{"id":4078,"date":"2025-08-03T17:42:12","date_gmt":"2025-08-03T15:42:12","guid":{"rendered":"https:\/\/vpxd.dc5.cz\/?p=4078"},"modified":"2025-08-03T18:33:05","modified_gmt":"2025-08-03T16:33:05","slug":"check-vmware-esxi-hosts-for-ransomware-protection-with-powercli","status":"publish","type":"post","link":"https:\/\/vpxd.dc5.cz\/index.php\/2025\/08\/03\/check-vmware-esxi-hosts-for-ransomware-protection-with-powercli\/","title":{"rendered":"\ud83d\udd10\u00a0Check VMware ESXi Hosts for Ransomware Protection with PowerCLI"},"content":{"rendered":"\n<p><br>Cybersecurity threats, especially ransomware, are constantly evolving, so it\u2019s important to regularly audit your ESXi hosts to ensure they have the proper protections enabled. Today I want to share a simple but effective PowerCLI script, Get-RansomwareProtectionStatus, that quickly checks your VMware hosts for important ransomware-related security configurations.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\ude80 What This Script Does<\/strong><br>This script focuses on three key settings that enhance protection against ransomware on your ESXi hosts:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Encryption Mode<\/strong>: Checks whether TPM-based encryption is active.<\/li>\n\n\n\n<li><strong>Secure Boot Enforcement<\/strong>: Confirms Secure Boot is enabled.<\/li>\n\n\n\n<li><strong>Exec-Installed-Only Mode<\/strong> (Configured &amp; Runtime): Ensures only binaries from installed VMware VIB packages can execute.<\/li>\n<\/ul>\n\n\n\n<p>Having these settings properly configured greatly reduces the risk of unauthorized code execution\u2014exactly what you want to fight ransomware!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd27 How to Use the Script<\/strong><\/h2>\n\n\n\n<p>Here\u2019s how simple it is. First connect to your vCenter and then run a script.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\\Get-RansomwareProtectionStatus.ps1 &lt;HOST><\/code><\/pre>\n\n\n\n<p>It generates a clear, colored summary, instantly telling you what\u2019s secure and what needs your attention.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\\Get-RansomwareProtectionStatus.ps1 fs-vsan-05.int.dc5.cz<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"379\" height=\"191\" src=\"https:\/\/vpxd.dc5.cz\/wp-content\/uploads\/2025\/08\/image.png\" alt=\"\" class=\"wp-image-4079\" style=\"width:630px;height:auto\"\/><\/figure>\n\n\n\n<p>Green means you\u2019re good; red ? You\u2019ve got work to do! Look to the official documentation:<\/p>\n\n\n\n<p>ESXi 8.0 &#8211;  <a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/vsphere-security-8-0\/securing-esxi-hosts\/securing-the-esxi-configuration\/managing-a-secure-esxi-configuration.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/vsphere-security-8-0\/securing-esxi-hosts\/securing-the-esxi-configuration\/managing-a-secure-esxi-configuration.html<\/a><\/p>\n\n\n\n<p>ESX 9.0 &#8211; <a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/9-0\/vsphere-security\/securing-esxi-hosts\/securing-the-esxi-configuration\/managing-a-secure-esxi-configuration.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/9-0\/vsphere-security\/securing-esxi-hosts\/securing-the-esxi-configuration\/managing-a-secure-esxi-configuration.html<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udee0\ufe0f Customize and Automate It<\/strong><\/h2>\n\n\n\n<p>You can integrate this script into your monitoring routines, run it on multiple hosts with automation tools like Ansible Semaphore or GitLab CI, or even schedule regular audits.<\/p>\n\n\n\n<p>\u26a1 <strong>Pro Tip<\/strong>: Save your reports to a file or push results directly to your monitoring dashboard to track security over time!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udce6 Get the Script<\/strong><\/h2>\n\n\n\n<p>Check out the script in my GitHub repo <a href=\"https:\/\/github.com\/musil\/vSphere_scripts\/\" target=\"_blank\" rel=\"noreferrer noopener\">[link here]<\/a> and let me know your thoughts! Direct link to script <a href=\"https:\/\/github.com\/musil\/vSphere_scripts\/blob\/main\/vCenter\/Get-RansomwareProtectionStatus.ps1\" data-type=\"link\" data-id=\"https:\/\/github.com\/musil\/vSphere_scripts\/blob\/main\/vCenter\/Get-RansomwareProtectionStatus.ps1\" target=\"_blank\" rel=\"noreferrer noopener\">[here]<\/a><\/p>\n\n\n\n<p>Feel free to comment or ping me on social media if you\u2019ve enhanced it further or found a creative use case. Stay secure! \ud83d\udee1\ufe0f<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity threats, especially ransomware, are constantly evolving, so it\u2019s important to regularly audit your ESXi hosts to ensure they have the proper protections enabled. Today I want to share a simple but effective PowerCLI script, Get-RansomwareProtectionStatus, that quickly checks your VMware hosts for important ransomware-related security configurations. \ud83d\ude80 What This Script DoesThis script focuses on &hellip; <a href=\"https:\/\/vpxd.dc5.cz\/index.php\/2025\/08\/03\/check-vmware-esxi-hosts-for-ransomware-protection-with-powercli\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;\ud83d\udd10\u00a0Check VMware ESXi Hosts for Ransomware Protection with PowerCLI&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":4079,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,39,35,8],"tags":[13,36,37,64,63],"class_list":["post-4078","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-esxi","category-powercli","category-vmware","tag-esxi","tag-powercli","tag-powershell","tag-protection","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/posts\/4078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/comments?post=4078"}],"version-history":[{"count":3,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/posts\/4078\/revisions"}],"predecessor-version":[{"id":4082,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/posts\/4078\/revisions\/4082"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/media\/4079"}],"wp:attachment":[{"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/media?parent=4078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/categories?post=4078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpxd.dc5.cz\/index.php\/wp-json\/wp\/v2\/tags?post=4078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}