To protect VMs using a Guest Introspection security solution, you must install Guest Introspection thin agent, also called Guest Introspection drivers, on the VM. Guest Introspection drivers are included with VMware Tools for Windows, but are not part of the default installation. To install Guest Introspection on a Windows VM, you must perform a custom install and select the drivers or run complete install.
Windows virtual machines with the Guest Introspection drivers installed are automatically protected whenever they are started up on an ESXi host that has the security solution installed and VM protection policies configured. Protected virtual machines retain the security protection through shutdowns and restarts, and even after a vMotion move to another ESXi host with the security solution installed.
-
If you are using vSphere 6.0, see these instructions for installing VMware Tools, see Manually Install or Upgrade VMware Tools in a Windows Virtual Machine.
-
If you are using vSphere 6.5, see these instructions for installing VMware Tools: Install VMware Tools in vSphere 6.5.
Prerequisites
Ensure that the guest virtual machine has a supported version of Windows installed. The following Windows operating systems are supported for NSX Guest Introspection:
- Windows XP SP3 and above (32 bit)
- Windows Vista (32 bit)
- Windows 7 (32/64 bit)
- Windows 8 (32/64 bit)
- Windows 8.1 (32/64) (vSphere 6.0 and later)
- Windows 10
- Windows 2003 SP2 and above (32/64 bit)
- Windows 2003 R2 (32/64 bit)
- Windows 2008 (32/64 bit)
- Windows 2008 R2 (64 bit)
- Win2012 (64)
- Win2012 R2 (64) (vSphere 6.0 and later)
- Windows Server 2016
- Windows Server 2019
Procedure
What to do next
Verify whether the thin agent is running using the sc query vnetwfp command with the administrative privileges. The Filter Name column in the output lists the thin agent with an entry vnetwfp.