To protect VMs using a Guest Introspection security solution, you must install Guest Introspection thin agent, also called Guest Introspection drivers, on the VM. Guest Introspection drivers are included with VMware Tools for Windows, but are not part of the default installation. To install Guest Introspection on a Windows VM, you must perform a custom install and select the drivers or run complete install.
Windows virtual machines with the Guest Introspection drivers installed are automatically protected whenever they are started up on an ESXi host that has the security solution installed and VM protection policies configured. Protected virtual machines retain the security protection through shutdowns and restarts, and even after a vMotion move to another ESXi host with the security solution installed.
Prerequisites
Ensure that the guest virtual machine has a supported version of Windows installed.
- To know the which versions of Windows operating systems are supported on a particular ESXi host version, see the VMware Compatibility Guide. In the Windows Compatibility Guide, narrow your search to Guest OS: In the What are you looking for field, select Guest OS and in the Product Name field, select ESXi and click Update and View Results.
-
To know the guest operating systems supported by VMware Tools, go to VMware Tools Documentation and see the Release Notes of VMware Tools version you want to install. For example, see the VMware Tools 12.1.5 Release Notes to know the supported Windows operating systems.
Procedure
What to do next
Verify whether the thin agent is running using the sc query vnetwfp command with the administrative privileges. The Filter Name column in the output lists the thin agent with an entry vnetwfp.