check-circle-line exclamation-circle-line close-line

Updated on: 11 Feb 2020

VMware AppDefense Plug-In 2.3.1 for Platinum Edition | Released 11 February 2020 | Build 15597551

What's in the Release Notes

What's New In AppDefense Plug-In

Release Overview


This release addresses important bugs related to:

  • Vulnerability Assessment for Windows OS
  • Re-bootless Upgrades
  • Password Expiry


This release delivers a major update to AppDefense in vCenter. Notably, this release includes OS Integrity features, Behavior Analysis functionality, and an entire suite of vulnerability assessment capabilities. In particular, the vulnerability capabilities are notable because they are available in vCenter only (not SaaS) and they are built specifically for the vAdmin. 

Vulnerability Enumeration

AppDefense announces a full suite of capabilities around vulnerability assessment. AppDefense enumerates vulnerabilities on vSphere components, Operating Systems, as well as the applications running on top. As processes execute, AppDefense determines the vulnerabilities associated with that software. This feature requires outbound internet access.

Vulnerability Prioritization

In addition to enumerating the vulnerabilities in your environment, AppDefense prioritizes every vulnerability using real-time threat information collected from sensors around the world. AppDefense ingests this feed from Kenna Security, the leader in vulnerability prioritization, to determine the overall risk for your environment.

OS Integrity

AppDefense delivers OS Integrity and Module Integrity features to vCenter. On by default, these features prevent against major technique categories in the MITRE ATT&CK Framework, including persistence and defense evasion.

Behavior Analysis

AppDefense announces the ability to analyze network behavior on-premise. With assistance from the App Verification Cloud, AppDefense gathers information about the network activity of known processes and determines if the behavior is trusted. This feature requires outbound internet access but not a full SaaS subscription.

Enriched Dashboard

With this release, the AppDefense Plugin in vCenter is improved to include OS Integrity, Behavior Analysis, and Critical Vulnerabilities. These additional "front page" widgets provide the most important information about risk in your environment in a simple, easily consumable format. Use this page as a jumping-off point to visibility and risk information about specific virtual machines. 

Process Monitoring for Unclassified Machines

The VM Monitor view in vCenter now includes process information for all processes, including those without network activity. This expands the Guest Monitoring capability which previously only included those processes with network connections. 

Globalization Support

The AppDefense Plugin now supports 7 languages (Japanese, French, German, Simplified Chinese, Traditional Chinese, Spanish, Korean)



With this release, newly installed or upgraded guest module components are now supported on virtual machines with Hardware version greater than 13.

This release improves Linux process identification for short-lived network connections.

This release provides important security fixes related to vulnerabilities in Linux Kernel identified by CVE-2019-11477 and CVE-2019-11478. For more information on these issues please see VMSA-2019-0010 (

Guest module version adds support for additional Linux OS versions as documented in the System Requirements for AppDefense.

The guest modules of relevant Linux OS's can be upgraded to this version by following these instructions.


This release provides additional visibility within the AppDefense Appliance and improves the process of setting connectivity status to the AppDefense Manager. 

Connectivity Status 

The Plug-In now supports only two connectivity modes: SaaS and non-SaaS. The workflow for selecting SaaS connectivity mode has been simplified to allow checkbox selection for enabled/disabled. There is also a text field to provide or alter the AppDefense Manager details from the default value. 

Additionally, the Appliance UI has been enhanced to show connectivity status between itself and the AppDefense Manager. This eliminates the need to navigate outside of the Appliance in order to view this information. 

Available Upgrades 

The Appliance UI now displays information about all available versions and components of AppDefense that can be upgraded to after an upgrade bundle has been uploaded.

This release provides an improved error message on the UI when user incorrectly configures SSO from the AppDefense Appliance > Registration  tab.


The 2.1.1 is a bug-fix release addressing specific customer bugs related to upgrade. 


With the 2.1.0 release, AppDefense focuses on scale and performance improvements in the AppDefense Plug-in and does not include new feature updates for the Platinum Edition.


Release Overview

With this release, AppDefense announces General Availability of the AppDefense Plug-in for Platinum Edition. The AppDefense Plugin integrates application security capabilities directly in the vSphere Client. It provides high-level security metrics about your environment, deep visibility into the behavior of individual VMs, and end-to-end lifecycle management for AppDefense components. The AppDefense plug-in is supported only in the HTML5 version of the vSphere Client.

