- Forum
- Windows 10 Forums
- Virtualization
dfg555
Posts : 25
Windows 10 64-bit
My Computer
Quote
Cliff S
Posts : 27,484
Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
I don't know if this helps, but, maybe these settings can help:A Look at Malware with Virtual Machine Detection - Malwarebytes Labs | Malwarebytes LabsAs an analyst, however, it will not always be so easy to determine if VM-detection is occurring. Hardening your VM can be a lengthy process, and can involve a lot of work. In some cases, you may need other tools for hiding processes, files, and registry keys that are created by your VM.
Lastly, if you use VMware, adding these options to your POWERED OFF .vmx file will be of great value if you perform malware analysis.
isolation.tools.getPtrLocation.disable = “TRUE”
isolation.tools.setPtrLocation.disable = “TRUE”
isolation.tools.setVersion.disable = “TRUE”
isolation.tools.getVersion.disable = “TRUE”
monitor_control.disable_directexec = “TRUE”
monitor_control.disable_chksimd = “TRUE”
monitor_control.disable_ntreloc = “TRUE”
monitor_control.disable_selfmod = “TRUE”
monitor_control.disable_reloc = “TRUE”
monitor_control.disable_btinout = “TRUE”
monitor_control.disable_btmemspace = “TRUE”
monitor_control.disable_btpriv = “TRUE”
monitor_control.disable_btseg = “TRUE”
These “undocumented” options are from a research paper done several years ago, but are still useful today in preventing some VM-detection techniques. Please note however, that this will break some VM functionality, as these options sever the communications channel between your host machine and guest VM.My Computers
Quote
lx07
Posts : 5,477
2004
It depends how the program checks. I check the BaseBoard like thisI don't know if (or how) you could change that from VMWARE to something else. The program could also check for presence of VMWare drivers, certain strings in memory etc.Code:
$Manufacturer=Get-WmiObject -Class Win32_BaseBoard | ForEach-Object {$_.Manufacturer}if (($Manufacturer -eq "Microsoft Corporation") -or ($Manufacturer -eq "VMWARE") -or ($Manufacturer -eq "Oracle Corporation")) {$thisIsVirtualMachine=$true}Else { $thisIsVirtualMachine=$false }Depending how it checks you might be able hide the fact your system is a VM to but most likely detecting will win.
My Computer
Quote
dfg555
Posts : 25
Windows 10 64-bit
Thread Starter
Well I can try to run SMBCFG which edits the DMI Information for the baseboard/bios.lx07 said:
It depends how the program checks. I check the BaseBoard like this
Code:
$Manufacturer=Get-WmiObject -Class Win32_BaseBoard | ForEach-Object {$_.Manufacturer}if (($Manufacturer -eq "Microsoft Corporation") -or ($Manufacturer -eq "VMWARE") -or ($Manufacturer -eq "Oracle Corporation")) { $thisIsVirtualMachine=$true}Else { $thisIsVirtualMachine=$false }I don't know if (or how) you could change that from VMWARE to something else. The program could also check for presence of VMWare drivers, certain strings in memory etc.
Depending how it checks you might be able hide the fact your system is a VM to but most likely detecting will win.
My Computer
Quote
Subscribe to Thread
Related Discussions
Program Manager running on shutdown?
in General Support
The message "Program Manager is still running" pops up on Windows 10, 1909 when shutting down. Since I never saw the words "Program Manager" used in WIndows, I scanned with Windows Defender, and Malwarebytes and both report everything is clean.
running program through network
in Network and Sharing
In xp it was easy to run a program on another computer on the one your running now. Though normally it was to run setup programs and transfer preffrences. Just set the folder or program up as shared and access it from the other computer Is this...
Problem running many program
in General Support
Hello guys, I have problem with windows 10, I want running 100 programs at one time but my windows only run 30 programs, is there any limitation at windows 10? Please help me,I dont know what to do now, your help very appreciate, thank you.
How to tell if a program is running 'As administrator'
in Software and Apps
When an application is open, is there some way to tell if it's being run 'As Administrator'? Terry, East Grinstead, UK
last update stopped program from running
in Software and Apps
Update earlier today has caused e-sword not to run. I updated from 7 to 10 in oct or nov and had no problems running e-sword I ran repair, no help, I uninstalled and reinstalled, no help. Windows says has problem and will notify me of a solution,...
