If after applying VMware vSphere (ESXi) security update - ESXi-6.7.0-20190504001-standard (Build 13644319) - https://kb.vmware.com/s/article/55636 and adding VMkernel.Boot.hyperthreadingMitigation = TRUE After restarting ESXi you notice half the number of logical processors (e.g. hyperthreading disabled!) - this is NORMAL!. "Enabling this option will result in the vSphere UI reporting only a single logical processor per physical core; halving the number of logical processors if Hyperthreading was previously enabled. In addition Hyperthreading may be reported as 'Disabled' in various configuration tabs."
BEFORE UPDATE VMkernel.Boot.hyperthreadingMitigation = false
AFTER UPDATE VMkernel.Boot.hyperthreadingMitigation = true
There's a false positive around. Using Office Applications (for example Word) might trigger Windows defender warnings about an infection with "PowEmotet.SB". This is a false positive. Microsoft has updated the definitions to 1.353.1888.0 and past that update, there should be no more findings.
Small hint: if you are planning to upgrade to Windows 11 and setup claims that, although the rest is compatible, you need a TPM 2.0: you will not need to buy one.
If your CPU is compatible, you can be almost perfectly sure that there is a firmware TPM ready and waiting to be enabled in your UEFI firmware (formerly known as "BIOS"), since computers that work with modern CPUs have these.
Just saying, because I wondered what makes TPM sellers raise their prices and attach marketing slogans like "make it windows 11 ready". They just use the fact that people don't know about firmware TPMS ("fTPM") to make money.