• From the /var/log/vobd.log we see following events :

vobd[2098147]:  [UserWorldCorrelator] 23208993440us: [esx.audit.uw.security.execInstalledOnly.violation] Execution of non-installed file prevented: ./DCToolkit
vobd[2098147]:  [UserWorldCorrelator] 24156449536us: [vob.uw.exec.installonly.violation] Execution of non-installed file prevented: ./<tool_name>

• On the ESXi summary, we get the following alert message :

ExecInstalledOnly has been disabled. This allows the execution of non-installed binaries on the host. Unknown content can cause malware attacks similar to Ransomware.

• VMware vSphere ESXi 8.0

• Executing a non-installed binary is prevented on 8.0.
• When you install or upgrade to ESXi 8.0 or later, the execInstalledOnly internal runtime option is activated on hosts by default. This option helps protect your hosts against ransomware attacks. If your ESXi 8.0 or later hosts still run non-VIB binaries from external sources, you can deactivate the execInstalledOnly internal runtime option.
  
  
  

• Please disable the advanced config option with this command :
  • # esxcli system settings kernel set -s execInstalledOnly -v FALSE
• Then re-run the utility.
• If it fails, then reboot the host and then run the utility.