The vShield Endpoint Thin Agent (also named as  vsepflt.sys / VFIleFilter.sys )

=>> is a component of VMware vShield Endpoint that protects virtual machines from viruses and malware.

==>> It is installed on each guest virtual machine to be protected. It offloads antivirus and anti-malware processing to a secure virtual appliance that's delivered by a VMware partner. This appliance continuously updates antivirus signatures, so virtual machines are protected even when they're offline.

==>> It helps in avoid resource bottlenecks and optimizes memory use. It also protects virtual machines even after they're shut down, restarted, or moved to another ESX/ESXi host.

VMware ESXi 6.0

VMware ESXi 7.0

VMware ESXi 8.0

The vShield Endpoint Thin Agent is installed only as a part of Full Installation of VMware Tools. it does not gets installed in Typical /Custom installations.

To use vShield Endpoint Thin Agent, ensure the guest virtual machine is installed with a supported version of Windows.

Please refer this following article for verify Guest OS compatibility with vShield Endpoint Thin Agent : https://knowledge.broadcom.com/external/article?legacyId=1036847

To check if VMware vShield driver ( named as  vsepflt.sys / VFIleFilter.sys) is installed and running :

• Login to the virtual machine.
• Run msinfo32.exe
• Navigate to “Software Components“, “System Drivers“
• Check if the ‘vsepflt‘ / ‘VFileFilter‘ system driver is in the list and the state is ‘Running’

Steps to stop this driver :

• Open command prompt.
• Run this command to list running filter drivers : FLTMC
• Run the following command: fltmc unload vsepflt   (Note : Following this the ‘vsepflt‘ / ‘VFileFilter‘ system driver in the above list will be in 'Stopped' state.)

And, to completely remove this driver from the virtual machine Guest OS.

• Uninstall the VMware Tools from control panel
• Then reinstall the VMware tool with the Typical / Custom  installation option selected.

Note : Removing/reinstalling VMware Tools will require the VM to be rebooted.