/var/log/vmkernel.log
WARNING: UserCartel: InitExecInfo:2870: Execution of non-installed file prevented: <nonInstalledBinary>
UserCartel: InitExecInfo:2875: sh: exec denied: file <nonInstalledBinary> not installed
WARNING: UserCartel: InitExecInfo:2881: Execution of non-installed file: <nonInstalledBinary>
WARNING: User: ExecInstalledOnlyCallback:6942: ExecInstalledOnly has been disabled. This allows the execution of non-installed binaries on the host. Unknown content can cause malware attacks similar to Ra$
vSphere - Host Events
Execution of unknown (non VIB installed) binary <nonInstalledBinary> prevented. Unknown content can cause malware attacks similar to Ransomware.
Execution of unknown (non VIB installed) binary <nonInstalledBinary>. Unknown content can cause malware attacks similar to Ransomware.
Scenario 2
/var/log/vobd.log
[vob.uw.exec.installonly.violation] Execution of non-installed file prevented: <nonInstalledBinary>
[vob.uw.exec.installonly.warning] Execution of non-installed file: <nonInstalledBinary>
[esx.audit.uw.security.User.ExecInstalledOnly.disabled] ExecInstalledOnly has been disabled.
This allows the execution of non-installed binaries on the host. Unknown content can cause malware attacks similar to Ransomware
ExecInstalledOnly has been disabled. This allows the execution of non-installed binaries on the host. Unknown content can cause malware attacks similar to Ransomware.
Scenario 2
Security warning about executed files and/or unsecure host configuration -> execInstalledOnly protection is disabled.
For Additional Information, please review Enable or Disable the execInstalledOnly Enforcement for a Secure ESXi Configuration