Thanks to http://www.joulupukki.nl/wordpress/?p=523 for alerting me to this issue.
VMware made a pre release of the new vShield Endpoint Driver (18.104.22.168 build-813867) available last week to customers who are experiencing issues with their current vShield Driver. This will be released in Q4 but if you are using an anti malware product in your virtual environment that relies on vShield Endpoint Driver I would contact VMware to get the patch.
This hotfix needs to be applied on top of vShield Endpoint Driver build 652273 which is available with the VMware tools included with ESXi 5 Express Patch 3 (build 702118).
In the words of VMware this fixes two main issues: performance issues with network files and sharing violation issues.
1. Sharing violations – It was discovered that, while you had the thin agent installed and real-time AV scanning running, if you opened a file on a network share a few times in quick succession, the 3rd or 4th attempt could result in the file being locked. This was due to the lack of caching for network files, which is the recommend AV practice, but caused this locking
2. Performance issues – This was to due to the general overhead when our thin agent called some MS filter methods.
I also found that this version fixes a BSOD issue with vsepflt.sys. More about that in my next post.