For enhanced security and to reduce attack surfaces, you can try the enhanced integrity beta feature.

Prerequisites

You MUST meet the following requirements:
  • ESXi host version is 7.0 or later.
  • AppDefense Guest Module is upgraded to 2.3.2 or later.
  • AppDefense has provisioned enhanced integrity feature for your organization.
  • You have subscribed to the AppDefense Service (SaaS)..
  • If the VM hardware version is earlier than 17, AppDefense upgrades the VM hardware version to 17 or later. If you do not want AppDefense to upgrade the VM version automatically, you must upgrade the VM version manually to version 17 or later.

Procedure

  1. Log in to the vSphere Client.
  2. Go to the VM where you have installed or upgraded AppDefense Guest Module 2.3.2 or later version.
  3. On the Summary tab, scroll down to the AppDefense panel. If necessary, expand the panel. Alternatively, you can also use the Configure > AppDefense > Security tab.

  4. Click Manage Guest Integrity.
    A screen appears with options.

  5. Click Enhanced Integrity (Beta), and then click Power Cycle VM.
    Note: If the feature is not provisioned for your organization, the option is disabled. To enable the option, contact VMware AppDefense support team at https://www.vmware.com/support/contacts.html or through the AppDefense Manager support panel chat.

  6. After the VM is power cycled, enhanced integrity (glxgmm) driver starts and you can view the status and version for the enhanced integrity driver.
    Instead of guest integrity, you can view the Enhanced guest integrity (Beta) driver version.

Results

Only one driver is enabled at a time, either guest integrity or enhanced guest integrity. When you enable enhanced guest integrity, guest integrity driver is disabled automatically.

What to do next

If you enable guest integrity from the AppDefense Manager Inventory > VMs tab, enhanced integrity gets disabled.