I am trying to set up a stand alone lab with no network connectivity whatsoever. What I am asking is, is it possible to have fully functioning and activated VMs after uploading as long as I have activated Windows 7/2008R2 prior to SFTPing them to the ATD? The environments I work in do not have internet connectivity and we need to do dynamic analysis.
What does the Validate and Activate buttons do after uploading via SFTP?
from my Point of Information this is not possible. After uploading the VM to ATD there are many changes done on your VM und must be activated again. The changes are needed for ATDs hypervisor. Also additional Software and Drivers are installed. If you have no Internet Access for ATD you have two restrictions.
- VMs must be activated by telephone.
- When executing malware there is often Content downloaded from Internet. If this is not possible malware might be not detected.
Validate: This checks the VMs configuration like the autologin and some more stuff. Is checks the Settings you have to do described in the ATDs Manual.
Activate: After activation the VMs is started and you can to a remote session to the VM to do some configuration stuff.
Hope this helps,
Thank you for the quick response Troja, My work around would be to put the ATD on a network connection to activate the VMs and take it back to the lab. My next question would be after I have taken the ATD back to my lab with the activated VMs and now no internet connection, would the VMs need a constant connection back to the internet for maintaining Windows Activation or would I be fine with configuring those VMs to activate via a local KMS? Im not to savvy with the whole Windows Licensing/Activation yet. Thank you for all your help!
once the VM is activated, there should be no Internet connection be necessary any more. KMS is no option, because a) your VM has no Access to your internal Network and b) a Connection must not be available for a System where malware is executed. 🙂
In my envirionment it was not necessary to activate a VM again.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center