The managed object browser provides a way to explore the object model used by vCenter to manage the vSphere environment; it enables configurations to be changed as well.
This interface is used primarily for debugging the vSphere SDK. This interface might potentially be used to perform malicious configuration changes or actions.
In order to disable the datastore browser you will need to edit the ‘vpxd.cfg’ file, to ensure the‘ enableDebugBrowse’ is set to false, as below:
<vpxd> <enableDebugBrowse>false</enableDebugBrowse> </vpxd>
Once the above configuration change has been made, restart the ‘VMware VirtualCenter Server’ service to apply the change. Once disabled the managed object browser will no longer be available for diagnostics.
For disabling the managed object browser at a host level, see http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-0EF83EA7-277C-400B-B697-04BDC9173EA3.html.