A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs) from malicious code, the plurality of guest VMs executing via a virtualization layer on a common host platform, the instructions comprising:instructions forming a scan engine of an anti-virus system, the scan engine being configured to scan data for malicious code and determining a result of the scanning, the result indicating whether malicious code is present in the data;instructions forming a driver portion of the anti-virus system, the driver portion being configured for installation in an operating system of a target VM, the target VM being one of the guest VMs, the driver portion intercepting an access request to a file, wherein the access request originates within the target VM, the driver portion further communicating information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine, the data to be scanned being or corresponding to contents of the file, the driver portion furthermore receiving the result of the scan communicated by the scan engine; andinstructions forming a communication portion of the anti-virus system, the communications portion being configured to facilitate communication between the scan engine and the driver portion; andwherein the scan engine is configured to execute within the virtualization layer outside a context of the target VM and the communication portion facilitates the communicating of the information and the result between the driver portion within the context of the target VM and the scan engine outside the context of the target VM.
