Details
The VMsafe CPU/memory API allows a security virtual machine to inspect and modify the
contents of the memory and CPU registers on other VMs, for the purpose of detecting and
preventing malware attacks. A VM must be configured explicitly to accept access by the
VMsafe CPU/memory API. This involves three parameters to perform the following:
1. Enable the API.
2. Set the IP address used by the security virtual appliance on the introspection
vSwitch.
3. Set the port number for that IP address.
The third parameter must be set correctly in the vmsafe.agentPort option in the virtual
machine configuration file for any VMs that should be protected by the API.
*Rationale*
An attacker might compromise the VMs by making unauthorized use of the introspection
channel provided by the API.
Solution
To configure the VMsafe Agent Port correctly, perform the following steps:
1. If the VM is not being protected by a VMsafe CPU/memory product, remove
vmsafe.agentPort from the virtual machine configuration file.
2. If the VM is being protected by a VMsafe CPU/Memory product, set
vmsafe.agentPort to the correct value.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.