The vsepflt.sys is the only driver required for normal Antivirus protection. The vnetflt.sys or vnetWFP.sys (for windows 10 and above) driver is called the NSX Network introspection driver. This driver captures networking events such as AD login/logout and all other normal networking traffic. This driver can be safely removed and does not effect AV if the AV is not configured to use network introspection.

Starting from VMware Tools 10.2.5, vnetWFP driver will be installed on Windows 7 and above versions instead of vnetflt.

To remove the vnetflt.sys:

1. Log in to vSphere Web Client.
2. Mount VMware tools installer. (right click on VM > Guest > Install VMware tools > Interactive Install).
3. Open auto play for Tools installing in the OS of the VM.
4. Go to Setup64 and run as administrator.
5. Modify Install > VMCI Driver Section > de-select NSX Network Introspection Driver > Finish.
6. Reboot the VM.
   Note: This driver can only be removed If the VM is on at least 10.x version of VMware tools otherwise disable the driver in the registry.