Is it possible to exclude a VM from protection?
For work I routinely use a VM for malware analysis and phishing investigations. BitDefender did its job today by blocking a website that was trying to transmit credentials unencrypted. However, using fake credentials, I wanted that to happen so that I could see the destination URL in my phishing research. I was able to exclude that notification which allowed it to run, but that would also leave my host operating system unprotected for that particular website. Is it possible to exclude my VM from any of the protections offered by bitdefender running on my home desktop? I always launch the VM from a clean good snapshot prior to any investigation, and then revert to that snapshot when I'm finished. So, I am not really worried about anything that may end up infecting that VM.
As a follow-up question, in order to complete my investigation I had to exclude the alert that was blocking the traffic on my VM. Is it possible to remove that exclusion so that my host computer is not susceptible to that same URL?
Answers
-
Hello @Seeker6,
As far as I know, the VM cannot be excluded from the antivirus protection. In regards to the follow up question, there is a delete button for exclusions, but I'm not sure I understand the context.
Regards
Premium Security & Bitdefender Endpoint Security Tools user
2 -
Not to go and completely necro this thread but for anyone that stumbles onto this and is wondering the same thing, adding the VM's IP Address(es) to BitDefender's list of exceptions for online threat detection so far has resolved BitDefender blocking any actions, or sites that it did before excluding the VM.
I can't say there may not be potential risks with adding an exception to all VM traffic but, it does appear to at least resolve the issue of constantly having sites and/or actions for testing and analysis blocked by BitDefender.
2 -
Good to know @FrostyAnon, thanks for sharing. 👍️
Premium Security & Bitdefender Endpoint Security Tools user
0
