Hello,
Has anyone had updated 64-bit W10 Pro host crash a VB VM due to Trojan:O97M/Obfuse.K (https://www.microsoft.com/en-us/wdsi/th ... 2147729872)? I had to tell my 64-bit W10 to allow it and manually revert my VM back to the previous snapshot to redo what I was doing (getting today's monthly updates for W11 Home guest). It quarantined my D:\VirtualBoxVMs\64bit W11 Home\Snapshots\{476f17d6-14c5-48f1-964b-b93e56b8a245}.vdi file. I restored it, but it was 0 byte. Weird/Odd.
Thank you for reading and hopefully answering soon.
Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
I haven't heard of that specific situation. But if host AV snatches a file out from under a running VM, the VM is not going to like it.
Host AV should stay out of the VMs' folders, and the VM OS's should run their own AV. Exceptions can be set on host AV to achieve this.
Host AV should stay out of the VMs' folders, and the VM OS's should run their own AV. Exceptions can be set on host AV to achieve this.
-
- Posts: 339
- Joined: 9. Jul 2007, 20:02
- Primary OS: MS Windows other
- VBox Version: OSE other
- Guest OSses: Windows and macOSes
- Location: An Ant Farm
- Contact:
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
I wonder how often this happens. I assume it is a false positive.scottgus1 wrote:I haven't heard of that specific situation. But if host AV snatches a file out from under a running VM, the VM is not going to like it.
Host AV should stay out of the VMs' folders, and the VM OS's should run their own AV. Exceptions can be set on host AV to achieve this.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
You're the second user reporting such a type of issue. A similar issue was reported in .vdi file disappeared and is gone.ant wrote:I wonder how often this happens.
-
- Posts: 339
- Joined: 9. Jul 2007, 20:02
- Primary OS: MS Windows other
- VBox Version: OSE other
- Guest OSses: Windows and macOSes
- Location: An Ant Farm
- Contact:
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
Wow. Thanks.fth0 wrote:You're the second user reporting such a type of issue. A similar issue was reported in .vdi file disappeared and is gone.ant wrote:I wonder how often this happens.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
The VM's disk file is a file on the host. And if the VM gets a virus, real or false positive, and the host AV catches it, the host AV will pull the file and kill the VM. Typical AV behavior, no surprises.
Gotta keep the host AV from scanning the VMs.
Gotta keep the host AV from scanning the VMs.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Trojan:O97M/Obfuse.K while running W11 Home guest's WU.
I wonder if Defender hasn't quietly added code to parse the interior of VDI files? Dumb scanning of files of that size seems especially... dumb. And counter-productive too: VMs are supposed to be isolated black boxes.