Running a data security scan identifies data in your virtual environment that violates your policy.

Before you begin

You must be a NSX Administrator to start, pause, or stop a data security scan.


  1. Log in to the vSphere Web Client.
  2. Click Networking and Security and then click Data Security.
  3. Click the Manage tab.
  4. Click Start next to Scanning.

    If a virtual machine is powered off, it will not be scanned until it is powered on.

    If a scan is in progress, the available options are Pause and Stop.


If Data Security is part of a Service Composer policy, virtual machines in the security group mapped to that Service Composer policy are scanned once during a scan. If the policy is edited and published while a scan is running, the scan restarts. This rescan ensures that all virtual machines comply with the edited policy. A rescan is triggered by publishing an edited policy, not by data updates on your virtual machines.

If a virtual machine is moved to an excluded cluster or resource pool while the data security scan is in progress, the files on that virtual machine are not scanned. In case a virtual machine is moved by vMotion to another host, the scan continues on the second host. Files that were scanned while the virtual machine was on the previous host are not rescanned.

When the Data Security engine starts scanning a virtual machine, it records the scan start time. When the scan ends, it records the end of the scan. You can view the scan start and end time for a cluster, host, or virtual machine on the Tasks and Events tab.

NSX Data Security throttles the number of virtual machines concurrently scanned on a host to minimize impact on performance. VMware recommends that you pause the scan during normal business hours to avoid any performance overhead.