How to Disable Side Channel Mitigations for VMware VM

In this post, I will show you how to disable side channel mitigations for VMware virtual machines. You can turn off the side channel mitigations for a VM using VMware Fusion or VMware Workstation software.

As per VMware, the Virtual Machines that have side channel mitigations enabled while running on Fusion on macOS 11.0 or later or on Workstation on Windows hosts with virtualization based security enabled may run slowly.

Virtual Machines with side channel mitigations enabled may exhibit performance degradation. If you want to improve the performance of the VM, VMware advises you to disable the side-channel mitigations. When you power on the VM, you will see a message box with following details.

PatchMyPC HorizontalAD
Patch My PC Sponsored AD

You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance. To disable mitigations, change the side channel mitigations setting in the advanced panel of the virtual machine settings. Refer to VMware KB article 79832 for more details.

You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance.
You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance.

Although the above issue will not prevent you from using the virtual machine, you must look to disable the side channel mitigations to ensure the VM runs smoothly. The above message appears when you power on the VM and occurs with latest version of VMware Workstation.

Why should you disable Side Channel Mitigations?

I am quoting this from VMware, the root cause of the performance degradation is most likely due to mitigations for side channel attacks such as Spectre and Meltdown. Side channel attacks allow unauthorized read access by malicious processes or virtual machines to the contents of protected kernel or host memory.

CPU vendors have introduced several features to protect data against this class of attacks such as indirect branch prediction barriers, single thread indirect branch predictor mode, indirect branch restricted speculation mode and L1 data cache flushing. While these features are effective at preventing side channel attacks, they can cause noticeable performance degradation in some cases.

Disable Side Channel Mitigations using VMware Workstation

Using VMware Workstation you can perform the following steps to turn off the side channel mitigations:

  • Start VMware Workstation.
  • Power off the Virtual Machine.
  • Go to VM > Settings > Options > Advanced.
  • Under Settings, check “Side mitigations is not enable for Hyper-V enabled hosts“.
Disable Side Channel Mitigations using VMware Workstation
Disable Side Channel Mitigations using VMware Workstation

Note: The above settings are not applicable in VMware Workstation Player.

Disable Side Channel Mitigations using VMware Fusion

Perform the following steps to disable side channel mitigations using for a virtual machine using VMware fusion:

  • Start VMware Fusion.
  • Shut down the Virtual Machine.
  • Go to Virtual Machine > Settings > Advanced.
  • Check “Disable Side Channel Mitigations“.
Disable Side Channel Mitigations using VMware Fusion
Disable Side Channel Mitigations using VMware Fusion

Leave a Reply

Your email address will not be published. Required fields are marked *