Step-by-Step Guide To Install Flare-VM

Malware attacks are increasing daily and we need more people to tackle it, alongside we need to spread awareness among the non-technical customers, so that they can protect themselves from ransomware. Malware Analysis is one of the most demanding skill these days which needs knowledge of multiple tools and techniques.

Flare-VM is a freely available and open-sourced Windows-based security distribution for malware analysis. You can install it on Windows 11 using the script available here. Let's see how we can install the Flare-VM with screenshots

1) Start a Virtual Machine with atleast 100 GB of space though the minimum requirement is 60 GB. It's better to use a Machine with 4 GB and 2 cores rest you can increase the resources as per your host machine.

2) Take a snapshot of this fresh installation, to revert whenever required. Then we need to disable the Windows Defender & Tamper Protection as this is our Malware Analysis system. Go to the Virus & threat protection settings and turn off

3) Also disable the Tamper Protection

4) Also go to Group Policy Editor ( Run >> gpedit.msc) to turn off the same along with Windows Update. The path will be Computer Configuration >> Administrative Templates >> Windows Components >> Microsoft Defender Antivirus >> Enable the policy as shown below

PS: For newer versions it will revert the policy change, hence you can keep this Window open to re-enable it during the installation. It also shows a link to StackOverflow on the CMD, but the solution to suspend MsMpEng.exe doesn't work anymore. Most of the tools shouldn't give any issues while installing but as we will be analyzing malware on this system so the defender needs to be disabled.

5) Now go to firewall setttings ( Run >> firewall.cpl) and turn off the same as shown below

6) Disable the same from group policy as well. Computer Configuration >> Administrative Templates >> Network >> Network Connections >>Windows Defender Firewall >> Domain Profile (Do the same for Standard Profile as well )>> Disable the Protect all network connections as shown below

7) Now disable the Automatic updates. Go to Computer Configuration >> Administrative Templates >> Windows Components >> Windows Update >> Manage end user experience >> Disable the Configure Automatic Updates Policy

8) Now all necessary configurations are done and you can take another Snapshot before running the Flare-VM script. Open a powershell with admin rights and make sure to use an account without any spaces else it halts the installation. Download the following script as shown below:

• (New-Object net.webclient).DownloadFile('https://raw.githubusercontent.com/mandiant/flare-vm/main/install.ps1',"$([Environment]::GetFolderPath("Desktop"))\install.ps1")

9) It will be downloaded to the Desktop.

10) Unblock the script 

11) Run the script and you might get an error if running scripts is disabled

 

12) Set the execution policy to run scripts

13) Now run the script again

14) It will ask for the admin's password and then will start Boxstarter installation followed by Chocolatey.

15) You will see a Windows to select the tools, incase you want to add/remove any.

16) It will restart couple of times to complete the installation

17) It will install the selected softwares

18) Then you will see a Tools Folder on the Desktop as shown below

19 ) Post installation, the folder will have all selected tools under different categories

20) After the last reboot, you will see the FlareVM's login screen. It will take around 1 hour or more to complete the installation once you run the script based on internet connectivity and resources.

It is recommended to use a separate network and machine for Malware Analysis but incase you don't have the resources available then can setup a Private Network as explained here for VirtualBox & here for VMware to start your Journey.