Several GVMs hosted in NSX environment have antirivirus installed but they are displayed in the UMC as NOT protected. There were many more that were protected that were displayed as being protected as expected.
An examination of "Lux.log" -- one of the many logs the agent services writes to, showed the following sequence of events repeatedly. This was indicating a communication problem with the update server as well as to the DCS server.
excerpt from lux.log
10:54:22.969805 [Server - START]
10:54:22.969831 Host ID: {HOSTIDGUID}
10:54:22.969848 Status Code: 1
10:54:22.969863 Status Message: Server was not selected
10:54:22.969881 Transport Return Code: 0x80010731
10:54:22.969897 Transport Return Message: FAIL - download failed
10:54:22.969925 Protocol: HTTP
10:54:22.969940 Hostname: hostname.mydomain.example.com
10:54:22.969956 Port: 7070
10:54:22.969977 Path: clu-prod
10:54:22.969999 Proxy ID: {00000000-0000-0000-0000-000000000000}
10:54:22.970014 Proxy Bypass: true
10:54:22.970029 [Server - END]
Release : 6.9.1
Based on the solution that was found the communication between the VM and the internal/external antivirus update server was broken or being interfered with.
The solution that finally worked was to manually uninstall VMware Tools and then reinstall them on all of the affected servers. After that was done the servers began communicating again and were eventually displayed as protected.