Disable Unused Display Features

Attackers can use an unused display feature as a vector for inserting malicious code into your environment. Disable features that are not in use in your environment.

Prerequisites

Power off the virtual machine.

Procedure

Browse to the virtual machine in the vSphere Client inventory.
Right-click the virtual machine and click Edit Settings.
Select VM Options.
Click Advanced and click Edit Configuration.

If appropriate, add or edit the following parameters.

Option	Description
svga.vgaonly	If you set this parameter to TRUE, advanced graphics functions no longer work. Do not set this parameter to TRUE with modern-day guest operating systems as they do not operate correctly. When svga.vgaonly is set to TRUE, only character-cell console mode is available. If you use this setting, mks.enable3d has no effect. Note: Apply this setting only to virtual machines that do not need a virtualized video card.
mks.enable3d	Set this parameter to FALSE on virtual machines that do not require 3D functionality.

Option

Description

svga.vgaonly

If you set this parameter to TRUE, advanced graphics functions no longer work. Do not set this parameter to TRUE with modern-day guest operating systems as they do not operate correctly. When svga.vgaonly is set to TRUE, only character-cell console mode is available. If you use this setting, mks.enable3d has no effect.

Note: Apply this setting only to virtual machines that do not need a virtualized video card.

mks.enable3d

Set this parameter to FALSE on virtual machines that do not require 3D functionality.