How to allow blocked VMware tools files when Code Integrity policy deployed in Windows 10

search cancel

How to allow blocked VMware tools files when Code Integrity policy deployed in Windows 10

book

Article ID: 337049

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:

When you deploy Code Integrity Policy in Windows 10, some VMware tools files were recorded in the event log in Audit mode as below:

The file did not meet the enterprise signing level requirements.

The files will be blocked to load if the policy is in Enforced mode.

Environment

VMware vSphere ESXi 6.7

Resolution

To resolve this issue, you can generate a new Code Integrity Policy from event log using powershell cmdlets. In “Hash” file rule, keep all VMware tools related files in the generated policy file. Then merge this policy with the deployed policy.

Additional Information

For more information, see Deploy code integrity policies: steps

Impact/Risks:
When users enable VBS in Windows 10, and deploy enforced code integrity policy, some files of VMware tools will be blocked to load if you do not add them to the policy file to allow them.

Feedback

thumb_up Yes

thumb_down No