See the table below for the list of available functionalities in Agentless and Agent-based anti-malware protection:

Advantages of Deep Security Virtual Appliance (DSVA)-based protection:

• No footprint on protected virtual machines (VMs)
  Protection will not result to resource contention on the VMs.
• Minimal update-related traffic
  The absence of components on the VMs means that only update-related traffic such as virus pattern update, scan engine update, etc. occurs on the DSVA. The VMs are not affected by component updates.

Disadvantages of DSVA-based protection:

• Lack of in-memory scanning
  If a Trojan manages to enter the VM, subsequent pattern updates may be able to detect the file component of the malware, but will not be able remove its in-memory components.
• No damage cleanup
  Because of the absence of an in-guest component, the DSVA does not have the Damage Cleanup Service functionality which addresses changes to the Windows registry and similar malicious alterations.
• Limited HIDS capability
  The DSVA is only limited to File-based Integrity Monitoring. It does not have the Log Inspection functionality.
• Lack of recommendation scan functionality (For DSVA 8.0 and below only)
  The DSVA cannot retrieve metadata from the VMs that it protects, so the Deep Security Manager is not able to automatically ascertain the security requirements. Thus, the assignment of Deep Packet Inspection (DPI) and Integrity Monitoring (IM) rules is manual.

These disadvantages can be addressed by installing a DSA on the VM. However, a DSA will negate the DSVA advantages on resource contention and bandwidth conservation. Thus, administrators must assess the security needs of their environment to determine the appropriate combination of DSA-based and DSVA-based protection.