How to Disable Side Channel Mitigations for VMware VM

Prajwal Desai
Posted by Prajwal Desai
How to Disable Side Channel Mitigations for VMware VM
How to Disable Side Channel Mitigations for VMware VM

In this post, I will show you how to disable side channel mitigations for VMware virtual machines. You can turn off the side channel mitigations for a VM using VMware Fusion or VMware Workstation software.

As per VMware, the Virtual Machines that have side channel mitigations enabled while running on Fusion on macOS 11.0 or later or on Workstation on Windows hosts with virtualization based security enabled may run slowly.

Virtual Machines with side channel mitigations enabled may exhibit performance degradation. If you want to improve the performance of the VM, VMware advises you to disable the side-channel mitigations. When you power on the VM, you will see a message box with following details.

You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance. To disable mitigations, change the side channel mitigations setting in the advanced panel of the virtual machine settings. Refer to VMware KB article 79832 for more details.

You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance.
You are running this virtual machine with side channel mitigations enabled. Side channel mitigations provide enhanced security but also lower performance.

Although the above issue will not prevent you from using the virtual machine, you must look to disable the side channel mitigations to ensure the VM runs smoothly. The above message appears when you power on the VM and occurs with latest version of VMware Workstation.

Why should you disable Side Channel Mitigations?

I am quoting this from VMware, the root cause of the performance degradation is most likely due to mitigations for side channel attacks such as Spectre and Meltdown. Side channel attacks allow unauthorized read access by malicious processes or virtual machines to the contents of protected kernel or host memory.

CPU vendors have introduced several features to protect data against this class of attacks such as indirect branch prediction barriers, single thread indirect branch predictor mode, indirect branch restricted speculation mode and L1 data cache flushing. While these features are effective at preventing side channel attacks, they can cause noticeable performance degradation in some cases.

Disable Side Channel Mitigations using VMware Workstation

Using VMware Workstation you can perform the following steps to turn off the side channel mitigations:

  • Start VMware Workstation.
  • Power off the Virtual Machine.
  • Go to VM > Settings > Options > Advanced.
  • Under Settings, check “Side mitigations is not enable for Hyper-V enabled hosts“.
Disable Side Channel Mitigations using VMware Workstation
Disable Side Channel Mitigations using VMware Workstation

Note: The above settings are not applicable in VMware Workstation Player.

Disable Side Channel Mitigations using VMware Fusion

Perform the following steps to disable side channel mitigations using for a virtual machine using VMware fusion:

  • Start VMware Fusion.
  • Shut down the Virtual Machine.
  • Go to Virtual Machine > Settings > Advanced.
  • Check “Disable Side Channel Mitigations“.
Disable Side Channel Mitigations using VMware Fusion
Disable Side Channel Mitigations using VMware Fusion
Share This Article
Prajwal Desai
Posted by Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
Leave a comment

PatchMyPC Sponsored AD

Recast Sponsored AD

Popular Articles

step by step
SCCM 2012 R2 Step by Step Guide
SCCM
windows updates
How To Deploy Software Updates Using SCCM ConfigMgr
SCCM
How to Install WSUS for SCCM
How to Install WSUS for SCCM | SUP Role | ConfigMgr
SCCM WSUS
Fix Skype for Business (Lync) Recording Shows Pending Status
Fix Skype for Business Recording Shows Pending Status
Lync

Recent Articles

How to Deploy Cisco Jabber using SCCM
How to Deploy Cisco Jabber Using SCCM (ConfigMgr)
SCCM
Canonical Names of Control Panel Items
List of Canonical Names of Control Panel Items
Windows 11
Turn On or Off Spell Check in Notepad on Windows 11
Enable Spell Check and Autocorrect in Notepad on Windows 11
Windows 11
Create Cloud PC Maintenance Windows
How to Create and Use Cloud PC Maintenance Windows
Windows 365