Will enterprise endpoint protection software on my laptop have control over what is happening inside a VM?
I've been issued a work laptop with Windows 11, running the Sophos Endpoint Agent, which monitors all web traffic and processes running on the PC and blocks malicious stuff.
If I install a Linux VM on it and access the web from inside it, will the Endpoint Agent see what I'm doing and be able to block access the same way as it does on the host?
I guess what I'm asking is, how does accessing a website from inside a VM work, actually? Does all the traffic get routed through the host OS unencrypted?
The purpose isn't to try to circumvent any security measures or go over the heads of the IT department, but rather to find out if I can make a case for using my favorite OS on this thing without compromising security.
Keep your work and personal software separated. If you don't need it to do your job, don't install it on your work machine. If you don't need to access a site for work, don't access it on your work machine.
At the end of the day, it's not your computer and you shouldn't treat it like it is.
Consider it non-secure for personal stuff. Consider the possibility of full monitoring. They may not see the contents of encrypted traffic from the VM, sure, but there's still a possibility of keylogging and even screen monitoring, possibly something else.
To answer your question, the guest OS should reject the security software's certificates, should it attempt MITM. Otherwise there wouldn't be much of a reason to use HTTPS over plain HTTP.
It can still do blocking I guess.
Secondly, it's a work device, and that software is there for a reason. Trying to get around it may have different results. Your employer might not care much, or they could assume something malicious on your side, and fired you are.
So don't use it past work-related use cases, don't borrow it to kids nor anyone else. That bit of hardware is most likely not worth the risk.
IT Guy here - we have been ordered by management to operate a computer system to setup and maintain a usable and secure computer environment for the work the management needs to be done.
To do this, your IT team and selected Windows 11 as the plattform, this is due go several factors.
Compabillity - Windows is the de-facto standard, if you want to do buisniss with other companies, Windows is a safe bet.
Familiarity - Windows is the de-facto standard, people know how to use it with little training.
Managabillity - Windows has excellent tools for central management, so IT policies can easily be implmented centrally.
With your Linux VM you will introduce new security holes, remove central management and throw familiarity out the window.
In any sane company, and unauthorized VM would at minimum be grounds for immediate termination.
If you want to do a proof of concept for your idea, you need management buy in, speak with the CTO and ask about migrating your proccesses to Linux ant do it above board.
I don't know for sure, but I don't think they'd be able to read https traffic. That would be encrypted on the vm itself before being sent to the host, so the host couldn't see it.
If they're scanning your system remotely for unapproved software, I imagine they won't let you use a vm at all, since it kinda breaks that requirement.
I don't know for sure, but I don't think they'd be able to read https traffic. That would be encrypted on the vm itself before being sent to the host, so the host couldn't see it.
But they're able to access your screen, keylog you and read your HD. No need to read https if you can access what the user sees and does