Whenever a guest virtual machine is scanned, the policy that is associated with the security group to which the guest virtual machine belongs, takes effect. If a threat is detected and if the Add Security Tag to the Guest VM option is enabled, the management server tags the guest virtual machine with a security service tag. The three different security service tags used are:
If no threat is detected, an event with a Scan has completed successfully message is generated and you can view it in the Events page.
If a threat is detected, an event with a Threat Detected message is generated and you can view it in the Events page. Subsequently, another event with a message Successfully tagged VM, MOID: vm-28, Tag ID: ANTI_VIRUS.VirusFound.threat=high is generated after the management server tags the infected guest virtual machine.
A guest virtual machine that is not tagged by the management server, but is manually tagged from the vSphere Web client, can be untagged manually by selecting and right-clicking the Scan has completed successfully event, and then clicking Remove security tag from Guest VM in the Event Wizard.
Imported Document ID: HOWTO95340
Subscribing will provide email updates when this Article is updated. Login is required.