Export (0) Print
Expand All

Hyper-V: Avoid configuring virtual machines to allow unfiltered SCSI commands

Updated: April 27, 2010

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Hyper-V Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

 

Operating System

Windows Server 2012 or Windows Server 2008 R2

Product/Feature

Hyper-V

Severity

Warning

Category

Operations

A virtual machine is configured to allow unfiltered SCSI commands.

Bypassing SCSI command filtering poses a security risk. This configuration should be enabled only if it is required for compatibility with storage applications running in the guest operating system. The following virtual machines are configured to allow unfiltered SCSI commands:<list of virtual machine names>

Contact your storage vendor to determine if this configuration is required. Also, if the management operating system or other guest operating systems are compromised or exhibit unusual behavior, reconfigure the virtual machine to block the commands.

You can reconfigure the virtual machine by using the WMI interfaces to modify a property directly in the Virtualization WMI provider. Use the ModifyVirtualSystem method of the Msvm_VirtualSystemManagementService class to modify the AllowFullSCSICommandSet property of the Msvm_VirtualSystemGlobalSettingData class. For more information about this property, see Msvm_VirtualSystemGlobalSettingData Class (http://go.microsoft.com/fwlink/?LinkId=181521).

For information about the Virtualization WMI provider for Hyper-V, see Virtualization WMI Provider (http://go.microsoft.com/fwlink/?LinkID=108564).

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft