Failed Flare-VM Installation on EC2

jonanathan commented 4 years ago

I have installed chocolatey and git on a fresh Windows Server 2016 and 2019. After cloning the flare-vm git repo, I run the .\install.ps1. The install stalls at "Trying to install vredist2008". It is able to install vcredist2005 successfully.

Looking at the logs of the install, the error just states

`PS C:\Windows\system32\flare-vm> .\install.ps1

[+] No custom profile is provided...

[+] Checking if script is running as administrator..

[+] Getting user credentials ...

Windows PowerShell credential request

Enter your credentials.

Password for user EC2AMAZ-SLQPRD0$: ****

[+] Installing Boxstarter

Boxstarter Module Installer completed

Boxstarter: Microsoft Update is already disabled, no action will be taken.

Chocolatey v0.10.15

Installing the following packages:

disabledefender-winconfig

By installing you accept licenses for the packages.

Progress: Downloading chocolatey-fastanswers.extension 0.0.2... 100%

Progress: Downloading disabledefender-winconfig 0.0.1... 100%

chocolatey-fastanswers.extension v0.0.2 [Approved]

chocolatey-fastanswers.extension package files install completed. Performing other installation steps.

Installed/updated chocolatey-fastanswers extensions.

The install of chocolatey-fastanswers.extension was successful.

Software installed to 'C:\ProgramData\chocolatey\extensions\chocolatey-fastanswers'

disabledefender-winconfig v0.0.1 [Approved]

disabledefender-winconfig package files install completed. Performing other installation steps.

Cannot find path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' because it does not exist.

Windows Defender disabled.

Only an exit code of non-zero will fail the package by default. Set

--failonstderr if you want error messages to also fail a script. See

choco -h for details.

The install of disabledefender-winconfig was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey installed 2/2 packages.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Chocolatey v0.10.15

Updated cacheLocation = C:\Windows\TEMP

Chocolatey v0.10.15

Added fireeye - https://www.myget.org/F/fireeye/api/v2 (Priority 1)

Chocolatey v0.10.15

Upgrading the following packages:

vcredist-all.flare

By upgrading you accept licenses for the packages.

vcredist-all.flare is not installed. Installing...

Progress: Downloading vcredist-all.flare 1.0.0.5... 100%

vcredist-all.flare v1.0.0.5

vcredist-all.flare package files upgrade completed. Performing other installation steps.

Trying to install vcredist2005

Installed vcredist2005

Trying to install vcredist2008

Chocolatey timed out waiting for the command to finish. The timeout

specified (or the default value) was '2700' seconds. Perhaps try a

higher --execution-timeout? See choco -h for details.

vcredist-all.flare may be able to be automatically uninstalled.

The upgrade of vcredist-all.flare was NOT successful.

Error while running 'C:\ProgramData\chocolatey\lib\vcredist-all.flare\tools\chocolateyInstall.ps1'.

See log for details.

Chocolatey upgraded 0/1 packages. 1 packages failed.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

vcredist-all.flare (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\vcredist-all.flare\tools\chocolateyInstall.ps1'.

See log for details.

Chocolatey v0.10.15

Installing the following packages:

powershell

By installing you accept licenses for the packages.

Progress: Downloading PowerShell 5.1.14409.20180811... 100%

PowerShell v5.1.14409.20180811 [Approved]

powershell package files install completed. Performing other installation steps.

Running on: Windows Server 2019 Datacenter, (ServerDatacenter), Windows Kernel: 10.0.17763

WARNING: PowerShell version, 5.1.17763.1007, is already installed.

The install of powershell was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey installed 1/1 packages.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Refreshing environment variables from registry for cmd.exe. Please wait...Finished..

[+] Performing normal installation...

Chocolatey v0.10.15

Upgrading the following packages:

common.fireeye

By upgrading you accept licenses for the packages.

common.fireeye is not installed. Installing...

Progress: Downloading common.fireeye 3.0.0.4... 100%

common.fireeye v3.0.0.4 (forced)

common.fireeye package files upgrade completed. Performing other installation steps.