Plugin Dashboard

The Plugin Dashboard delivers aggregated security metrics, visibility, and health statistics for applications and workloads running on vSphere. Users can drill into individual behaviors and reputation scores, leading to deeper visibility in the VM Monitor page. This high-level summary provides focused, at-a-glance statistics and a starting place for additional discovery. 

Lifecycle Management

AppDefense announces one-click, integrated installation and upgrade workflows for AppDefense directly within vCenter. Users can now get a full report of their protection status, deploy AppDefense modules into entire clusters with a single click, and schedule regular upgrades, all while leveraging familiar workflows. Managing AppDefense components in this way greatly increases ease of operation for IT admins.  

VM Monitoring

This release delivers a new virtual machine monitor tab that provides VM-specific behavior monitoring for visibility, security assessment, and troubleshooting directly within vCenter. Integrating this capability in vCenter enables IT admins to play pivotal roles in the protection of their organizations’ apps and data.

Connectivity Modes

The AppDefense Plugin can operate in three different connectivity modes: Online, Offline, and SaaS. Offline mode requires no internet connectivity and provides a basic visibility-only view of your environment. Online mode adds security feeds from the AppDefense Service. SaaS mode (recommended) provides the full AppDefense feature set. Select the connectivity mode that meets your compliance requirements. For more information, go to AppDefense Appliance Connectivity Modes.


Product Lifecycle Matrix

For information about AppDefense and other VMware products that must be upgraded soon, please consult the VMware Lifecycle Product Matrix.

Resolved Issues

  • No error message related to password expiration on the Appliance UI.

    From 2.3.1, you can now see error message related to password expiration on the Appliance UI when:

    • Your password is expiring in X number of days. You see the message 10 days before the password expires.
    • Authentication fails for some reason. Password may or may not have expired but you cannot log in.
    • Password has already expired.

Known Issues

  • Initiated from the vCenter Plugin, upgrade fails from 2.3 to 2.3.1 when using AppDefense Appliance as the default upgrade source.

    When the AppDefense Appliance is used as the Download Source for upgrading in-guest bits from 2.3 to 2.3.1, the upgrade fails. Note: the Appliance is the default download configuration.

    Two Options: 

    1) If you would like to still use the vCenter Plugin to upgrade your VMs from 2.3 to 2.3.1, the guest VMs need to have access to the internet. Then, you just need to change the download source (on the Appliance UI) so that the new guest module is downloaded directly from the cloud, as opposed to the Appliance. Once you have changed the upgrade source, you can upgrade your module like normal (from the Plugin or from the SaaS console).
    2) If you don't want to use the vCenter Plugin or if the guest VMs don't have access to the internet, you can upgrade the guest module manually with the published MSI. Contact customer success if you would like help in this regard. 

    Steps for option1: If guest VM's have internet connectivity.
      I) Trigger upgrade using cloud:
         1. Login to Appliance UI.
         2. In the Dashboard section select ApplianceUpgrade.
         3. Click the edit option, and select from cloud under VM Upgrade Source.
         4. Save configuration and trigger the upgrade.
      II) For SaaS enabled customers, follow steps:

    Steps for Option 2: If guest VM's do not have internet connectivity.
      I) Download and manually install using these steps:
      II) Download and manually install using appliance hosted MSI.
         1. On the guest VM, open a browser.
         2. Go to the URL: https://{appliance_ip}/download/guest/
         3. URL might fail to open with "connection not private" or similar error message, select proceed/continue with download option.
         4. Run/execute the MSI manually to install.

  • When the AppDefense agent is installed via the vCenter Plugin, vMotion does not work until the VM is power cycled.

    In 2.3, AppDefense introduced the option to delay power cycling. We later found an issue that delaying the power cycle causes issues with vMotion. 

    When installing AppDefense for 2.3.1, VMs are power cycled (Power Off or Guest OS Shutdown, followed by Power On).

  • Log In to AppDefense Appliance With Certificate does not work.

    You may not be able to log in to AppDefense Appliance with certificate.

    This issue will be fixed in next release.