The managed object browser provides a way to explore the VMkernel object model. However, attackers can use this interface to perform malicious configuration changes or actions because ou can change the host configuration by using the managed object browser. Use the Managed Object Browser only for debugging, and ensure that it is disabled in production systems.

Starting with vSphere 6.0, the MOB is disabled by default. However, for certain tasks, for example when extracting the old certificate from a system, you have to use the MOB.


  1. Select the host in the vSphere Web Client and go to Advanced System Settings.
  2. Check the value of Config.HostAgent.plugins.solo.enableMob, and change it as appropriate.
    Using vim-cmd from the ESXi Shell is no longer recommended.