https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-69DF70C2-1769-4858-97E7-B757CAED08F0.html#:~:text=On%20the%20north%2Dsouth%20traffic,Guest%20Introspection%20(GI)%20platform .

The main components on the edge node for north-south malware prevention perform the following functions:

• IDS/IPS engine: Extracts files and relays events and data to the security hub

North-south malware prevention uses the file extraction features of the IDS/IPS engine that runs on NSX Edge for north-south traffic.

• Security hub: Collects file events, obtains verdicts for known files, sends files for local and cloud-based analysis, and sends information to the security analyzer

• RAPID: Provides local analysis of the file

• ASDS Cache: Caches reputation and verdicts of known files