Hi
just installed VMware4.02
had to add all vmware files to D+ exclusions to get VMware to work,
im planning on using vmware to support a virtualmachine to test malware
my question is and forgive me if its a dumb question 88) but am I leaving my host machine open to infection by having D+ disabled with this application ?
thanx MW
I am using VM Ware 4.02 and have no need to add the VM Ware files to D+ exclusions to make it work. Do you mean with D+ Exclusions the Exclusions of Detect shellcode injections (i.e. Buffer overflow protection)?
What OS are you running? I am on Win 7 SP1 x86.
I’m using Win XP SP3 here and have no problems between VMWare and D+.
What OS are you running? I am on Win 7 SP1 x86.
hi yeah im running w7 sp1 x64
ive forgotten the error i was getting 88) but after looking in VMwares forum saw several identical problems,
the advise given was to add vmware to D+/settings/execution control/exclusions
i have done and VMware is up and running
was wondering if this is a potentially unsafe work around
Since that setting only disables buffer overflow protection, it’s not a huge security risk. I’ve never seen a buffer overflow from VMWare.
Since you and Eric are running the same OS, perhaps it’s an issue while running 64 bit?
Edit for clarification: Since you and Eric are running the same OS except for the bit depth…
The problem is with the 64 bits version of Win 7 SP1 apparently. Could this be worth a bug report HeffeD?
There’s another report, different apparent cause here.
On my Win 7 SP1 Ultimate 64bit, VMware ran OK, but not as smoothly as expected. The problem seemed to improve when I added to BO exclusions, and made it an installer/updater (latter not recommended). Not wholly sure whether it was these changes which made the difference or fooling around with VMware tools installation. I am running mainly linux VMs ATM.
Best wishes
Mouse
Bug report, that mentions an error message, considered resolved here.
Is this the error you were getting?
But it maybe should not be as no CIS alert is given.
Best wishes
Mouse
The first issue that Mouse1 links to is also using Win 7 SP1 64bit, so I would say that there does appear to be some issue with D+ and VMWare on that OS at that bit depth.
Out of curiosity mw74, do you have the option Enable enhanced protection mode enabled? (Found in Defense+ → Defense+ Settings → General Settings)
Out of curiosity mw74, do you have the option Enable enhanced protection mode enabled? (Found in Defense+ -> Defense+ Settings -> General Settings)
Hi HeffeD
Yes that option is enabled
MW
What happens if you disable it (requires restart). Do you still need the BO exclusion?
What happens if you disable it (requires restart). Do you still need the BO exclusion?
Will try this tomorrow, I’m away from my machine right now :-
I will of course report result
Im a little uncertain about disabling permanently… Knowing VMware poses little threat of BO
Im not 100% sure what enhanced protection mode does :embarassed: but feel better knowing its active
MW
Neither am I. 
This is what the online help tells about it:
Enable enhanced protection mode (Requires a system restart) - On 64 bit systems, enabling this mode will activate additional host intrusion prevention techniques in Defense+ to countermeasure extremely sophisticated malware that tries to bypass regular countermeasures. Because of limitations in Windows 7 x64, some HIPS functions in previous versions of CIS could theoretically be bypassed by malware. Enhanced Protection Mode implements several patent-pending ways to improve HIPS in Defense+. (Default=Disabled)That’s all we know. Iirc the techniques used are patent pending and therefor Comodo did not elaborate on them.
Yes, I’ve read that. I still don’t know exactly what it is that it does. 
Yes, I've read that. I still don't know exactly what it is that it does.
yeah same here
ok tried disabling enhanced protection mode and removing VMware from BO exclusion…
same error
added VMware back to BO exclusions and virtual machine fires up fine
thinking this might be the best work-around right now
should I file a bug report ?
Thanx MW
I’m also running w7 sp1 x64 and have had no problems running VMware except for having to add vprintproxy.exe to the trusted files list because CIS sand boxed it as unrecognized. Other than that no problems.
Can you give us the error text please?
Maybe the reason some suffer error messages and some don’t relates to whether people are using Workstation or Player?
I think a bug report is probably a good idea as the fact that some progs need BO exclusion without raising BO alerts needs to be addressed.
I'm also running w7 sp1 x64 and have had no problems running VMware except for having to add vprintproxy.exe to the trusted files list because CIS sand boxed it as unrecognized. Other than that no problems.
Hi sAyer
I added VMware to trusted files initially…still received the error
Can you give us the error text please?Maybe the reason some suffer error messages and some don’t relates to whether people are using Workstation or Player?
I think a bug report is probably a good idea as the fact that some progs need BO exclusion without raising BO alerts needs to be addressed.
Hi mouse1
error text - Could not get VM86 driver version: The handle is invalid
You have an incorrect version of driver VM86.sys try reinstalling VMware Player
Failed to initialize monitor device
MW
Confirmed here, also Win7 Pro 64-bit SP1. When I’ve updated VMware Player from latest 3.XX version to 4.0, then it started showing the same message above. Solution was to add “C:\Program Files (x86)\VMware\VMware Player\vmware-vmx.exe” and “C:\Program Files (x86)\VMware\VMware Player\x64\vmware-vmx.exe” to BO exclusions (just these two was enough).