Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


VirtualBox VM for malware analysis

  • Please log in to reply
1 reply to this topic

#1 l4mbda


  • Members
  • 5 posts
  • Gender:Male
  • Location:Toronto, Ontario
  • Local time:10:55 AM

Posted 01 February 2016 - 03:32 PM

Hello there. :)


I'm looking to create a virtual machine (perhaps multiple) running Windows (either XP, 7, or 10) for malware analysis. The physical computer that these VMs will running on is my main Windows 10 desktop that I use for practically everything. I don't want it to get infected.


What precautions should I take in terms of isolating the virtual machines? To expand on that, what networking settings should I have? Should I use the guest additions? What do I do with the shared clipboard? Is hardware acceleration safe to enable? Should I disable page fusion? Should I tweak the settings inside of Windows in the VMs to be more secure (I heard that Windows 10 updates are peer to peer)?


Also, how would I configure a Linux distro to safely monitor the traffic from these VMs later down the line? This isn't urgent as I first plan to do static analysis. 


My apologies for the influx of questions. Most of the guides I found on this seem either incomplete or are written for VMware. I thought that it would be better to just ask everything in one thread as opposed to posting many later down the line. 



BC AdBot (Login to Remove)


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,718 posts
  • Gender:Male
  • Local time:05:55 PM

Posted 06 February 2016 - 01:08 PM

Disable networking.

Don't install the VMware tools.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users