Is it safe to use Shared Folders whilst malware testing?

[MalwareBlockerYT]

Hi all,

I have just setup a Shared Folder:

And am wondering if it is actually safe to use if I am testing malware in my VM? I am keeping my new samples in this Partition from one of my HDDs & I have all the samples as .vir files so no one who comes around can click on the .exe files and infect my system

The real question is: should I leave it On or Off whilst actually executing these samples? I think that I will turn it Off but I want to know other people's opinions...

Thanks,
Malware Blocker

 

[Venustus]

Hi all,

I have just setup a Shared Folder:

View attachment 124783
And am wondering if it is actually safe to use if I am testing malware in my VM? I am keeping my new samples in this Partition from one of my HDDs & I have all the samples as .vir files so no one who comes around can click on the .exe files and infect my system

The real question is: should I leave it On or Off whilst actually executing these samples? I think that I will turn it Off but I want to know other people's opinions...

Thanks,
Malware Blocker

As a precaution I would turn that shared folder off!!
You can never be too carefull,even in a VM!!

 

[MalwareBlockerYT]

As a precaution I would turn that shared folder off!!
You can never be too carefull,even in a VM!!

I was thinking the same...

 

[RoboMan]

As a security measure, when i do Malware Testing or Analysys i turn every sharing option between the VM and my host system off. Anything that actually links both systems is a danger area. I'd stay away from it.

 

[MalwareBlockerYT]

As a security measure, when i do Malware Testing or Analysys i turn every sharing option between the VM and my host system off. Anything that actually links both systems is a danger area. I'd stay away from it.

Ok thanks, I will be disabling it this evening.

 

[Wave]

When you are actually performing dynamic analysis then disable the shared folders since this can be an open gap to be exploited for guest -> host access. You should also disable features like the shared clipboard/drag and drop (from host -> guest file share), since this are also additions an attacker can attempt to exploit.

As well as this, malware can infect the files on this shared folder if it has access to modify the files, or copy files across to the shared folder depending on the configuration.

Regardless, it's good security practise to disable the shared folders before performing any testing just to be on the safe side. Better be safe than sorry.

 

[BoraMurdar]

On Shared Folder properties, enable read-only mode and you will be fine

 

[Exterminator]

I do not have anything shared between gust and host when testing malware.There is always a chance of infecting the host when these are enabled.
Although as @BoraMurdar pointed out you would be fine with read only I just prefer to not have anything shared.
If you are unsure then disabling sharing is probably a wise decision.

 

[MalwareBlockerYT]

Thanks for all of the replies. I have now disabled Shared Folders but will probably continue to use them occasionally just not whilst executing any samples.

 

[Wave]

Thanks for all of the replies. I have now disabled Shared Folders but will probably continue to use them occasionally just not whilst executing any samples.

You can use them without a problem, I just recommend disabling them before you perform any dynamic testing involving malicious software since it can be an open attack vector.