Avoid configuring virtual machines to allow unfiltered SCSI commands
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
For more information about best practices and scans, see Best Practices Analyzer.
| Property | Details |
|---|---|
| Operating System | Windows Server 2016 |
| Product/Feature | Hyper-V |
| Severity | Warning |
| Category | Operations |
In the following sections, italics indicates UI text that appears in the Best Practices Analyzer tool for this issue.
Issue
A virtual machine is configured to allow unfiltered SCSI commands.
Impact
Bypassing SCSI command filtering poses a security risk. This configuration should be enabled only if it is required for compatibility with storage applications running in the guest operating system. The following virtual machines are configured to allow unfiltered SCSI commands:
<list of virtual machine names>
Resolution
Contact your storage vendor to determine if this configuration is required. Also, if the management operating system or other guest operating systems are compromised or exhibit unusual behavior, reconfigure the virtual machine to block the commands.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for