You can set the suspect state of a VM to display at-a-glance information only or to work with the Suspect Policy by setting that policy to trigger an action when an attempt to start a Suspect service is made. For example, if an attempt is made to clone a VM marked suspect, the Suspect Policy triggers actions depending on how you have the policy set up.

NotePencil-smallOnly VMs can have the Suspect state; this state is not supported for other service types, such as virtual services, load balancers, databases, auto scaling groups and stacks.
NotePencil-smallThe Suspect policy and Suspect state are deprecated and will be removed in a future release.

When you set the state of a service to suspect, that state appears on the Operational pane for the service and the pictogram indicates that the service needs attention.

Suspect State

Setting the Suspect state for a service

Access through:

Views menu > Operational, VMs and Templates, or Datastore

Available to:

Administrator and All Operator Levels of Access Rights

To set the suspect state for a VM:

1.Navigate to and select the VM either through the tree or the Virtual Machines tab.

2.Right-click and choose Policy Enforcement > Set Suspect State.

3.In the Set Suspect State dialog, select Suspect or Not Suspect as required.

4.Click OK.

The suspect state you selected for the service is displayed on the Operational pane.

How does the Suspect policy affect templates?

The Suspect Policy changes the Suspect state for templates, but policy actions (for example, deletion) are not performed for templates. It's possible to deploy a VM from a template in the Suspect state.

Configuring the Suspect policy

Access through:

Configuration menu > Policies

Available to:

vCommander Role of Superuser and Enterprise Admin

Administrator Access Rights


The Suspect policy and Suspect state are deprecated and will be removed in a future release.

The Suspect policy applies only to VMs.

Any configuration of this policy on a system-wide basis can affect all managed systems that are managed by vCommander now and can affect all managed systems that are added to vCommander in the future. If you do not want any managed system to be automatically affected by this policy, configure the policy by selected infrastructure elements only.

1.On the Policies tab, click Add.

2.In the Policy Configuration dialog, select Suspect from the list of policies, then click Next.

3.On the Policy Name/Description page, enter a name (for example, Suspect Policy for Production), an optional description, then click Next.

4.On the Choose a Target page, expand the Operational tree if required, select the infrastructure elements to which you want the policy to apply, then click Next.

NotePencil-smallYou cannot select a folder as a target.

5.On the Configure the Policy page, do the following:

To configure the policy but keep it turned off until you are ready to enable it, make sure Enable policy is unchecked.

From the Take Action menu, select from the options.

When you click:

After you enable the policy and if the policy is triggered, the result is:

Notification Only

No action is taken. An alert is created, notifying you that the policy has triggered. See also Subscribing to Policy Alerts.


The VM is quarantined if the policy is triggered.

Note: If you include this action in a policy targeting services in a managed system other than vCenter, the action will fail.


The VM is suspended (saved in its current state).

Not supported for VMs in public cloud managed systems. If you include this action in a policy targeting services in a public cloud managed system, the action will fail.


The Guest OS is shut down.

Remove from Inventory

The VM is removed from inventory. Note that the file remains in the datastore.

Note: If you include this action in a policy targeting services in a managed system other than vCenter, the action will fail.

Delete from Disk

The service and its associated files are deleted permanently from disk. No other options can be carried out on this service after it is deleted.

When you delete a VM or template from disk, the files are permanently deleted. They cannot be recovered unless you have a backup copy.

When all VMs are deleted from a virtual service through a policy action (that is, when VMs are deleted by a policy action or by a command workflow attached to an expiry policy), the empty virtual service is not automatically deleted unless it too is targeted by policy.

Run [Workflow]

Existing command workflows appear for selection, organized by target type. If the policy is triggered, the selected workflow is run.

NotePencil-smallYou must choose a workflow with a target type that matches the target of the policy; otherwise, the workflow will fail. For example, if the selected workflow's target type is "VM", the workflow will fail if the policy targets a database. A workflow with a target type of All Types can be run on all service types.

NotePencil-small        Click Add Workflow to set up a new command workflow.

To send an alert to an SNMP trap listener if you have SNMP configured, enable Send Alert via SNMP.

Decide whether to allow children of the targets to have their own instance of the policy and disable this setting if desired.

If you enable this option, other instances of this policy can be applied to any infrastructure elements and services that are children of the parent infrastructure element you have selected (an override).

6.On the Summary page, if you have enabled the policy and as a result, any services will immediately be affected by it, vCommander displays the number of affected services.

7.Click Finish to complete the configuration.

Your policy options are now set in vCommander.