i've read some documents of guest introspection but still don't understand it completely.
my doubts are:
1. the guest introspection is made for anti-virus/malware purpose only?
2. the thin agent driver replaces the traditional AV program in VMs so there's no need to configure antivirus in the VM?
3. is it meaningless to install and use guest introspection without third party's(vmware partners) secure virtual appliances?
4. the thin agent and secure virtual appliance do all the antivirus tasks instead of what typical antivirus programs do?
5. how does it protect offline VMs?
6. is there redundancy between SVMs (since the SVM will be installed on each host in the cluster)?
7. is there any features/functions similar to guest introspection in pure vSphere platform?
sorry for the stupid questions, any reply will be appreciated! 
Accepted Solutions
1. the guest introspection is made for anti-virus/malware purpose only?
Yes , the idea is to offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance which is supported as per VMware interoperability list.
2. the thin agent driver replaces the traditional AV program in VMs so there's no need to configure antivirus in the VM?
Yes, the whole purpose of this architecture is to go with agent less protection . Based on the use case we need to install thin agent driver inside the VM - File Introspection (vsepflt) and Network Introspection (vnetflt) drivers or File introspection driver (Required for Guest introspection)
3. is it meaningless to install and use guest introspection without third party's(vmware partners) secure virtual appliances?
Third party supported per host SVM solution is must . Going via the traditional way of agent based deployment , each agent manage a file of antivirus signatures and perform the scan based on the policy which is certainly not a good fit in a virtualized platform . Inorder to optimize this approach , agent less solution will be a better approach. So better eliminate legacy architecture
4. the thin agent and secure virtual appliance do all the antivirus tasks instead of what typical antivirus programs do?
Yes, thin agent will monitor the read/write operations inside the guest and notifies the AV solution (Per host SVM) based on the scanning policy and remediation steps we need to take further action if situation demands.
5. how does it protect offline VMs?
Chances of SVM going offline are highly unlikely, but normal virtual machines can certainly go offline . For the machine to remain protected , it has to be online . The moment the status stage from offline to online - Virtual machine will be immediately protected.
6. is there redundancy between SVMs (since the SVM will be installed on each host in the cluster)?
Good question . You should read this thread -> Guest Introspection dependencies and how to make it highly available
7. is there any features/functions similar to guest introspection in pure vSphere platform?
None that I'm aware of
1. the guest introspection is made for anti-virus/malware purpose only?
Yes , the idea is to offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance which is supported as per VMware interoperability list.
2. the thin agent driver replaces the traditional AV program in VMs so there's no need to configure antivirus in the VM?
Yes, the whole purpose of this architecture is to go with agent less protection . Based on the use case we need to install thin agent driver inside the VM - File Introspection (vsepflt) and Network Introspection (vnetflt) drivers or File introspection driver (Required for Guest introspection)
3. is it meaningless to install and use guest introspection without third party's(vmware partners) secure virtual appliances?
Third party supported per host SVM solution is must . Going via the traditional way of agent based deployment , each agent manage a file of antivirus signatures and perform the scan based on the policy which is certainly not a good fit in a virtualized platform . Inorder to optimize this approach , agent less solution will be a better approach. So better eliminate legacy architecture
4. the thin agent and secure virtual appliance do all the antivirus tasks instead of what typical antivirus programs do?
Yes, thin agent will monitor the read/write operations inside the guest and notifies the AV solution (Per host SVM) based on the scanning policy and remediation steps we need to take further action if situation demands.
5. how does it protect offline VMs?
Chances of SVM going offline are highly unlikely, but normal virtual machines can certainly go offline . For the machine to remain protected , it has to be online . The moment the status stage from offline to online - Virtual machine will be immediately protected.
6. is there redundancy between SVMs (since the SVM will be installed on each host in the cluster)?
Good question . You should read this thread -> Guest Introspection dependencies and how to make it highly available
7. is there any features/functions similar to guest introspection in pure vSphere platform?
None that I'm aware of
hi guys, thank you for the reply,
these answers do help me a lot on understanding the guest introspeciton!
b.t.w
i have 1 more simple question about the guest intro., which is:
how much resource consumption does the guest introspection minimize in guest OS VM?(comparing with using traditional AV programs in the guest.)
is it possible to calculate precisely?
thank you so much
.png "FabianRecretix"){kind=avatar}