[+] VM_COMMON_DIR set to C:\ProgramData\FEVM

[+] PSModulePath set to C:\ProgramData\FEVM;C:\ProgramData\Boxstarter;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Mo

dules;C:\Program Files (x86)\AWS Tools\PowerShell\

[+] TOOL_LIST_DIR set to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLARE

[+] TOOL_LIST_SHORTCUT set to C:\Windows\system32\config\systemprofile\Desktop\FLARE.lnk

True

[+] RAW_TOOLS_DIR set to C:\Tools

Environment Vars (like PATH) have changed. Close/reopen your shell to

see the changes (or in powershell/cmd.exe just type refreshenv).

The upgrade of common.fireeye was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey upgraded 1/1 packages.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Boxstarter: Installing package flarevm.installer.flare

Boxstarter Version 2.12.0

Boxstarter: Disabling Automatic Updates from Windows Update

++ Boxstarter starting Calling Chocolatey to install flarevm.installer.flare. This may take several minutes to complete...

Installing the following packages:

flarevm.installer.flare

By installing you accept licenses for the packages.

[NuGet] Attempting to resolve dependency 'common.fireeye '.

Progress: Downloading flarevm.installer.flare 2.3.1... 100%

[NuGet] Installing 'flarevm.installer.flare 2.3.1'.

[NuGet] Successfully installed 'flarevm.installer.flare 2.3.1'.

flarevm.installer.flare v2.3.1 (forced)

flarevm.installer.flare package files install completed. Performing other installation steps.

WARNING: The names of some imported commands from the module 'Boxstarter.Common' include unapproved verbs that might make them less discoverable. To find the

commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

WARNING: The names of some imported commands from the module 'FireEyeVM.Common' include unapproved verbs that might make them less discoverable. To find the c

ommands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

WARNING: Some imported command names contain one or more of the following restricted characters: # , ( ) { } [ ] & - / \ $ ^ ; : " ' < > | ? @ ` * % + = ~

Boxstarter: Setting PowerShell execution context to Unrestricted

Boxstarter: Setting Windows Explorer options...

Boxstarter: Restarting the Windows Explorer process...

Boxstarter: Microsoft Update is already disabled, no action will be taken.

@{BingSearchEnabled=0; PSPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search; PSParentPath=Microsoft.P

owerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion; PSChildName=Search; PSDrive=HKCU; PSProvider=Microsoft.PowerShell.Core\R

egistry}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\GameBar

@{ShowStartupPanel=0; PSPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\GameBar; PSParentPath=Microsoft.PowerShell.Core\Registry

::HKEY_CURRENT_USER\SOFTWARE\Microsoft; PSChildName=GameBar; PSDrive=HKCU; PSProvider=Microsoft.PowerShell.Core\Registry}

GameBar Tips have been disabled.

This functionality is not supported on this operating system.

Initializing chocolatey

Boxstarter starting Calling Chocolatey to install add. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install add. This may take several minutes to complete...

Added flare - https://www.myget.org/F/fireeye/api/v2 (Priority 1)

Boxstarter finished Calling Chocolatey to install add. This may take several minutes to complete... 00:00:00.4475530
Boxstarter finished Calling Chocolatey to install add. This may take several minutes to complete... 00:00:00.4475530
Boxstarter starting Calling Chocolatey to install enable. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install enable. This may take several minutes to complete...

Enabled allowGlobalConfirmation

Boxstarter finished Calling Chocolatey to install enable. This may take several minutes to complete... 00:00:00.3294112
Boxstarter finished Calling Chocolatey to install enable. This may take several minutes to complete... 00:00:00.3294112
Boxstarter starting Calling Chocolatey to install enable. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install enable. This may take several minutes to complete...

Enabled allowEmptyChecksums

Boxstarter finished Calling Chocolatey to install enable. This may take several minutes to complete... 00:00:00.2443368
Boxstarter finished Calling Chocolatey to install enable. This may take several minutes to complete... 00:00:00.2443368

C:\Windows\system32\config\systemprofile\AppData\Local\ChocoCache

Refreshing environment variables from the registry for powershell.exe. Please wait...

