What is vShield Endpoint Thin Agent and how to identify and install/remove ?
search cancel

What is vShield Endpoint Thin Agent and how to identify and install/remove ?

book

Article ID: 377389

calendar_today

Updated On:

Products

VMware vSphere ESX 7.x VMware vSphere ESX 8.x VMware vSphere ESX 6.x

Issue/Introduction

The vShield Endpoint Thin Agent (also named as  vsepflt.sys / VFIleFilter.sys )

=>> is a component of VMware vShield Endpoint that protects virtual machines from viruses and malware.

==>> It is installed on each guest virtual machine to be protected. It offloads antivirus and anti-malware processing to a secure virtual appliance that's delivered by a VMware partner. This appliance continuously updates antivirus signatures, so virtual machines are protected even when they're offline.

==>> It helps in avoid resource bottlenecks and optimizes memory use. It also protects virtual machines even after they're shut down, restarted, or moved to another ESX/ESXi host.

 

Environment

VMware ESXi 6.0

VMware ESXi 7.0

VMware ESXi 8.0

Resolution

The vShield Endpoint Thin Agent is installed only as a part of Full Installation of VMware Tools. it does not gets installed in Typical /Custom installations.

To use vShield Endpoint Thin Agent, ensure the guest virtual machine is installed with a supported version of Windows.

 

To check if VMware vShield driver ( named as  vsepflt.sys / VFIleFilter.sys) is installed and running :

  • Login to the virtual machine.
  • Run msinfo32.exe
  • Navigate to “Software Components“, “System Drivers
  • Check if the ‘vsepflt‘ / ‘VFileFilter‘ system driver is in the list and the state is ‘Running

 

Steps to stop this driver :

  • Open command prompt.
  • Run this command to list running filter drivers : FLTMC
  • Run the following command: fltmc unload vsepflt   (Note : Following this the ‘vsepflt‘ / ‘VFileFilter‘ system driver in the above list will be in 'Stopped' state.)

And, to completely remove this driver from the virtual machine Guest OS.

  • Uninstall the VMware Tools from control panel
  • Then reinstall the VMware tool with the Typical / Custom  installation option selected.

Note : Removing/reinstalling VMware Tools will require the VM to be rebooted.

 

 

Additional Information

In some cases, attempting to unload the vsepflt driver may result in a Blue Screen of Death (BSOD) on the guest OS with error below. If this occurs, it is recommended to contact your operating system vendor for further assistance and guidance.

Your PC ran into a problem and needs to restart. We're just collecting
some error info, and then we'll restart for you.

10% complete

For more information about this issue and possible fixes, visit https://www.windows.com/stopcode

If you call a support person, give them this info:
Stop code: PAGE FAULT IN NONPAGED AREA
What failled: FLTMGA.SYS



Powered by Wolken Software