In a virtual environment, the NSX Guest Introspection Platform enables provision of agentless security solutions for guest VMs.

As an NSX administrator, you implement an antivirus and antimalware solution that is deployed as a Service Virtual Machine (Service VM, or SVM) to monitor a file, network, or process activity on a guest VM. Whenever a file is accessed, such as a file open attempt, the antimalware Service VM is notified of the event. The Service VM then determines how to respond to the event. For example, to inspect the file for signatures.

• If the Service VM determines that the file contains no malware, then it allows the file open operation to succeed.

• If the Service VM detects a in the file, it requests the Thin Agent on the guest VM to act in one of the following ways:

  • Delete the infected file or deny access to the file.

  • Infected VMs can be assigned a tag by NSX. Moreover, you can define a rule that automatically moves such tagged guest VMs to a security group that quarantines the infected VM for additional scan and isolation from the network until the infection is completely removed.