Finished

Boxstarter starting Calling Chocolatey to install cmder.fireeye. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install cmder.fireeye. This may take several minutes to complete...

Upgrading the following packages:

cmder.fireeye

By upgrading you accept licenses for the packages.

cmder.fireeye is not installed. Installing...

[NuGet] Attempting to resolve dependency 'common.fireeye '.

Progress: Downloading cmder.fireeye 2019.10.10.0... 100%

[NuGet] Attempting to resolve dependency 'cmder '.

Progress: Downloading Cmder 1.3.14... 100%

[NuGet] Attempting to resolve dependency 'vcredist2010 (≥ 10.0.40219.2)'.

Progress: Downloading vcredist2010 10.0.40219.2... 100%

[NuGet] Installing 'vcredist2010 10.0.40219.2'.

[NuGet] Successfully installed 'vcredist2010 10.0.40219.2'.

vcredist2010 v10.0.40219.2 [Approved]

vcredist2010 package files upgrade completed. Performing other installation steps.

WARNING: Url has SSL/TLS available, switching to HTTPS for download

Downloading vcredist2010

from 'https://download.microsoft.com/download/C/6/D/C6D0FD4E-9E53-4897-9B91-836EBA2AACD3/vcredist_x86.exe'

Downloading vcredist2010

from 'https://download.microsoft.com/download/C/6/D/C6D0FD4E-9E53-4897-9B91-836EBA2AACD3/vcredist_x86.exe'

Progress: 100% - Completed download of C:\Windows\TEMP\vcredist2010\10.0.40219.2\vcredist_x86.exe (4.76 MB).

Download of vcredist_x86.exe (4.76 MB) completed.

Hashes match.

Installing vcredist2010...

vcredist2010 has been installed.

WARNING: Url has SSL/TLS available, switching to HTTPS for download

Downloading vcredist2010_x64

from 'https://download.microsoft.com/download/A/8/0/A80747C3-41BD-45DF-B505-E9710D2744E0/vcredist_x64.exe'

Downloading vcredist2010_x64

from 'https://download.microsoft.com/download/A/8/0/A80747C3-41BD-45DF-B505-E9710D2744E0/vcredist_x64.exe'

Progress: 100% - Completed download of C:\Windows\TEMP\vcredist2010\10.0.40219.2\vcredist_x64.exe (5.41 MB).

Download of vcredist_x64.exe (5.41 MB) completed.

Installing vcredist2010_x64...

vcredist2010_x64 has been installed.

WARNING: Write-ChocolateySuccess is deprecated and will be removed in v2. If you are the maintainer, please remove it from your package file.

The upgrade of vcredist2010 was successful.

Software installed as 'exe', install location is likely default.

[NuGet] Installing 'Cmder 1.3.14'.

[NuGet] Successfully installed 'Cmder 1.3.14'.

Cmder v1.3.14 [Approved]

cmder package files upgrade completed. Performing other installation steps.

Extracting C:\ProgramData\chocolatey\lib\Cmder\tools\cmder.7z to C:\Tools\Cmder...

VERBOSE:

C:\Tools\Cmder

PATH environment variable does not have C:\Tools\Cmder in it. Adding...

Environment Vars (like PATH) have changed. Close/reopen your shell to

see the changes (or in powershell/cmd.exe just type refreshenv).

The upgrade of cmder was successful.

Software installed to 'C:\Tools\Cmder'

[NuGet] Installing 'cmder.fireeye 2019.10.10.0'.

[NuGet] Successfully installed 'cmder.fireeye 2019.10.10.0'.

cmder.fireeye v2019.10.10.0

cmder.fireeye package files upgrade completed. Performing other installation steps.

Could not pin C:\Tools\cmder\cmder.exe to the tasbar

The upgrade of cmder.fireeye was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey upgraded 3/3 packages. 0 packages failed.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Boxstarter finished Calling Chocolatey to install cmder.fireeye. This may take several minutes to complete... 00:00:50.9278658
Boxstarter finished Calling Chocolatey to install cmder.fireeye. This may take several minutes to complete... 00:00:50.9278658
Boxstarter starting Calling Chocolatey to install dotnet4.6.2. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install dotnet4.6.2. This may take several minutes to complete...

