Information
The VMsafe CPU/memory API allows a security virtual machine to inspect and modify the
contents of the memory and CPU registers on other VMs, for the purpose of detecting and
preventing malware attacks. A VM must be configured explicitly to accept access by the
VMsafe CPU/memory API. This involves three parameters to perform the following:
1. Enable the API.
2. Set the IP address used by the security virtual appliance on the introspection
vSwitch.
3. Set the port number for that IP address.
The first parameter must be set correctly in the vmsafe.enable option in the virtual
machine configuration file for any VMs that should be protected by the API. For any VMs
that should not be protected by the API, this option should not exist in the configuration file.
*Rationale*
An attacker might compromise the VMs by making unauthorized use of the introspection channel provided by the API.
Solution
To configure the VMsafe Agent correctly, perform the following steps:
1. If the VM is not being protected by a VMsafe CPU/memory product, remove vmsafe.enable from the virtual machine configuration file or set it to a value of FALSE.
2. If the VM is being protected by a VMsafe CPU/Memory product, set vmsafe.enable to the correct value.