You must install AppDefense Guest Module on the guest virtual machines (VM) where your application workloads are running. AppDefense Guest Module is bundled with the latest VMware Tools. You can install AppDefense Guest Module using VMware Tools. This installation method using VMware Tools is the preferred method of installation. Alternatively, you can install using the msi file.

With VMware Tools 11.0.0 or later installer, AppDefense driver is now divided into two parts:

  • glxgi.sys driver which ensures Guest Integrity, and.
  • giappdef.sys driver which ensures Process and Network attestation.

When you install AppDefense Guest Module on the guest virtual machine using the VMware Tools installer, you do not have to reboot the virtual machine to enable AppDefense for process monitoring and remediation. You can schedule the reboot for guest integrity service as per your convenience. Also only drivers that are required for AppDefense are installed or upgraded.


  • Verify the Windows operating system and VMware Tools version installed on the VM where you want to install the AppDefense Guest Module. For details, see System Requirements For AppDefense.
    Note: Windows Server 2008 R2 Service Pack 1 (SP1) is supported by VMware Tools. For details, refer to
  • You have installed the AppDefense Host Module.
  • You have installed VMware Tools and is running on the VMs where you want to install the AppDefense Guest Module.
  • You have enabled Guest Integrity.


  1. Log in to the guest virtual machine as an administrator.
  2. Go to Control Panel > Programs > Program & Features.
  3. Select VMware Tools, and click Change.
  4. Click Modify, and click Next.
  5. In the Custom Setup window, select AppDefense, and then click Entire feature will be installed on local hard drive.
    Follow the prompts and finish the installation.
  6. Installer prompts to reboot the virtual machine. If you do not want to reboot VM currently, you can schedule VM reboot later as per your convenience.
  7. After installation, Process and Network attestation driver and the In-Memory Process Forensics (IMPF) service start running. You can verify using the following commands. VM reboot is not required.
    sc query giappdef
    sc query gisvc

    The status displays as running.

  8. After rebooting the virtual machine, the Guest Integrity driver starts running. You can verify integrity driver using the following command.
    sc query glxgi

    The status displays as running.


The AppDefense Guest Module is installed on the guest VM where your application workloads are running.

What to do next

Now protect your guest virtual machines with AppDefense.