To protect VMs using a Guest Introspection security solution, you must install Guest Introspection thin agent, also called Guest Introspection drivers, on the VM. Guest Introspection drivers are included with VMware Tools for Windows, but are not part of the default installation. To install Guest Introspection on a Windows VM, you must perform a custom install and select the drivers.
-
If you are using vSphere 6.0, see these instructions for installing VMware Tools: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-391BE4BF-89A9-4DC3-85E7-3D45F5124BC7.html.
-
If you are using vSphere 6.5 or later, see these instructions for installing VMware Tools:https://www.vmware.com/support/pubs/vmware-tools-pubs.html.
Windows virtual machines with the Guest Introspection drivers installed are automatically protected whenever they are started up on an ESXi host that has the security solution installed. Protected virtual machines retain the security protection through shut downs and restarts, and even after a vMotion move to another ESXi host with the security solution installed.
For Linux instructions, see Install the Guest Introspection Thin Agent on Linux Virtual Machines.
Prerequisites
- Windows XP SP3 and above (32 bit)
- Windows Vista (32 bit)
- Windows 7 (32/64 bit)
- Windows 8 (32/64 bit)
- Windows 8.1 (32/64) -- from vSphere 6.0 and later
- Windows 10
- Windows 2003 SP2 and above (32/64 bit)
- Windows 2003 R2 (32/64 bit)
- Windows 2008 (32/64 bit)
- Windows 2008 R2 (64 bit)
- Win2012 (64)
- Win2012 R2 (64) -- from vSphere 6.0 and later
Procedure
What to do next
Check if the thin agent is running using the fltmc command with the administrative privileges. The Filter Name column in the output lists the thin agent with an entry vsepflt.