Which Deep Security Modules require the Guest Introspection service to be enabled?

The Guest Introspection service is crucial for certain Deep Security modules that need deep visibility into guest operating systems for effective protection. In this context, the Anti-Malware and Integrity Monitoring modules rely on Guest Introspection to scan for malware and ensure the integrity of files and configurations on virtual machines.

When the Guest Introspection service is enabled, it allows these modules to examine the virtual machines at a granular level. For instance, Anti-Malware utilizes this service to perform real-time scanning of files and processes running on guest operating systems, which is essential for identifying and mitigating malware threats. Similarly, Integrity Monitoring benefits from this service as it monitors changes to critical files and directories, helping in detecting unauthorized modifications.

In contrast, modules like Web Reputation, Firewall, and Intrusion Prevention can function without the deep level of access provided by the Guest Introspection service, as they operate at network and application layers rather than directly within the guest operating systems. Therefore, the requirement of Guest Introspection being enabled is specifically tied to the operation of the Anti-Malware and Integrity Monitoring modules.