Configuring custom environment

Expand all | Collapse all

After you create a template with default parameters, you need to configure a custom execution environment.

You can create templates only for the following operating systems: Windows XP SP3 (or later), Windows 7, Windows 8.1 x64, or Windows 10 x64 (not higher than 1909 version). Other operating systems are not supported at the moment.

To create a custom environment, access to the internet from the custom environment instance is required. This is needed to generate logging instructions for Windows functions.

During the configuration of a custom environment, access to the internet is provided through a malware channel in case it is configured for the environment.

To configure custom execution environment:

1. On the Templates & Storage page of Kaspersky Research Sandbox, select the Templates tab.
2. Click the name of the template that you want to configure a custom execution environment for.

   The Virtual Network Computing desktop (viewer) opens.

   If you close the VNC desktop or navigate to another Kaspersky Research Sandbox page during the template configuration, its state remains Running. Later, you can reopen the VNC desktop by clicking the template name and continue the template configuration.

   During the template configuration, perform the following actions, if necessary:

   • Press button in the VNC desktop to send the Ctrl+Alt+Del command to the virtual machine. If you press the combination of Ctrl+Alt+Del keys on your keyboard, the lock screen appears on your computer, but not on the virtual machine.
   • Press button in the VNC desktop to send the Escape command to the virtual machine.
   • Press button in the VNC desktop to maximize the VNC desktop to the full screen, or minimize it.
   • Hold and move the button in the VNC desktop to change the pane location.
   • Click the button to turn on the virtual machine.
   • Click the Shut down button to shut the virtual machine down (recommended).

     If an operating system is not installed on the virtual machine, it is recommended to click the Turn off button instead of Shut down. If you click Shut down, the command processing may be delayed. Please wait for the process to time out and then click Turn off.

3. Click the Turn off button to turn the virtual machine off.

   If you use the Turn off button to turn the virtual machine off, virtual machine recovery may be required. Using the Shut down button is recommended.

   • Mount the storage media.
   • Unmount the storage media.
   • Edit the template title and description.

   The template cannot be exported or deleted during the configuration process. The corresponding links are not available in the web interface.

4. Install and configure the operating systems on the virtual machine.

   Supported operating systems and limitations

   The following operating systems are supported:

   • Windows 7

     For using Windows 7 as the custom execution environment, the SHA2 hash support is required. If your operating system does not support SHA2, the image deployment will be interrupted.

     To support SHA2, the Security Update for Windows 7 for x64-based Systems (KB3033929) must be installed. For Windows 7 x32 operating systems, the Security Update for Windows 7 (KB3033929) must be installed.

     Also, do not install the KB4474419 update. This update causes problems during the deployment.

   • Windows 8.1 x64
   • Windows 10 x64 (not higher than 1909 version)

   You must activate the operating system and other software you install by using your own keys or activation codes. You acknowledge that You are responsible for obtaining and complying with any licenses necessary to operate any such third-party operating systems and application programs. For the avoidance of doubt, this clause does not apply to execution environments and application programs provided by the Kaspersky together with Kaspersky Research Sandbox.

   Errors that may occur when activating Microsoft Windows

   When you activate Microsoft Windows operating system, the following errors may occur:

   0x80072EFD: A connection with the server could not be established.

   • Check channel settings, access to Internet and Microsoft servers.
   • Check proxy settings in the virtual machine, and try disabling automatic proxy detection.
   • Check whether the operating system's firewall and/or anti-virus software are blocking the connection. If necessary, disable the firewall or anti-virus software.

   0x80072F8F: A security error occurred (TLS).

   • Manually update the root certificates and CTL.
   • Check if the time and date are correct.

   If the above steps did not help, activate Microsoft Windows by phone.

5. Install and configure the required software on the virtual machine.

   If you install software that may limit access to the internet, issues may arise when the template is imported to Kaspersky Research Sandbox.

   Software that is not allowed to be installed on the virtual machine

   • Software that injects its code into another running process.
   • Drivers for protection.
   • Anti-virus (including Windows Defender) and other protection software.
6. If you install Microsoft Office (not higher than 2016 version is supported) on the virtual machine, it is recommended that you configure its settings to improve malware detection.

