VMware Communities
Billsboard
Contributor
Contributor
‎03-14-2021 10:26 AM

Disable VMWare Fusion Hypervisor Detection Port Feature

Hello, I am running VMWare Fusion 12 with a Windows Guest and a MacOS host. I have a kernel driver that keeps quitting because it can detect through the VMWare port that its running on a VM. Is there anyway that I can disable the VM detection feature?

Reply
0 Kudos
5 Replies
scott28tt
VMware Employee
VMware Employee
‎03-14-2021 02:46 PM

It would depend on how the driver “knows” - there are some custom options you can add to the VMX file, and other tricks I’ve heard of which involve registry hacking, but you can’t fully hide the VM hardware from the guest OS.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
ColoradoMarmot
Champion
Champion
‎03-16-2021 07:52 AM

Yup, a bunch of malware detects VM's in order to stop analysis.

Most often though, it's a license locked piece of software/hardware that's specifically designed to thwart EULA violations.

Reply
0 Kudos
Billsboard
Contributor
Contributor
‎03-16-2021 09:15 AM

I was trying to play around with some viruses. Guess I can't.

Reply
0 Kudos
Billsboard
Contributor
Contributor
‎03-16-2021 09:17 AM

It's just using the port. I don't know how to disable the port though.

Reply
0 Kudos
ColoradoMarmot
Champion
Champion
‎03-16-2021 10:30 AM

Yeah, that's pretty typical of anything that's remotely advanced these days.  Building a forensics lab is way more complicated than we have room for in the thread.  Best to get a consultant in to help you do it.

Reply
0 Kudos