Certain operations such as automated VMware Tools upgrades use a component in the hypervisor called host guest file system (HGFS). In high-security environments, you can disable this component to minimize the risk that an attacker can use HGFS to transfer files inside the guest operating system.
- Log in to a vCenter Server system using the vSphere Web Client and find the virtual machine.
- In the Navigator, select VMs and Templates.
- Find the virtual machine in the hierarchy.
- Right-click the virtual machine and click Edit Settings.
- Select VM Options.
- Click Advanced and click Edit Configuration.
- Verify that the isolation.tools.hgfsServerSet.disable parameter is set to TRUE.
When you make this change, the VMX process no longer responds to commands from the tools process. APIs that use HGFS to transfer files to and from the guest operating system, such as some VIX commands or the VMware Tools auto-upgrade utility, no longer work.