   Recommended Microsoft Office settings

   Microsoft Office configuration

   Settings	Recommended value	Comments
   Activation	Activation over the Internet.	You can specify this option on the first start of any Microsoft Office application on the virtual machine. You must activate the software by using your own keys or activation codes. You acknowledge that You are responsible for obtaining and complying with any licenses necessary to operate any such third-party operating systems and application programs. For the avoidance of doubt, this clause does not apply to execution environments and application programs provided by the Kaspersky together with Kaspersky Research Sandbox.
   Microsoft Update	Disabled.	You can specify this option on the first start of any Microsoft Office application on the virtual machine.
   Microsoft Trust Center	ActiveX® settings: Enabled usage of all ActiveX controls without limitations and authorization prompts. Disabled Safe mode. Enabled macros in all Microsoft Office applications. Disabled verification of documents received from dangerous sites or referring to such sites. Enabled options for Microsoft Excel: Enable all Data Connections. Enable automatic updates for all Workbook Links.	–
   Microsoft Outlook	Disabled RSS feeds synchronization with Common Feed List.	–
   Macro Security	No security check for macros (not recommended).	–
   Microsoft Trusted Center for Programmatic Access (for Microsoft Office 2007 and higher)	Never warn me about suspicious activity (not recommended)	–
   Automatic acceptance of the End User License Agreement (for Microsoft Office 2016 and higher)	Enabled. Add parameter AcceptAllEulas (REG_DWORD) = 1 in the registry key: HKCU\Software\Microsoft\Office\16.0\Registration	–
   Opening documents in the Protected View mode (for Microsoft Office 2010 and higher)	Disabled. Add a path c:\ with subfolders (Word, Excel, PowerPoint, Access®) to Trusted locations.	–
   Additional parameters	Add the following parameters of the REG_DWORD type with value 1 to the Registry Editor: ExcelBypassEncryptedMacroScan to the key HKEY_CURRENT_USER\Software\Microsoft\Office\<office_version>\Excel\Security WordBypassEncryptedMacroScan to the key HKEY_CURRENT_USER\Software\Microsoft\Office\<office_version>\Word\Security PowerPointBypassEncryptedMacroScan to the key HKEY_CURRENT_USER\Software\Microsoft\Office\<office_version>\PowerPoint\Security AccessBypassEncryptedMacroScan to the key HKEY_CURRENT_USER\Software\Microsoft\Office\<office_version>\Access\Security PublisherBypassEncryptedMacroScan to the key HKEY_CURRENT_USER\Software\Microsoft\Office\<office_version>\Publisher\Security	In case the macros are password-protected, the operating system blocks execution of such macros if no installed and running anti-virus software is detected.

7. For the correct functioning of a custom environment, perform the required actions (local administrator privileges are required on a virtual machine):
   • Turn off the Fast Boot function for Microsoft Windows 10

     To turn off the Fast Boot function:

     1. Right-click the Start button, select Run, type powercfg.cpl, and click OK.

        The Power Options window opens.

     2. In the panel on the left, select the Choose what the power button does option.
     3. Click the Change settings that are currently unavailable link.

        The parameters in the Shutdown settings section become available for changes.

     4. Clear the Turn on fast startup (recommended) check box.
     5. Click the Save changes button.

     The GUI option is not available in some versions of Windows 10, so please use the alternative way to turn off the Fast Boot function via Registry.

     To turn off the Fast Boot function via Registry:

     1. Right-click the Start button, select Run, type regedit, and click OK.

        The Registry Editor window opens.

     2. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power\.
     3. Open the HiberbootEnabled parameter and specify 0, and click OK.
   • Turn on an automatic login to the operating system by running the netplwiz command

     To turn on an automatic login to the operating system:

     1. Open the User Accounts window:
        • If you use Microsoft Windows 10, right-click the Start button, select Run, type netplwiz, and click OK.
        • If you use Microsoft Windows 7, click the Start button, in the search field, type netplwiz, and click Enter.
        • If you use Microsoft XP Home Edition or Windows XP Professional, click the Start button, select Run, type control userpasswords2, and click OK.
     2. Clear the Users must enter a user name and password to use this computer option and click OK.

        In Microsoft Windows 7 or 10 operating systems, the Automatically sign in window opens.

        In Microsoft XP Home Edition or Windows XP Professional operating systems, the Automatically Log on window opens.

     3. Enter your user name and the password twice, and click OK.
     4. Restart the virtual machine.

     Alternatively, you can also turn an automatic login on via Registry, if a virtual machine belongs to a domain

     To turn on an automatic login via Registry:

     1. Add a virtual machine to the required domain.
     2. Right-click the Start button, select Run, type regedit, and click OK.

        The Registry Editor window opens.

     3. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
     4. Open or create the DefaultUserName parameter and specify the user name.
     5. Open or create the DefaultPassword parameter and specify the user password.
     6. Open or create the AutoAdminLogon parameter and specify 1.
     7. Open or create the DefaultDomainName parameter and specify the domain name.
     8. Restart the virtual machine.
   • Disable the operating system firewall on a virtual machine.
8. Make sure you do not change the default shell. This can make it impossible to run files on virtual machine.
9. It is strongly recommended that you perform the following actions:
   • Activate the operating system and other licensed software by using your key or activation codes.
   • Turn off the automatic updates for all installed software.

After you finish configuring the custom environment, you can deploy it and use it for file execution.

Page top