Running a data security scan identifies data in your virtual environment that violates your policy.

You must be a NSX Administrator to start, pause, or stop a data security scan.


Log in to the vSphere Web Client.


Click Networking and Security and then click Data Security.


Click the Manage tab.


Click Start next to Scanning.


If a virtual machine is powered off, it will not be scanned till it is powered on.

If a scan is in progress, the available options are Pause and Stop.

If Data Security is part of a Service Composer policy, virtual machines in the security group mapped to that Service Composer policy are scanned once during a scan. If the policy is edited and published while a scan is running, the scan restarts. This rescan ensures that all virtual machines comply with the edited policy. A rescan is triggered by publishing an edited policy, not by data updates on your virtual machines.

If a virtual machine is moved to an excluded cluster or resource pool while the data security scan is in progress, the files on that virtual machine are not scanned. In case a virtual machine is moved via vMotion to another host, the scan continues on the second host (files that were scanned while the virtual machine was on the previous host are not scanned again).

When the Data Security engine starts scanning a virtual machine, it records the scan start time. When the scan ends, it records the end of the scan. You can view the scan start and end time for a cluster, host, or virtual machine by selecting the Tasks and Events tab.

NSX Data Security throttles the number of virtual machines scanned on a host at a time to minimize impact on performance. VMware recommends that you pause the scan during normal business hours to avoid any performance overhead.