Certain operations such as automated tools upgrades use a component in the hypervisor called host guest file system (HGFS). In high-security environments, you can disable this component to minimize the risk that an attacker can use HGFS to transfer files inside the guest operating system.

Procedure

  1. Find the virtual machine in the vSphere Web Client inventory.
    1. Select a data center, folder, cluster, resource pool, or host.
    2. Click the Related Objects tab and click Virtual Machines.
  2. Right-click the virtual machine and click Edit Settings.
  3. Select VM Options.
  4. Click Advanced and click Edit Configuration.
  5. Verify that the isolation.tools.hgfsServerSet.disable parameter is set to TRUE.

Results

When you make this change, the VMX process no longer responds to commands from the tools process. APIs that use HGFS to transfer files to and from the guest operating system, such as some VIX commands or the VMware Tools auto-upgrade utility, no longer work.