This article provides the commands to enable and disable the SFCB service on the ESX/ESXi host.

VMSA-2021-0014 documents an authentication vulnerability with SFCB
Please click HERE for more information on this advisory before proceeding with this workaround

 

You may want to disable the SFCB service if it causes the vpxa watchdog service to restart management services by using all the available memory and swapping the space in the service console.

SFCB is disabled by default. The service starts when you install a third-party CIM VIB, for example, when you run the esxcli software vib install -n VIBname command.

Note: The CIM (Common Information Model) agent is the process which provides hardware health information. Disabling this service will disable some sensors reported in the hardware health status.

Details on the available powercli options to disable the service are documented here
 

There is no requirement to reboot the ESXi host to disable/enable the service

To enable or disable the CIM agent on an ESXi 6.x and ESXi 7.x host using the vSphere Client

1. Login the the vSphere Client

2. Select the ESXi Host 

3. Click on Configure -- Services

4. Click on "Cim Server" as per the screenshot below

5. Click on Stop and then click on "ok" in the window that pops up - see screen shot below





6. Change the "Startup Policy" to "Start and stop manually" by clicking on the "Edit Startup Policy" button



7. The final state of CIM Server service should be "Stopped" and "Start and stop manually"



8. Reverse the steps above to re-enable the service i.e. Change the settings to "Running" by clicking "Start" and change the Startup policy to "Start and stop with host"


To disable the CIM agent on an ESXi 6.x and ESXi 7.0.x host and earlier versions using the command line