Download Vmtools 12.1.5
Kate Kokenge
I adapted the script on this page to include this line for uninstall as the /c flag doesn't seem to work correctly anymore. -reinstalling-vmware-tools-on-server2016-after-the-first-attempt-fails-to-install-the-vmtools-service/
It is always fun to reexplore previously discovered techniques or pick back on old research that was put on the wayside in hopes to maybe finding something new or different. Recently, I stood up an ESXi server at home and decided to take a quick peak at the VMware directory structure after installing the VMware Tools (vmtools) package in a Windows 10 Virtual Machine.
*Hunt: As shown in a previous screenshot, the parent process for the launched process is vmtoolsd.exe. Consider monitoring or hunting for suspicious child processes. Additionally, monitoring for VMwareToolBoxCmd.exe command usage could be opportunistic in some environments.
760c119bf3