For enhanced security and to reduce attack surfaces, you can try the enhanced integrity beta feature.
- ESXi host version is 7.0 or later.
- AppDefense Guest Module is upgraded to 2.3.2 or later.
- AppDefense has provisioned enhanced integrity feature for your organization.
- You have subscribed to the AppDefense Service (SaaS)..
- If the VM hardware version is earlier than 17, AppDefense upgrades the VM hardware version to 17 or later. If you do not want AppDefense to upgrade the VM version automatically, you must upgrade the VM version manually to version 17 or later.
- Log in to the vSphere Client.
- Go to the VM where you have installed or upgraded AppDefense Guest Module 2.3.2 or later version.
- On the Summary tab, scroll down to the AppDefense panel. If necessary, expand the panel. Alternatively, you can also use the tab.
- Click Manage Guest Integrity.
A screen appears with options.
- Click Enhanced Integrity (Beta), and then click Power Cycle VM.
Note: If the feature is not provisioned for your organization, the option is disabled. To enable the option, contact VMware AppDefense support team at https://www.vmware.com/support/contacts.html or through the AppDefense Manager support panel chat.
- After the VM is power cycled, enhanced integrity (glxgmm) driver starts and you can view the status and version for the enhanced integrity driver.
Instead of guest integrity, you can view the Enhanced guest integrity (Beta) driver version.
Only one driver is enabled at a time, either guest integrity or enhanced guest integrity. When you enable enhanced guest integrity, guest integrity driver is disabled automatically.
What to do next
If you enable guest integrity from the AppDefense Manager tab, enhanced integrity gets disabled.