Upgrading the following packages:

dotnet4.6.2

By upgrading you accept licenses for the packages.

dotnet4.6.2 is not installed. Installing...

[NuGet] Attempting to resolve dependency 'netfx-4.6.2 (≥ 4.6.2.0)'.

Progress: Downloading netfx-4.6.2 4.6.2.20190930... 100%

[NuGet] Attempting to resolve dependency 'chocolatey-dotnetfx.extension (≥ 1.0.1)'.

Progress: Downloading chocolatey-dotnetfx.extension 1.0.1... 100%

[NuGet] Attempting to resolve dependency 'KB2919355 (≥ 1.0.20160915)'.

Progress: Downloading KB2919355 1.0.20160915... 100%

[NuGet] Attempting to resolve dependency 'KB2919442 (≥ 1.0.20160915)'.

Progress: Downloading KB2919442 1.0.20160915... 100%

Progress: Downloading dotnet4.6.2 4.6.01590.20190822... 100%

[NuGet] Installing 'chocolatey-dotnetfx.extension 1.0.1'.

[NuGet] Successfully installed 'chocolatey-dotnetfx.extension 1.0.1'.

chocolatey-dotnetfx.extension v1.0.1 [Approved]

chocolatey-dotnetfx.extension package files upgrade completed. Performing other installation steps.

Installed/updated chocolatey-dotnetfx extensions.

The upgrade of chocolatey-dotnetfx.extension was successful.

Software installed to 'C:\ProgramData\chocolatey\extensions\chocolatey-dotnetfx'

[NuGet] Installing 'KB2919442 1.0.20160915'.

[NuGet] Successfully installed 'KB2919442 1.0.20160915'.

KB2919442 v1.0.20160915 [Approved]

kb2919442 package files upgrade completed. Performing other installation steps.

Skipping installation because this hotfix only applies to Windows 8.1 and Windows Server 2012 R2.

The upgrade of kb2919442 was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

[NuGet] Installing 'KB2919355 1.0.20160915'.

[NuGet] Successfully installed 'KB2919355 1.0.20160915'.

KB2919355 v1.0.20160915 [Approved]

kb2919355 package files upgrade completed. Performing other installation steps.

Skipping installation because this hotfix only applies to Windows 8.1 and Windows Server 2012 R2.

The upgrade of kb2919355 was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

[NuGet] Installing 'netfx-4.6.2 4.6.2.20190930'.

[NuGet] Successfully installed 'netfx-4.6.2 4.6.2.20190930'.

netfx-4.6.2 v4.6.2.20190930 [Approved]

netfx-4.6.2 package files upgrade completed. Performing other installation steps.

Microsoft .NET Framework 4.6.2 or later is already installed.

The upgrade of netfx-4.6.2 was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

[NuGet] Installing 'dotnet4.6.2 4.6.01590.20190822'.

[NuGet] Successfully installed 'dotnet4.6.2 4.6.01590.20190822'.

dotnet4.6.2 v4.6.01590.20190822 [Approved]

dotnet4.6.2 package files upgrade completed. Performing other installation steps.

The upgrade of dotnet4.6.2 was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey upgraded 5/5 packages. 0 packages failed.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Upgraded:

kb2919355 v1.0.20160915
dotnet4.6.2 v4.6.01590.20190822
chocolatey-dotnetfx.extension v1.0.1
kb2919442 v1.0.20160915
netfx-4.6.2 v4.6.2.20190930
Boxstarter finished Calling Chocolatey to install dotnet4.6.2. This may take several minutes to complete... 00:00:04.5258584
Boxstarter finished Calling Chocolatey to install dotnet4.6.2. This may take several minutes to complete... 00:00:04.5258584
Boxstarter starting Calling Chocolatey to install dotnet4.7.2. This may take several minutes to complete...
Boxstarter starting Calling Chocolatey to install dotnet4.7.2. This may take several minutes to complete...

