After upgrading the VMware tool set for the Guest Virtual Machines (GVMs) there is a performance impact experienced on the virtual machines, communication impairment between the virtual machines to the Symantec Endpoint Protection (SEP) Security Virtual Appliance (SVA), or the SVA may become unresponsive. Other symptoms may include:
The SVA communicates with the virtual machines using an intermediary mechanism Virtual Machine Communication Interface (VMCI) that provides a fast and efficient communication. vShield uses a thin agent (EPSEC) for virtual machines to offload security events which is included in VMware Tools Thin Agent VMCI driver. The Symantec SVA relies on the this communication layer and mechanism.
The bulk of "/var/log/messages" EPSEC entries are comprised of the following event types.
The Symantec SVA is not using the most current version of the VMware EPSec library. The VMware Endpoint Driver is backwards compatible and supports earlier versions of the EPSec Library. The errors observed are a symptom of a failure in the version negotiation required for backwards compatibility.
Symantec Endpoint Protection Security Virtual Appliance 12.1 RU2 and newer
VMware ESXi server software