Views:

Procedure

  1. Open a Command Prompt window (cmd.exe) using an account with administrator privileges.
  2. Perform the following tasks:
    Task
    Steps
    Enable the Administrator account
    Type net user “Administrator” /active:yes.
    Set the logon password for the Administrator account to 1111
    Type net user "Administrator" 1111.
    Configure automatic logon from the administrator account
    Note
    Note
    Each time the image starts, the logon prompt is bypassed and the Administrator account is automatically used to log on to the system.
    1. Type the following commands:
      • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d Administrator /f
      • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d 1111 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
        Note
        Note
        In Windows Server 2008/2008 R2, Windows Server 2012/2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022, launch the Local Security Policy snap-in (secpol.msc) to disable the Password must meet complexity requirements Local Security Setting.
        local-sec-policy-win.png
        Disable Password must meet complexity requirements
      • Restart the image.
        No logon prompt is displayed and the Administrator account is automatically used to log on.
        adminacct-verify-win.jpg
        Windows 7 Administrator Account
    View all user accounts
    Type net user.
    Delete non-built-in user accounts one at a time
    Type net user “<username>” /delete.
    Example: net user “test” /delete
    View all network adapters with an active link
    Type wmic nic where "netconnectionstatus=2" get netconnectionid /value.
    Example output: NetConnctionID=Local Area Connection
    Verify the DHCP status of all installed network adapters
    Type netsh interface ip show config.
    The configuration of all installed network adapters displays. Verify that the value for DHCP enabled: is Yes.
    Configure a network adapter to use DHCP
    Type netsh interface ip set address name="<network adapter>" dhcp.
    Example: netsh interface ip set address name="Local Area Connection" dhcp
    Disable Windows Firewall
    Type netsh advfirewall set allprofiles state off.
    Note
    Note
    Windows Firewall slows down the installation of Virtual Analyzer Sensors.
    (Optional) Install Adobe Flash in Windows Server 2016 and Windows Server 2019
    For Windows Server 2016: Type C:\> dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum
    For Windows Server 2019: Type C:\> dism /online /add-package /packagepath:"C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17763.1.mum"
  3. Perform the following tasks using the Windows graphical user interface:
    Task
    Steps
    Configure AutoPlay
    1. Open the Windows Start menu, type Control Panel into the search box and press ENTER.
    2. In the Control Panel, go to Hardware and SoundAutoPlay.
      autoplay.png
      AutoPlay
    3. For Software and games, select Install or run program from your media.
    4. Click Save.
    Configure default web browser on Windows 10/11
    The Virtual Analyzer supports both Microsoft Edge (Chromium) and Internet Explorer. One of these browsers must be manually set as the default web browser in Windows 10/11 before running the Virtual Analyzer. To configure the default web browser, perform the following:
    Note
    Note
    The Virtual Analyzer does not support Microsoft Edge Legacy. You can quickly check which version of Microsoft Edge is installed by comparing the icon:
    • Microsoft Edge (Chromium): microsoft-edge-chrom.png
    • Microsoft Edge Legacy: microsoft-edge-legac.png
    1. Open the Windows Start menu, type Default apps and press ENTER.
    2. Under Web browser, select the current web browser.
      win10-default-browse.png
      Default apps
    3. In the Choose an app context menu, select Internet Explorer or Microsoft Edge.
    4. If the Before you switch dialog appears, select Switch anyway.
    (Optional) Change the display resolution
    Trend Micro recommends settings the screen resolution to at least 1152 x 864 to avoid triggering the anti-virtual machine functions of some malware.
    1. Open the Windows Start menu, type Display settings and press ENTER.
    2. Under Resolution, select 1152 x 864 or any higher resolution.
    3. In the prompt that appears, click Keep changes.
  4. For Windows 11 21H2 and 23H2, perform the following tasks using the Windows graphical user interface:
    Task
    Steps
    Disable Tamper Protection
    Important
    Important
    Tamper Protection must be disabled to ensure normal operation and performance of Virtual Analyzer.
    1. Open the Windows Start menu, type Windows Security into the search box and press ENTER.
    2. In Windows Security, go to Virus & threat protection.
      fig2-20-winsecurity.png
      Windows Security
    3. Under Virus & threat protection, click Manage settings.
      fig2-21-winthreat.png
      Virus & Threat Protection
    4. Turn Tamper Protection off.
      fig2-22-wintamper.png
      Tamper Protection
    (Optional) Disable Windows Defender Antivirus
    1. Open the Windows Start menu, type msconfig into the search box and press ENTER.
    2. In the System Configuration window, go to the Boot tab.
    3. Under Boot options, enable Safe boot and select Minimal.
      fig2-23-winsysconfig.png
      System Configuration - Boot
    4. Click OK.
      Windows 11 prompts to restart now. Click Restart.
    5. After the Windows 11 virtual machine restarts, run Command Prompt (cmd.exe) with administrator privileges and run the following commands.
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense" /v Start /t REG_DWORD /d 4 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot" /v Start /t REG_DWORD /d 4 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter" /v Start /t REG_DWORD /d 4 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv" /v Start /t REG_DWORD /d 4 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc" /v Start /t REG_DWORD /d 4 /f
      • REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v Start /t REG_DWORD /d 4 /f
    6. Open the Windows Start menu, type msconfig into the search box and press ENTER.
    7. In the System Configuration window, go to the Boot tab.
    8. Under Boot options, disable Safe boot and click OK.
      Windows 11 prompts to restart now. Click Restart.
    9. After the Windows 11 virtual machine restarts, open the Windows Start menu, type Task Scheduler into the search box and press ENTER.
    10. In the Task Scheduler window, go to MicrosoftWindowsWindows Defender.
    11. Disable all Windows Defender tasks.
      fig2-24-wintaskschdl.png
      Task Scheduler
    (Optional) Disable startup applications
    1. Open the Windows Start menu, type Task Manager and press ENTER.
    2. In Task Manager, go to the Startup tab.
    3. Disable the following applications. To disable, right-click the name of the application and select Disable.
      • Cortana
      • Java Update Scheduler
      • Microsoft Edge
      • Windows Security notification icon
      • Windows Terminal
      fig2-25-wintaskmgr.png
      Task Manager
  5. Restart the virtual machine.