Avatar of Andrew Leniart
Andrew LeniartFlag for Australia asked on

Microsoft, Virtual PC, 2007 - How to isolate from host operating system?

Ive installed a Windows XP Pro Virtual PC on my Vista Admin box to have an easy means of firing up XP when I need it. It occurred to me that this could also be an ideal means of being able to test suspicious virus and/or Trojan infected files.

I understand from reading other threads on this topic that a virus infection in a Virtual PC can in some circumstances affect the Host operating system and travel across any configured LAN network drives.

Question is how to protect the main operating system from being affected in such a scenario and contain the infection only to the Virtual PC, yet still retaining Internet access?

My current configuration is a single NIC getting it's Internet from a router.

Any suggestions on how this might be possible? If not possible in Virtual PC, how about VMWare or some other Virtual Machine type software that allows this?
Microsoft Virtual ServerVMware

Avatar of undefined
Last Comment
Andrew Leniart

8/22/2022 - Mon
debuggerau

thats normally a feature of the firewall.
You could install a better one that MS give you, which should control which programs access the internet but XP SP3 is a little better, I suggest you start there..
ASKER
Andrew Leniart

Thanks debuggerau, but I'm not trying to restrict access to the Internet - the exact opposite actually :)

What I want to do is prevent a network aware virus infection on the Virtual PC installation to infect the host operating system it's running on - in this case Windows Vista Business (Not XP)

If you're suggesting I can use the Windows Firewall (or another third party firewall solution) to allow network access to the Internet, but prevent access to Vista itself (the host operating system) or LAN network drives? If so, how would I configure Windows firewall for that to happen?
debuggerau

If you configure your Virtual PC network device to share your hosts network card with its own address, you have full control over what that Virtual gets access too.
A firewall doesn't only prevent a risk only the host, but all the machines on the lan (and even the internet too).
You want some control over outbound connection in the Virtual, its things getting out I'd be worried about when Virus testing..
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
debuggerau

SP3 firewall will prompt you with programs that are not on its safe list when they try to establish an outside connection..
You get to accept or block..
ASKER
Andrew Leniart

debuggerau: "If you configure your Virtual PC network device to share your hosts network card with its own address, you have full control over what that Virtual gets access too"

How is this achieved exactly? Your suggestion sounds like it will acheive exactly what I'm looking to do, but how do you configure the VPC network card so that it has its own address and then configure it to still be able to access the Internet, but not the LAN or the Host operating system (Vista) ?

Are you able to point me to some documentation on how to configure this somewhere?

Thanks..
ASKER CERTIFIED SOLUTION
debuggerau

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Andrew Leniart

debuggerau: That's brilliant.. I wasn't understanding your explanation but the the screen shot made the penny drop. Sometimes a picture is worth a 1000 words :)

Setting a local only adapter, combined with a good firewall solution should pretty much give me the solution I'm looking for.  Many thanks for your help.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.