iVM is not able to access the Internet from a process launched by a locally submitted BAT file

book

Article ID: 168733

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

As an example, a BAT (batch) file that contains the following is submitted to the MAA:

"C:\Program Files\Internet Explorer\iexplore.exe"  "http://www.bluecoat.com/"

MAA's iVM (Intelligent Virtual Machine) will execute it and launch Internet Explorer to access http://www.bluecoat.com/. However, if the default firewall (Isolated) is used, Internet Explorer will not be able to access the Internet.

On the contrary, if you submit a URL or Remote Desktop into the iVM, you are able to access the Internet successfully.

Cause

The default firewall for local file submission is the Isolated firewall. Its policy is to drop everything.

Resolution

1. Modify the Isolated firewall to allow required services such as DNS and HTTP to go through.

2. Set the Limited firewall as the default Active firewall. This should be changed back to the Isolated firewall once the test is complete, unless you want to permanently use this setting.