Resolve policy conflicts, health issues with service VMs, and know how endpoint protection policy works. What to read next Resolve Partner Services IssuesWithout partner service virtual machine functional, guest VMs are not protected against malware. How Guest Introspection Runs Endpoint Protection PolicyEndpoint protection policies are enforced in a specific order. When you design policies, consider the sequence number associated to rules and the domains that host the rules. Endpoint Policy Conflict Resolution Consider a scenario where two policy domains exist, each consisting of multiple rules. As an admin you are not always certain of which VMs can end up getting membership of a group because VMs get associated to a group based on dynamic membership criteria, such as OS Name, Computer Name, User, Tagging. Quarantine VMs After rules are applied to VM groups, based on the protection level and tag set by partners, there might be VMs that are identified as infected that need to be quarantined. Verify Health Status of Service Instances Health status of a service instance depends on many factors: status of the partner solution, connectivity between Guest Introspection Agent (Context Multiplexer) and Context Engine (Ops Agent), and availability of Guest Introspection Agent information, SVM protocol information with NSX Manager. Delete Partner Services To delete partner services, make an API call . Before you make the API call to delete partner services or SVMs deployed on a host, you need to do the following from the NSX Manager user interface. Parent topic: Endpoint Protection