FlareVM is a reverse engineering and malware analysis distribution on Windows platform created by Mandiant. It includes a lot of tools for security researchers. In this post I'll explain how to install a FlareVM on a clean Windows 11 installation.

• 60 GB Hard Drive
• 2 GB RAM

• Make sure a clean Windows 11 VM is already installed
• Disable Windows Defender
• Make sure the following settings are configured:
  • Disable real-time protection
  • Disable cloud-delivered protection
  • Disable automatic sample submission
  • Add the directory C:\ to the exclusion list
• Take a snapshot of your VM

• Download and copy install.ps1 onto your new VM
• Open PowerShell as an Administrator
• Unblock the install file by running:
  • Unblock-File .\install.ps1
• Enable script execution by running:
  • Set-ExecutionPolicy Unrestricted
• Finally, execute the installer script as follow:
  • .\install.ps1
  • You can also pass your password as an argument: .\install.ps1 -password <password>

• If the background was not successfully set:
  • Navigate to %PROGRAMDATA%\chocolatey\lib\flarevm.win10.config.flare\tools and right click flarevm.png
  • Right click flarevm.png and select Set as desktop background
• Take a post-installation snapshot

You can customize your distribution by installing additional packages. For an overview of all available packages, check the repository on Chocolatey. For example, to install Google Chrome, use the following command:

cinst googlechrome

It's also important to keep your distribution up-to-date. Use the following command to update your installed packages:

cup all