Upgrading the following packages:

dotnet4.7.2

By upgrading you accept licenses for the packages.

dotnet4.7.2 is not installed. Installing...

[NuGet] Attempting to resolve dependency 'dotnetfx (≥ 4.7.2.20180712)'.

Progress: Downloading dotnetfx 4.8.0.20190930... 100%

[NuGet] Attempting to resolve dependency 'chocolatey-dotnetfx.extension (≥ 1.0.1)'.

[NuGet] Attempting to resolve dependency 'KB2919355 (≥ 1.0.20160915)'.

[NuGet] Attempting to resolve dependency 'KB2919442 (≥ 1.0.20160915)'.

Progress: Downloading dotnet4.7.2 4.7.2.20180712... 100%

[NuGet] Installing 'dotnetfx 4.8.0.20190930'.

[NuGet] Successfully installed 'dotnetfx 4.8.0.20190930'.

dotnetfx v4.8.0.20190930 [Approved]

dotnetfx package files upgrade completed. Performing other installation steps.

Downloading dotnetfx 64 bit

from 'https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0fd66638cde16859462a6243a4629a50/ndp48-x86-x64-allos-enu.

exe'

Downloading dotnetfx 64 bit

from 'https://download.visualstudio.microsoft.com/download/pr/014120d7-d689-4305-befd-3cb711108212/0fd66638cde16859462a6243a4629a50/ndp48-x86-x64-allos-enu.

exe'

Progress: 100% - Completed download of C:\Windows\TEMP\dotnetfx\4.8.0.20190930\ndp48-x86-x64-allos-enu.exe (111.94 MB).

Download of ndp48-x86-x64-allos-enu.exe (111.94 MB) completed.

Hashes match.

Installing dotnetfx...

WARNING: Microsoft .NET Framework 4.8 has been installed, but a reboot is required to finalize the installation. Until the computer is rebooted, dependent pac

kages may fail to install or function properly.

The upgrade of dotnetfx was successful.

Software installed as 'exe', install location is likely default.

[NuGet] Installing 'dotnet4.7.2 4.7.2.20180712'.

[NuGet] Successfully installed 'dotnet4.7.2 4.7.2.20180712'.

dotnet4.7.2 v4.7.2.20180712 [Approved]

dotnet4.7.2 package files upgrade completed. Performing other installation steps.

The upgrade of dotnet4.7.2 was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey upgraded 2/2 packages. 0 packages failed.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Packages requiring reboot:

dotnetfx (exit code 3010)

The recent package changes indicate a reboot is necessary.

Please reboot at your earliest convenience.

Enjoy using Chocolatey? Explore more amazing features to take your

experience to the next level at

https://chocolatey.org/compare

Chocolatey reported an unsuccessful exit code of 3010. See C:\ProgramData\Boxstarter\boxstarter.log for details.

Boxstarter finished Calling Chocolatey to install dotnet4.7.2. This may take several minutes to complete... 00:02:53.4073363
Boxstarter finished Calling Chocolatey to install dotnet4.7.2. This may take several minutes to complete... 00:02:53.4073363

Boxstarter: writing restart file

Only an exit code of non-zero will fail the package by default. Set

--failonstderr if you want error messages to also fail a script. See

choco -h for details.

Environment Vars (like PATH) have changed. Close/reopen your shell to

see the changes (or in powershell/cmd.exe just type refreshenv).

The install of flarevm.installer.flare was successful.

Software install location not explicitly set, could be in package or

default install location if installer.

Chocolatey installed 1/1 packages. 0 packages failed.

See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Boxstarter: found C:\ProgramData\Boxstarter\Boxstarter.4864.restart we are restarting

Chocolatey : Chocolatey reported an unsuccessful exit code of 3010. See C:\ProgramData\Boxstarter\boxstarter.log for details.

At C:\ProgramData\boxstarter\boxstarter.chocolatey\Invoke-ChocolateyBoxstarter.ps1:199 char:5

Chocolatey install $bootstrapPackage -source $source -force:$forc ...



