search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.38k stars 900 forks source link

Flare-vm tools not installing #248

Closed darraghmerrick closed 4 years ago

darraghmerrick commented 4 years ago

Hi, I've followed the instructions, used a fresh 32bit Windows 7 SP1, ran install.ps1 in an admin powershell, disabled windows defencer and updates services, and set-execution-policy unrestricted. the installation completes, installs all the .net and visual Basic versions and chocolatey, but I am just left with an empty folder in the Flare shortcut on the desktop. I've tried everything I can think of. Is there any reason why this could be happening? None of the programs installed. I tried type cup all, but none are installed or updated. Thanks

wkard commented 4 years ago

I have the same problem on win10, I'll let you know if I can find a solution.

darraghmerrick commented 4 years ago

Thanks wkard, I have tried 32bit, 64bit, tried an older version from the fireEye website, which launches a install.bat and it installed a sysinternals and wireshark, but no debuggers.

htnhan commented 4 years ago

Folks, you catch us right between releases. There is a new branch to modify and improve the installer. It's under review. If you would like, please give this new installer a shot: https://github.com/fireeye/flare-vm/tree/v2.3.1. Otherwise, we will get the code merged within a few days.

@wkard Installing FLARE VM on windows 10 has always been experimental. Please remember to disable windows defender and anti tampering before installing. Also, a known issue is recently, Microsoft blocks the ability to automatically PIN things on the task bar. The task bar will look empty after FLARE VM install, but all the tools should be there in the FLARE shortcuts. You have to manually PIN them as you see fit.

wkard commented 4 years ago

@htnhan to the rescue.

Thanks a lot for the prompt response! Noted all the instructions, now back to experimenting.

darraghmerrick commented 4 years ago

Thanks @htnhan, it all seems to be installing now nicely

wkard commented 4 years ago

@darraghmerrick Success? I'm still struggling, even with the new version.

I even downgraded to Wn7 VM and and the install still doesn't finish properly.

darraghmerrick commented 4 years ago

Hey at @wkard. Exactly what I did.

  1. Grabbed an IE10 on Win7(x86) VM from here; https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

  2. Unzipped and opened the OVF into VMWorkstation Pro 15, but I don't think the hypervisor has any bearing on it.

  3. Downloaded https://github.com/fireeye/flare-vm/tree/v2.3.1 as provided by @htnhan

  4. Opened services.msc and disabled Windows defender and Windows Updater

  5. Open an administrator powershell, navigated to the unzipped downloaded flare-vm directory type commands; Set-ExecutionPolicy Unrestricted .\install.ps1

  6. The 1st time I ran it, only some things installed. I ran it the 2nd time and everything installed. Flare

wkard commented 4 years ago

Pushing it through couple more times did the trick. Thank you again.

darraghmerrick commented 4 years ago

Good stuff @wkard, happy malware analysis. I'm going to go ahead and close this now. Thanks @htnhan

yngineer commented 3 years ago

It worked after I'd tried couple of times. Thank you

GodLikeJonny commented 2 years ago

i am trying to install this over and over and i cant make it work. the flare folder is always empty. i was unable to stop the Windows Defender services is this the reason? i disables the real time protection on everything. when i run the script the only error i get is: Stop-Service : Service 'Windows Defender Antivirus Service (WinDefend)' cannot be stopped due to the following error: Cannot open WinDefend service on computer '.'. At C:\Users\IEUser\Downloads\flare-vm-master\flare-vm-master\install.ps1:316 char:27

Set-ItemProperty : Attempted to perform an unauthorized operation. At C:\Users\IEUser\Downloads\flare-vm-master\flare-vm-master\install.ps1:317 char:3