Information
Configure the vmsafe.agentAddress option in the virtual machine configuration file
correctly.
*Rationale*
The VMsafe CPU/memory API allows a security virtual machine to inspect and modify the
contents of the memory and CPU registers on other VMs, for the purpose of detecting and
preventing malware attacks. However, an attacker might compromise the VM by making
use of this introspection channel; therefore you should monitor for unauthorized usage of
this API. A VM must be configured explicitly to accept access by the VMsafe CPU/memory
API.This involves three parameters to perform the following-1. Enable the API
2. Set the IP address used by the security virtual appliance on the introspection
vSwitch
3. Set the port number for that IP address.If the VM is being protected by such a product, then make sure the latter two parameters
are set correctly. This should be done only for specific VMs for which you want this
protection.
Solution
If the VM is not being protected by a VMsafe CPU/memory product, then check virtual
machine configuration file and verify that vmsafe.agentAddress is not present.If it is being protected by a VMsafe CPU/Memory product then make sure this is set to the
correct value
Impact-Incorrectly configuring this option can negatively impact functionality of tools that use
VMsafe API.
Default Value-The prescribed state is the default state.