+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException 

+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,chocolatey

++ Boxstarter finished Calling Chocolatey to install flarevm.installer.flare. This may take several minutes to complete... 00:04:16.5768783

Boxstarter: writing restart file

Boxstarter: Restore Automatic Updates from Windows Update

Boxstarter: UAC Enabled. Disabling...

Boxstarter: Disabling UAC

Boxstarter: Securely Storing EC2AMAZ-SLQPRD0\ssm-user credentials for automatic logon

Boxstarter: Logon Set

Boxstarter: Restart Required. Restarting now...

Errors : {Chocolatey reported an unsuccessful exit code of 3010. See C:\ProgramData\Boxstarter\boxstarter.log for details.}

ComputerName : localhost

Completed : True

FinishTime : 2/20/2020 4:32:00 AM

StartTime : 2/20/2020 4:27:42 AM `

htnhan commented 4 years ago

@jonanathan Look like the initial install went alright. Did your instance reboot? Does script continue to run after reboot?

jonanathan commented 4 years ago

@htnhan I am trying to automate the creation of Flare-VM AMI using packer but cannot even get this to manually install on the EC2 instance. The issue seems I have to re-run the ./install.ps1 over and over again to get the full package list listed in the profile.json. The script also does not continue after reboot. How many times does it need to reboot to fully install?

MalwareMechanic commented 4 years ago

@jonanathan The script uses BoxStarter to handle install after reboots, so it should continue where it left off. Overall, the VM will likely reboot multiple times (probably 5+ easily) due to various packages requiring reboot.

jonanathan commented 4 years ago

@MalwareMechanic the issue is that for EC2 instances, it does reboot but does not continue installing packages/rebooting. It reboots then stops. I have to manually kick off the ./install.ps1 again. Is that expected?

MalwareMechanic commented 4 years ago

@jonanathan Nope that's odd. BoxStarter should auto-logon and continue. We've never tested an install with EC2 or with Windows Server 2016 and 2019. When was the last time you attempted an install?

jonanathan commented 4 years ago

I've tried probably ~10 times. The most recent being yesterday. I had to re-run the install 5 times manually so it would install all the packages. Is Flare-vm not meant for cloud and/or Windows Server 2016/2019?

MalwareMechanic commented 4 years ago

@jonanathan Its typical use case is for local VMs, but there's nothing preventing it from being installed on VMs in the cloud. However, we've never tested your use case. I wonder if this has something to do with BoxStarter since it seems to be failing the script continuation after reboot.

htnhan commented 4 years ago

@jonanathan if you're using a provision script (like with Packer or similar tools) to install FlareVM, I would recommend a few things:

Make sure your VM is fully updated to get the latest version of .NET and PowerShell
Install BoxStarter manually following their online documentation at https://boxstarter.org/InstallBoxstarter
Take a quick look through the list of packages from flarevm.installer.fireeye/tools/packages.json to see which packages may require a reboot. After installing each of these packages, you need to issue a "window-restart" action.

You can also try to disable reboot feature altogether by adding the following option to Install-BoxStaterpackage: -DisableReboots. For example, line #342 of install.ps1 should read:

Install-BoxStarterPackage -PackageName flarevm.installer.flare -DisableReboots

Please note that this option may cause some packages to fail to install. I have not fully tested this option yet.

htnhan commented 4 years ago

@jonanathan The latest PR allow you to pass a -norestart switch to the install script. Please give it a try and let us know if this is sill an issue.

vm-packages commented 1 year ago

Thank you for your feedback! We've been working on major updates to FLARE VM over the last year. The now revamped FLARE VM has just been released and will make the project more open and maintainable. Please check out our blog post at https://www.mandiant.com/resources/blog/flarevm-open-to-public and give the new installation a try.

If this problem still persists with the new installation, please report:

new tools or tool-related issues at https://github.com/mandiant/VM-Packages/issues
ideas and issues related to the installer script and configuration at https://github.com/mandiant/flare-vm/issues

Please note that we use this message to close all legacy issues in this repository. We look forward to your feedback and support for the next generation of FLARE VM.

mandiant / flare-vm

Failed Flare-VM Installation on EC2 #275