The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Crisis virus attempts to infect virtual machines running on VMware Workstation or Player using legitimate functionality (2033939)
The Crisis virus is capable of infecting virtual machines if it is present on a Windows system that runs VMware Workstation or VMware Player. The virus uses legitimate functionality to mount virtual machines. It does not use any vulnerabilities in VMware Workstation or Player to infect the virtual machines.
If present on Mac OS X, the Crisis virus does not attempt to infect virtual machines running in VMware Fusion.
The Crisis virus does not spread to systems running ESX/ESXi. Virtual machines that run on ESX/ESXi cannot be infected by this virus.
- Practice safe browsing. Do not visit untrusted Web sites.
- Do not open untrusted files downloaded from the Web.
- Run anti-virus software and keep it up-to-date.
- Keep current with Windows updates.
The above measures minimize the risk of introducing the Crisis virus to Windows systems.
You can use additional measures to protect virtual machines against the Crisis virus:
- The Crisis virus cannot infect encrypted virtual machines. VMware Workstation has a feature that allows encryption of virtual machines.
- Consider using third-party whole-disk encryption tools or Windows BitLocker Drive encryption (if available) on sensitive desktops.
- If VMware Workstation or Player is used to create virtual machines that are later used on ESX/ESXi hosts, take care that the systems on which virtual machines are created are secure and regularly audited.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.