How to allow blocked VMware tools files when Code Integrity policy deployed in Windows 10
Article ID: 337049
Updated On:
Products
VMware
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- When you deploy Code Integrity Policy in Windows 10, some VMware tools files were recorded in the event log in Audit mode as below:
The file did not meet the enterprise signing level requirements.
- The files will be blocked to load if the policy is in Enforced mode.
Environment
VMware vSphere ESXi 6.7
Resolution
To resolve this issue, you can generate a new Code Integrity Policy from event log using powershell cmdlets. In “Hash” file rule, keep all VMware tools related files in the generated policy file. Then merge this policy with the deployed policy.
Additional Information
For more information, see Deploy code integrity policies: steps
Impact/Risks:
When users enable VBS in Windows 10, and deploy enforced code integrity policy, some files of VMware tools will be blocked to load if you do not add them to the policy file to allow them.
Impact/Risks:
When users enable VBS in Windows 10, and deploy enforced code integrity policy, some files of VMware tools will be blocked to load if you do not add them to the policy file to allow them.
Feedback
Yes
No
Powered by
