VMware experts please

Discussion in 'sandboxing & virtualization' started by kennyboy, Jul 14, 2014.

Thread Status:
Not open for further replies.
  1. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    I have always thought that using a VM isolates completely from the real machine, and cross infections rarely if ever happen. I must have been mistaken in that understanding, but I am amazed how wrong I could have been.

    I was looking around websites that perhaps I shouldnt have been, using a Win7 VM machine with IE.
    The Win 7 VM is a basic clean install with nothing added. Suddenly, Eset Nod32 AV popped up from the REAL machine saying the website that I was connecting to on the VM had been blocked and flagged as dangerous.

    If this is the case, that Eset from the Real machine is monitoring the VM, then surely bad stuff from the VM could just as easily infect the real machine.

    Maybe I am missing something obvious, but it was a shock to see that Eset was active on the VM, even though it is not installed there.

    Any help appreciated.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Two things.

    First when you download something it has to come thru the real machine. That ESET catches it is good in my estimation.

    Second. One thing I've done(I use VMware Workstation 10) is using Appguard, I have added all my vmware applications to Appguards guarded apps list. I have the mem read/write both set to yes, so it provides a layer of memory isolation for the for the VM.

    PEte
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    One similar discussion already here: https://www.wilderssecurity.com/threads/virus-inside-of-a-virtual-machine.354900/

    ESET is scanning http traffic created by vbox.exe. If it finds anything it jumps in. If you don't want to scan network traffic by your RT antivirus you can do two things:
    1. switching from NAT network to Bridged network in Virtualbox or
    2. disable http scanning for Vbox.exe in ESET.

    Both options will prevent ESET from scanning that network traffic.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    The above comments have given me plenty of help and research to be done. These things had just never occurred to me.

    I appreciate all the help. Thanks to you all.
     
Loading...
Thread Status:
Not open for further replies.