Microsoft IE/Edge Testing VM Images No Longer Offered

[oktaneblu]

See: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

[HuskyHacks]

As an alternative to the IE testing VMs, the Windows 10 Evaluation ISOs are available at the official Microsoft Evaluation Center. I can't give the official recommendation to install FLARE-VM on them, but I will say that the Windows 10 eval ISO and the Windows Server 2019 ISOs both seem to handle the FLARE-VM install well.

[MalwareMechanic]

@oktaneblu Good catch!

Quick search results found some possible alternatives:

1. Developer VM (currently at Win11)
   1. Link: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
   2. Pro:
      1. Pre-built VM suited for many virtualization systems
   3. Con:
      1. Untested (Win11)
      2. Large file size (20 GB)
      3. Potentially unwanted tools pre-installed
      4. Need to find stable methods to disable defender and updates
2. Evaluation Enterprise Win10 ISO
   1. Link:
      1. https://www.microsoft.com/en-us/evalcenter/download-windows-10-enter
   2. Pro:
      1. Allows GPO
   3. Con:
      1. Geared towards businesses for an evaluation copy (90-days)
      2. May require registration under a company name
3. Raw Windows 10 ISO
   1. Link: https://www.microsoft.com/en-us/software-download/windows10ISO
   2. Pro:
      1. ISO installation across many virtualization systems
   3. Con:
      1. May require activation at some point
      2. Unsure if GPO is available

If anyone has tested or can confirm these alternatives please let me know.

• @HuskyHacks you seem to have tested the evaluation ISOs 👍

[Perdyx]

Is there anything that needs to be done with testing or is it just documentation that needs to be written?

[chris4a50]

I should have checked the issues before sending https://github.com/mandiant/flare-vm/pull/435 - however there is a repo of the "old" development VMs hosted on archive.org and linked in that PR.

[Perdyx]

Oh that's amazing. Thank you!

[MalwareMechanic]

@Perdyx In terms of testing, I'd like to know:

1. We can reliably disable Windows Defender and Updates (preferably through GPO) where after reboot they are still disabled
2. The installation script runs and installs the default list of tools

If someone has cycles to verify this, then I can update the links accordingly. Thanks! 🙇

[Perdyx]

I can give it a shot. I'll fire up a Windows 11 developer VM from here in VMware and report what I find. If you want testing in VirtualBox I can do that too, but for now I'll see what I can get working in VMware since that's what I have installed currently.

[MalwareMechanic]

@chris4a50 provided the link below to Windows VMs hosted on archive.org

These virtual machines were copied to and backed up at the following Internet Archive link: https://archive.org/details/modern.ie-vm

[thejoelpatrol]

The ISO you can generate using the Media Creation Tool (option 3) installs Windows 10 Home by default, which doesn't allow use of Group Policy. But you can force it to install Pro instead. The instructions here are for upgrade but still apply: https://www.groovypost.com/howto/make-windows-10-media-creation-tool-upgrade-pro-instead-home-version/

The gist is that you have to use the default Pro license key VK7JG-NPHTM-C97JM-9MPGT-3V66T, which is not actually a valid license but magically tells the installer to install Pro instead of Home. I just did this and the fresh VM has gpedit.msc, secpol.msc etc, and they work.

[Ud0g-Py]

My 2 cents.

I download the Eval Win 11 Image. For VMWare. Had some issues killing Windows Defender. The install.ps1 script didnt show anything different from red message alerting Windows Defender is still active (even when its not) in the last step, just before start the installation.

I skip the warning and, fortunately, the installation went smoothly and everything works fine. All packages installed, no problem in logs.

Tested in VMWare workstation Pro 17 (17.0.1 build-21139696) VM: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/

PS: I had some light Issues with Copy/Paste functions from VMWare Tools at the end of the Flare installation (aka, copy from host to guest). Reinstalling VMWare Tools fix the problem.

[Megachar0x01]

Tested with evalution iso (Win10_21H2) scripts works fine but systems update shows disable (controlled by org) but updates are still in progress. cannot say anything about defender disable (for that i safe booted and take permission from defender folder )

[Megachar0x01]

[ddubson]

Tested with Windows 11 Enterprise Evaluation (Version: 22H2, Build: 22621.1413) -- the install is partially successful, the only failed package is Google Chrome due to signature mismatch.

[Adonist]

The Rufus tool used to create live CDs or Bootable USB Flash Drives can download multiple versions of Windows ISOs.

The tool can be downloaded from: https://rufus.ie/

Open the tool and click the Dropdown menu in: Select and choose Download. The select option will change to Download.

Click then in the Download button. It will run a download script that will provide the option to download ISOs for Windows and other OS's. Select Windows 10 and press 'Continue'

Select the release compatible with Flare VM:

Press Continue and select the Edition, Language and Architecture. You can also select to download via web browser.

If you don't know Rufus check it out. Amazing open source project: https://github.com/pbatard/rufus

I hope it helps.

[Kurumi78]

Rufus is no longer able to download anything but the latest 22h2 build.

[ElliotKillick]

You may also want to consider using Mido, the secure Windows ISO downloader (by your truly): https://github.com/ElliotKillick/Mido

It pulls ISOs from the exact endpoint as: https://www.microsoft.com/en-us/software-download/windows10ISO

[mischievouus]

Those 2 links don't work for me, but I use this one: https://www.microsoft.com/en-us/evalcenter/download-windows-10-enterprise