Virtualbox question

Discussion in 'sandboxing & virtualization' started by Atomas31, Oct 16, 2009.

Thread Status:
Not open for further replies.
  1. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    I have install virtualbox on my windows xp system (host) and created a vista machine (guest). Now, how do I isolate the guest system from the host system?

    Right now, the AV of my host system check the browser on my guest machine and a scan with the AV on the guest machine also scan the files on the host machine... I don't want software from my host to interfer or see what going on on the guest machine and vice versa!!!

    Thanks,
    Atomas31
     
  2. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Isn't this a little weird? I'm not an expert but have been using VB for a long while and have never seen any security (Eset / Prevx / MBAM) on the host affect the guest at all.

    philby
     
  3. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    This is extremely odd. The whole point of a virtual environment is that it is isolated from the host environment. I do not see how your host AV can scan inside your virtual guest environment.

    Are you sure you are not misreading the situation? perhaps you have installed your AV inside the guest too.
     
  4. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    No on-access scanning is possible. Nonetheless, if both the host and the guest share folders or even their C drives for example it will be possible for both host and guest to scan each other network drives. However, the host cannot perform any on-access scan on the guest; only on demand scan is possible and it has to be initiated by the user.
     
  5. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    This is strange, are you sure this is the case. It's just not possible for the host to see the guest unless you use Shared Folders. You need to have the Guest Additions installed on the guest to use them. Shared Folders only lets you share folders on the host with the guest. It is possible to have a create a network share, normally requires using the Bridged Adapter, the default is NAT adapter.
     
    Last edited: Oct 17, 2009
  6. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Well my AV on the host (ESS) seems able to scan the web page of any browser use in my guest machine and it can also scan what is download on the guesto_O

    Maybe it has something to do with the automatic sharing internet connection on install, I don't really know since I am a newbie :oops:

    Thanks,
     
  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    HTTP has to go through the real machine before reaching the virtual/fake one :)
     
  8. wat0114

    wat0114 Guest

    Yes, that will be it :) I believe the virtual network adapter bridges to the real network adapter (not at home yet to check)? It will be in your network settings.
     
  9. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    A Ah! <slapping forehead with hand> ESS (Eset?) must be using a low lever driver to hook in to the host NIC. As Pedro said, all traffic must pass through the host NIC so ESS will see it as it passes through.
     
  10. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    So there is a way to configure network settings for that not to happen :) If that is the case, it would be nice to have precise indication on where to go and what to do to change those settings ;)

    Also concerning the scanning, it is the Anti-virus and anti-malware in the guest when scanning they are scanning all the C: including the host... Do I have to configure the software in the guest for not scanning the host files or is there a configuration somewhere in virtualbox to change so the scanners will only see and scan what is in the guest virtual machine?

    Thanks,
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    When the AV, running in the guest, says it is scanning C, it is scanning the guest's C. It's not the C the host refers to, but the virtual C created in Virtualbox (which is a file in the host).
    Is that what you're referring to?
     
  12. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec


    Well, it scan the C (host and the guest machine in wich I start the scan)... The scan in the virtual machine also take more time and scan more file then scanning from the hosto_O My guest only have the OS (vista) and 4-5 applications compare to my host (xp) with more than 100's applications so the scan on my guest shouldn't take more time and scan more files!
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    True from that perspective, but things should be slower in a VM in general, and you're comparing Vista with XP. Vista is likely (much) bigger than XP.

    Try this. Download the EICAR file to the host and see that it's not detected from the guest OS's AV.
     
  14. wat0114

    wat0114 Guest

    Do you have the host's C drive as a shared directory in the guest? If you are running ESS on both host and guest, you may have to go into the advanced settings and look for a possible option to omit scanning the O/S' drive, but I don't know why it would be happening, although I can understand the guest's browser traffic being scanned by the host's av because of ESS' proxy implementation.
     
  15. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    What I understand here is:

    1. Host running Windows XP, with ESS installed.
    2. Guest running Vista with ESS installed.

    Are you using Shared Folders in the guest? If yes the configure ESS to not scan those shared folders (they should be mapped to a drive letter in your guest). Reason is the shared folders are physically located on the host, no need to have the guest scan them since the host ESS is doing that already.

    Since ESS on the host is scanning the internet traffic from the guest as it transits the host NIC, you could also disable web scanning on the guest since the host is doing that as well.

    I don't think there is a way to prevent ESS on the host from seeing the guest traffic going through the host NIC.
     
Loading...
Thread Status:
Not open for further replies.