When attempting to scan the VMware Aria Operations for Networks Offline Upgrade Bundle using MetaDefender Kiosk or MetaDefender Core, the system prompts the user to enter a password. This halts the scanning process and prevents the upgrade bundle from being introduced into secure, air-gapped environments.

This issue is often encountered in government or high-security environments where all external files must be scanned before import.

Aria Operations For Networks

The password prompt is not due to the file being password protected by Broadcom/VMware. Instead, the issue is triggered by MetaDefender's handling of files it interprets as encrypted or protected, particularly those using SHA2 hashing or image signing formats.

When MetaDefender encounters files with certain encryption signatures or packaging formats, it may classify them as encrypted, prompting for a password, even though no password is actually set.

Broadcom/VMware does not use any password protection on upgrade bundles available via the Broadcom Support Portal.

There is no password required to extract or scan the upgrade bundle. The behavior is specific to MetaDefender’s scanning logic, not a property of the upgrade bundle itself.

Engage with the MetaDefender team to verify and, if necessary, update their detection rules to better handle VMware-signed files or bundles.