Virtualbox question

Hi,

I have install virtualbox on my windows xp system (host) and created a vista machine (guest). Now, how do I isolate the guest system from the host system?

Right now, the AV of my host system check the browser on my guest machine and a scan with the AV on the guest machine also scan the files on the host machine... I don't want software from my host to interfer or see what going on on the guest machine and vice versa!!!

Thanks,
Atomas31

 

Isn't this a little weird? I'm not an expert but have been using VB for a long while and have never seen any security (Eset / Prevx / MBAM) on the host affect the guest at all.

philby

 

This is extremely odd. The whole point of a virtual environment is that it is isolated from the host environment. I do not see how your host AV can scan inside your virtual guest environment.

Are you sure you are not misreading the situation? perhaps you have installed your AV inside the guest too.

 

No on-access scanning is possible. Nonetheless, if both the host and the guest share folders or even their C drives for example it will be possible for both host and guest to scan each other network drives. However, the host cannot perform any on-access scan on the guest; only on demand scan is possible and it has to be initiated by the user.

 

This is strange, are you sure this is the case. It's just not possible for the host to see the guest unless you use Shared Folders. You need to have the Guest Additions installed on the guest to use them. Shared Folders only lets you share folders on the host with the guest. It is possible to have a create a network share, normally requires using the Bridged Adapter, the default is NAT adapter.

 

Well my AV on the host (ESS) seems able to scan the web page of any browser use in my guest machine and it can also scan what is download on the guest

Maybe it has something to do with the automatic sharing internet connection on install, I don't really know since I am a newbie

Thanks,

 

HTTP has to go through the real machine before reaching the virtual/fake one

 

Yes, that will be it I believe the virtual network adapter bridges to the real network adapter (not at home yet to check)? It will be in your network settings.

 

A Ah! <slapping forehead with hand> ESS (Eset?) must be using a low lever driver to hook in to the host NIC. As Pedro said, all traffic must pass through the host NIC so ESS will see it as it passes through.

 

So there is a way to configure network settings for that not to happen If that is the case, it would be nice to have precise indication on where to go and what to do to change those settings

Also concerning the scanning, it is the Anti-virus and anti-malware in the guest when scanning they are scanning all the C: including the host... Do I have to configure the software in the guest for not scanning the host files or is there a configuration somewhere in virtualbox to change so the scanners will only see and scan what is in the guest virtual machine?

Thanks,

 

When the AV, running in the guest, says it is scanning C, it is scanning the guest's C. It's not the C the host refers to, but the virtual C created in Virtualbox (which is a file in the host).
Is that what you're referring to?

 

Well, it scan the C (host and the guest machine in wich I start the scan)... The scan in the virtual machine also take more time and scan more file then scanning from the host My guest only have the OS (vista) and 4-5 applications compare to my host (xp) with more than 100's applications so the scan on my guest shouldn't take more time and scan more files!

 

True from that perspective, but things should be slower in a VM in general, and you're comparing Vista with XP. Vista is likely (much) bigger than XP.

Try this. Download the EICAR file to the host and see that it's not detected from the guest OS's AV.

 

Do you have the host's C drive as a shared directory in the guest? If you are running ESS on both host and guest, you may have to go into the advanced settings and look for a possible option to omit scanning the O/S' drive, but I don't know why it would be happening, although I can understand the guest's browser traffic being scanned by the host's av because of ESS' proxy implementation.

 

What I understand here is:

1. Host running Windows XP, with ESS installed.
2. Guest running Vista with ESS installed.

Are you using Shared Folders in the guest? If yes the configure ESS to not scan those shared folders (they should be mapped to a drive letter in your guest). Reason is the shared folders are physically located on the host, no need to have the guest scan them since the host ESS is doing that already.

Since ESS on the host is scanning the internet traffic from the guest as it transits the host NIC, you could also disable web scanning on the guest since the host is doing that as well.

I don't think there is a way to prevent ESS on the host from seeing the guest traffic going through the host NIC.