Is it safe to use Shared Folders whilst malware testing?

MalwareBlockerYT · Nov 27, 2016

Hi all,

I have just setup a Shared Folder:

And am wondering if it is actually safe to use if I am testing malware in my VM? I am keeping my new samples in this Partition from one of my HDDs & I have all the samples as .vir files so no one who comes around can click on the .exe files and infect my system

The real question is: should I leave it On or Off whilst actually executing these samples? I think that I will turn it Off but I want to know other people's opinions...

Thanks,
Malware Blocker

Venustus · Nov 27, 2016

MalwareBlockerYT said:
Hi all,

I have just setup a Shared Folder:

View attachment 124783
And am wondering if it is actually safe to use if I am testing malware in my VM? I am keeping my new samples in this Partition from one of my HDDs & I have all the samples as .vir files so no one who comes around can click on the .exe files and infect my system

The real question is: should I leave it On or Off whilst actually executing these samples? I think that I will turn it Off but I want to know other people's opinions...

Thanks,
Malware Blocker

As a precaution I would turn that shared folder off!!
You can never be too carefull,even in a VM!!

MalwareBlockerYT · Nov 27, 2016

venustus said:
As a precaution I would turn that shared folder off!!
You can never be too carefull,even in a VM!!

I was thinking the same...

RoboMan · Nov 27, 2016

As a security measure, when i do Malware Testing or Analysys i turn every sharing option between the VM and my host system off. Anything that actually links both systems is a danger area. I'd stay away from it.

MalwareBlockerYT · Nov 27, 2016

RoboMan said:
As a security measure, when i do Malware Testing or Analysys i turn every sharing option between the VM and my host system off. Anything that actually links both systems is a danger area. I'd stay away from it.

Ok thanks, I will be disabling it this evening.

Wave · Nov 27, 2016

When you are actually performing dynamic analysis then disable the shared folders since this can be an open gap to be exploited for guest -> host access. You should also disable features like the shared clipboard/drag and drop (from host -> guest file share), since this are also additions an attacker can attempt to exploit.

As well as this, malware can infect the files on this shared folder if it has access to modify the files, or copy files across to the shared folder depending on the configuration.

Regardless, it's good security practise to disable the shared folders before performing any testing just to be on the safe side. Better be safe than sorry.

BoraMurdar · Nov 27, 2016

On Shared Folder properties, enable read-only mode and you will be fine

Exterminator · Nov 27, 2016

I do not have anything shared between gust and host when testing malware.There is always a chance of infecting the host when these are enabled.
Although as @BoraMurdar pointed out you would be fine with read only I just prefer to not have anything shared.
If you are unsure then disabling sharing is probably a wise decision.

MalwareBlockerYT · Nov 27, 2016

Thanks for all of the replies. I have now disabled Shared Folders but will probably continue to use them occasionally just not whilst executing any samples.

Wave · Nov 27, 2016

MalwareBlockerYT said:
Thanks for all of the replies. I have now disabled Shared Folders but will probably continue to use them occasionally just not whilst executing any samples.

You can use them without a problem, I just recommend disabling them before you perform any dynamic testing involving malicious software since it can be an open attack vector.

Search

Is it safe to use Shared Folders whilst malware testing?

MalwareBlockerYT

Venustus

Level 59

MalwareBlockerYT

RoboMan

Level 36

MalwareBlockerYT

Wave

BoraMurdar

Super Moderator

Exterminator

Level 85

MalwareBlockerYT

Wave

Similar threads