Are there known issues/limitations with use of SEP 12.1.6 MP6 on a WIndows 10 x64 system using Hyper-V?
As a test this is a clean OOTB install of SEP -- no custom policy added at this point.
As an example, I have a Hyper-V version 2 guest running Ubuntu 16.10. That VM is configured to use BRIDGED networking but with SEP active I'm seeing traffic from the vms blocked, the only blocking events I can really see in the log at this time are
22/11/2016 12:46:10 Blocked 10 Outgoing ETHERNET [type=0x88CC] 0.0.0.0 01-80-C2-00-00-0E 0 0.0.0.0 6C-88-14-CC-57-A8 0 C:\WINDOWS\system32\drivers\mslldp.sys jones DESKTOP-2V27KS0 Default 1 22/11/2016 12:46:10 22/11/2016 12:46:10 Default rule
This looks like traffic from the hyper-v virtual adapter outbound (I was doing an apt-get update; apt-get install in the guest)
The "local MAC" is my host systems hyper-v ethernet adapter - "Hyper-V Virtual Ethernet Adapter #2" - this is the one connected to my local network. I can't see what the other MAC is . I don't recognize it from "ipconfig /all" or "arp -a" on the host, nor "arp -a" in the guest.
I am though unsure if this log entry is even relevant -- but apart from this I just see a couple of blocked ICMP packets from my router at the time of my guest networking request
I should add that the guest also has a "host only" adapter to communicate to the host only... ie for ssh/admin .. and this works fine.
I'm unclear if I can define a suitable rule that doesn't comprimise the integrity of the host whilst allowing traffic for the guest.
Furthermore, I've also experimented with "docker for windows". This makes use of the new "NAT" support in Hyper-V, but this also had issues with SEP installed
All seems to work fine with Windows firewall only.....
I did previously have windows containers installed too, but having read in the release notes there was some issue here too I removed that feature (I don't need it, unlike base hyper-v)
What a) works b) doesn't work c) is an unknown around Windows 10, Hyper-V ?
Does SEP 14 improve on this at all?