I am not sure I completely understand the concept of this aspect of vSphere. From what I gather, it's an appliance that you install on each one of your ESXi servers. It is then able to do antivirus scanning at a disk level, however if you want to do antivirus and malware at the memory level you need to purchase another component from a different vendor that has an application with the ability to use the API that vSheild Endpoint makes available.
Is this correct? So if I wanted to protect my VMs I would need to purchase vSheild Endpoint for n number of virtual machines which would allow me to install an appliance on y number of ESXi hosts. Then I would need to purchase an additional A/V product and comply with their license schema (per host/per vm/per whatever) to get a full A/V solution.