Using Antivirus and Malware Detection software in VMware ESXi
search cancel

Using Antivirus and Malware Detection software in VMware ESXi


Article ID: 345255


Updated On:


VMware vSphere ESXi


This article provides information on usage of Antivirus and Malware Detection software in VMware ESX/ESXi


VMware vSphere ESXi 6.7
VMware vSphere ESXi 7.0.0
VMware vSphere ESXi 6.0
VMware vSphere ESXi 6.5


VMware uses a combination of on-host security (such as firewalls, encryption, and disablement of unnecessary services) and best practices outlined in the VMware Security Hardening Guides to protect ESX/ESXi management interfaces and the underlying hypervisor. Additionally, to further protect these interfaces, network based Intrusion Detection and Prevention (IDS/IPS) systems can be deployed on the ESX/ESXi host's SECURED network.
Antivirus and Malware Detection are needed on General Purpose (GP) computing environments, to mitigate risks incurred when a user or a process loads arbitrary executables from indeterminate sources. These risks are typical to GP computing environments, where users can execute code with minimal policy.

ESX is not a GP computing environment - but incorporates a semi-privileged GP environment, the Linux-based Console Operating System (COS). Antivirus and Malware Detection services are supported in this environment subject to the Third Party Software Support Policy. However, VMware does not recommend the usage of Third Party Software in the COS (as stated in the Support Policy), but recommends that best practices be employed to secure the ESX COS network interface.

ESXi is neither a GP environment, nor does it utilize a COS. ESXi provides for console functionality (for initial configuration, troubleshooting, and Technical Support) via the Direct Connect User Interface (DCUI) and Tech Support Mode. These strongly controlled interfaces provide GP-like console functionality augmented for security and trust. All binaries executed in ESXi are signed, keyed, or validated by strong controls. There is no facility to interpret code at runtime and the compiled modules are subject to both the controls for execution and a default-deny policy (for unsigned code), integral to the kernel.

Based on Regulatory Compliance, VMware believes that the customers should categorize ESX/ESXi hypervisors as they would for other network based appliances and treat them accordingly. By following the Best Practices outlined in the vSphere hardening guides, you can be reasonably assured of the security and integrity of the ESXi host's management interfaces. As VMware transitions from ESX to ESXi (and away from the general purpose OS running the COS), the need to run Antivirus/Anti Malware solutions to protect the hypervisor is even further diminished.

For more information on the transition from ESX to ESXi, see the VMware ESXi and ESX Info Center.

Additional Information

vSphere Security for ESXi 5.0 and vCenter Server 5.0.
VMware ESX/ESXi でアンチウイルスおよびマルウェア検知ソフトウェアを使用する