VMware Tools include the NSX Thin Agent that must be installed on each guest virtual machine to be protected with Windows operating system. Windows virtual machines with VMware Tools installed are automatically protected whenever they are started up on an ESX host that has the security solution installed. That is, protected virtual machines retain the security protection through shut downs and restarts, and even after a vMotion move to another ESX host with the security solution installed.

Before you begin

Ensure that the guest virtual machine has a supported version of Windows installed. The following Windows operating systems are supported for NSX Guest Introspection:

  • Windows XP SP3 and above (32 bit)

  • Windows Vista (32 bit)

  • Windows 7 (32/64 bit)

  • Windows 8 (32/64 bit) -- vSphere 5.5 only

  • Windows 8.1 (32/64) -- from vSphere 5.5 Patch 2 and later

  • Windows 10

  • Windows 2003 SP2 and above (32/64 bit)

  • Windows 2003 R2 (32/64 bit)

  • Windows 2008 (32/64 bit)

  • Windows 2008 R2 (64 bit)

  • Win2012 (64) -- vSphere 5.5 only

  • Win2012 R2 (64) -- from vSphere 5.5 Patch 2 and later


  1. If you are using vSphere 5.5 or 6.0, follow the procedure http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-391BE4BF-89A9-4DC3-85E7-3D45F5124BC7.html.

    If you are using vSphere 6.5, follow the procedure provided in VMware Tools User Guide available at https://www.vmware.com/support/pubs/vmware-tools-pubs.html.

  2. After you select Custom setup, expand the VMCI Driver section, select vShield Drivers, and select This feature will be installed on the local hard drive.
  3. Follow the remaining steps in the procedure.

What to do next

Check if the thin agent is running using the fltmc command with the administrative privileges. The Filter Name column in the output lists the thin agent with an entry vsepflt.