所有企業類可管理軟件,安裝後與服務器通信都會有一個唯一的ID標識,若克隆系統不注意這些值,會導致釋放出來的系統在後臺被看做是同一臺機器處理。
Malwarebytes documentation here.
Symantec located here.
Cybereason attached.
About cloning virtual machines/sensors
You may choose to distribute Sensors across your organization by creating a template, or golden image, of a virtual machine with the Sensor already installed. You would then clone the golden image for all endpoints in your implementation.
Warning: If you choose this method, be aware that you must remove the Sensor’s unique ID before you create the golden image.
If you create the image without removing the Unique ID, the ID will be duplicated with each clone you create and will no longer be unique which could potentially lead to data conflicts and inconsistent query results.
To prepare a golden image for deploying Sensors on Windows systems:
1. Install the Cybereason Sensor.
2. Kill the MinionHost and PylumLoader processes using the following command: taskkill /im minionhost.exe /F & taskkill /im PylumLoader.exe /F
3. Clear the Sensor ID from the Windows registry using either of the following methods:
Open the Registry editor and modify the HKLM\SOFTWARE\Cybereason\ActiveProbe\Identifier value so that it is blank
OR
o Run the following command:
reg add HKLM\Software\Cybereason\ActiveProbe /v Identifier /d "" /f
4. Create the golden image of the virtual machine and clone as desired.