Hosts upgraded to 8.x shows informational message: ExecInstalledOnly has been disabled
search cancel

Hosts upgraded to 8.x shows informational message: ExecInstalledOnly has been disabled

book

Article ID: 401376

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0

Issue/Introduction

  • Hosts after being upgraded to 8.x may show the following informational message in the Host summary page:

ExecInstalledOnly has been disabled. This allows the execution of non-installed binaries on the host. Unknown content can cause malware attacks similar to Ransomware.

  • If ExecInstalledOnly Internal Runtime settings had been manually disabled. 
  • Executing the following command from the ESXi shell returns an Int value of 0, indicating that the ExecInstalledOnly internal runtime setting is disabled:

[root@esxi:~] esxcli system settings advanced list -o /User/execInstalledOnly
   Path: /User/ExecInstalledOnly
   Type: integer
   Int Value: 0
   Default Int Value: 1
   Min Value: 0
   Max Value: 1
   String Value:
   Default String Value:
   Valid Characters:
   Description: Runtime option to disable/enable execInstalledOnly. The runtime option is only checked if the related execInstalledOnly kernel option is disabled.
   Host Specific: false
   Impact: none

Environment

VMware vSphere Esxi 8.x

Cause

  • ExecInstalledOnly Internal Runtime is used to allow only those files that have been installed via a vib package and have not been modified. This option helps protect your hosts against ransomware attacks in real time.
    When a host had been installed or upgraded to ESXi 8.0 or later, the ExecInstalledOnly Internal Runtime option is activated on hosts by default.
  • In some cases the host may have this option disabled during the first initialization after an upgrade.
  • Manually disabling this feature can also cause the message to appear.

Resolution

  • If ExecInstalledOnly Internal Runtime is intentionally disabled, ignore the message. 
  • To clear the message, enable the ExecInstalledOnly Internal Runtime settings by executing the following command from the ESXi shell:

esxcli system settings advanced set -o /User/execInstalledOnly -i 1

  • Execute the following command to verify that the "Int value" is set to 1.

[root@esxi:~] esxcli system settings advanced list -o /User/execInstalledOnly
   Path: /User/ExecInstalledOnly
   Type: integer
   Int Value: 1
   Default Int Value: 1
   Min Value: 0
   Max Value: 1
   String Value:
   Default String Value:
   Valid Characters:
   Description: Runtime option to disable/enable execInstalledOnly. The runtime option is only checked if the related execInstalledOnly kernel option is disabled.
   Host Specific: false
   Impact: none

Additional Information

The host typically doesn't need a reboot because these changes usually involve runtime configurations that apply instantly.

Powered by Wolken Software