To activate NSX Malware Prevention on vSphere host clusters, deploy the NSX Distributed Malware Prevention service on each host cluster.

When you deploy the service on a host cluster, an instance of the NSX Malware Prevention service virtual machine (SVM) is deployed on each host of the cluster. Currently, the deployed SVM has a fixed size of 4 vCPU, 6 GB RAM, and 80 GB disk space. If you add new hosts to the cluster, an instance of the SVM is deployed automatically on the new hosts.


Complete the prerequisites for deploying an NSX Malware Prevention SVM. See Prerequisites for Deploying the NSX Distributed Malware Prevention Service.


  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Navigate to System > Service Deployments > Deployment.
  3. In the Partner Service drop-down menu, select VMware NSX Distributed Malware Prevention Service, and click Deploy.
  4. Enter the service deployment name.
  5. Select the vCenter Server that is registered as a compute manager in your NSX-T Data Center.
  6. Select the cluster where you want to deploy the service.
  7. To specify the datastore, do one of the following actions:
    • Select a shared datastore as the repository for the service virtual machines.
    • Select Specified on Host.

      The Specified on Host option means that you do not need to select a datastore and network on the Deploy Service page. Before deploying the service, you must configure Agent VM settings on each ESXi host to point to a specific datastore and network.

      To know more about configuring Agent VM settings, see the vSphere product documentation.

  8. Under Networks, click Set and select the Management NIC (eth0) you want to use for the deployment.
    1. Select the network to use for the Management interface (eth0) of the SVM.
      Note: The selected network must have connectivity to the management network, that is, NSX Manager nodes and the components that are running on the NSX Application Platform.

      If you have set the datastore as Specified on Host, you must set the network also as Specified on Host.

    2. Set the Network type to DHCP or Static IP Pool. If you set the network type to a Static IP Pool, select from the list of available IP pools.
    Note: NSX auto-assigns the control interface IP address when the SVM is deployed. For NSX Malware Prevention, the control interface IP is
  9. In the Deployment Template drop-down menu, select the registered deployment template.
  10. (Required) Next to Deployment Template, click Configure Attributes. In the Appliance Public Key text box, enter or paste the public key that you created for the host cluster while completing the prerequisites, and click Save.
    When you specify the appliance public key, you can later log in to the appliance (SVM) on each host by using the corresponding private key, and download the SVM log file for troubleshooting purposes.
  11. On the Deployment page, click Save to start the deployment process.
    The deployment process might take some time. While the deployment is in progress, you can watch the progress of OVF deployment and ESX Agent installation in the Recent Tasks pane of the vSphere Client.
  12. In the NSX Manager UI, refresh the deployment status on the Deployment page. Wait until the status changes to Up.
    You might have to refresh the Deployment page a few times to retrieve the latest status.

    If the Status column shows Down, click the icon next to Down. All deployment errors are displayed. Take the required actions to fix the errors, and click Resolve. The status changes to In Progress. Wait until the status changes to Up.


NSX Malware Prevention SVM is deployed on all the hosts of the cluster.

What to do next

Go to the Service Instances page. Verify that the Deployment Status and Health Status of the service instance on each host in the cluster shows Up.

If you need help for resolving NSX Malware Prevention service deployment issues, see Troubleshooting NSX Malware Prevention Service Virtual Machine Problems.