the power of on-access scanning. The report shows that Sophos provides equal or greater protection than centralized, on-demand scanning. And, the worry of "AV storms" is eliminated.
 
If you'd like to see the Tolly Report, or would like additional information, let us know.