Hide VMWare Virtual Network Interfaces from Windows Firewall and Network and Sharing Center

VMWare Workstation creates two virtual network adapters by default. One is the host-only network and the other is for NAT routing. You can add several more to suit your needs for more complex scenarios.

The problem is that these networks cause Windows 7 to think it is attached to a public “unidentified network” which has the side-effect of disabling network and printer sharing. You will experience the same problem with Windows 7 Virtual PC if you create virtual loopback device adapters and the same problem occurs with VirtualBox.

The solution is to mark the virtual network adapters as *NdisDeviceType=1 in the registry:

*NdisDeviceType

The type of the device. The default value is zero, which indicates a standard networking device that connects to a network. Set *NdisDeviceType to NDIS_DEVICE_TYPE_ENDPOINT (1) if this device is an endpoint device and is not a true network interface that connects to a network. For example, you must specify NDIS_DEVICE_TYPE_ENDPOINT for devices such as smart phones that use a networking infrastructure to communicate to the local computer system but do not provide connectivity to an external network.

Note  Windows Vista automatically identifies and monitors the networks a computer connects to. If the NDIS_DEVICE_TYPE_ENDPOINT flag is set, the device is an endpoint device and is not a connection to a true external network. Consequently, Windows ignores the endpoint device when it identifies networks. The Network Awareness APIs indicate that the device does not connect the computer to a network. For end users in this situation, the Network and Sharing Center and the network icon in the notification area do not show the NDIS endpoint device as connected. However, the connection is shown in the Network Connections Folder.

As far as I’m concerned this is just a bug in both VirtualBox and VMware Workstation. They should be marking their virtual network devices as *NdisDeviceType=1 for compatibility with NT 6.x –based operating systems.

Until they do that, I cobbled together a little powershell script to find any NICs created by VMWare and mark them as virtual. The setting takes affect after a reboot.

# tell windows that VMWare Network Adapters
# is not a true network interface that connects to a network
# see http://msdn.microsoft.com/en-us/library/ff557037(VS.85).aspx
pushd
echo "Marking VMWare Virtual Ethernet Adapters as virtual.`r`n"
cd 'HKLM:\system\CurrentControlSet\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}'
ls ???? | where { ($_ | get-itemproperty).DriverDesc `
-like 'VMware Virtual Ethernet Adapter *' } | `
% { $_ | new-itemproperty -name '*NdisDeviceType' -PropertyType dword -value 1 } | `
% { "`"" + ($_ | get-itemproperty).DriverDesc + "`" -> *NdisDeviceType=1" } 
echo "`r`nReboot to apply changes."
popd

Advertisements

14 Responses to Hide VMWare Virtual Network Interfaces from Windows Firewall and Network and Sharing Center

  1. Richard Johansson says:

    Thank you for writing a nice article about it. I usually have some suspicious software in my VMs and I wonder if changing *NdisDeviceType increases the risk of viruses from the VM to my host OS.

  2. Pingback: Impero on PCs with VMWare Player

  3. KengaRU says:

    Reboot is not needed for this setting to effect. Disable/Enable for VMWare interfaces from control panel is enough.

    • Brian Reiter says:

      You misunderstand. I’m not disabling the network interface. I’m marking it as an internal interface that is not filtered by the firewall nor tracked by Network and Sharing Center. If you want a host-only adapter that doesn’t force Windows to think you are on a “Public Network” then you need to set *NdisDeviceType=1 on the host-only adapter.

      • KengaRU says:

        You’ve have echo “`r`nReboot to apply changes.” in script.

        There is no need to reboot to apply changes. It’s enough to disable/enable virtual network adapters in control panel for this settings in effect and Windows will not think that it’s on public network without reboot.

  4. 8ts says:

    This is good. Don’t know if it is related but after following your instructions when I click on Vmware from my Start Menu it snaps up onscreen instantly. Before there was a lag. Thanks for this tip.

  5. KengaRU says:

    Reboot is not required afterwards executing this script. It’s sufficient just to bring down then up affected virtual interfaces.

  6. Pingback: Win7下VMware的NAT网络模式不能正常工作 | aneasystone's blog

  7. franzalex says:

    Your solution didn’t work for me on Windows 8 so I rather changed the *ifType value to 131 and that worked.

    The value 131 sets the interface to Tunnel which hides it from the Windows 8 Networks panel.

    Here is the script:

    pushd
    echo “Marking VMWare Virtual Ethernet Adapters as virtual.`r`n”
    cd ‘HKLM:\system\CurrentControlSet\control\class\{4D36E972-E325-11CE-BFC1-08002BE10318}’
    ls ???? | where { ($_ | get-itemproperty).DriverDesc `
    -like ‘VMware Virtual Ethernet Adapter *’ } | `
    % { $_ | Set-ItemProperty -name ‘*ifType’ -value 131 } | `
    % { “`”” + ($_ | get-itemproperty).DriverDesc + “`” -> *ifType=131″ }
    echo “`r`nReboot to apply changes.”
    pause
    popd

  8. Tarounen says:

    i have tried both scripts .. but nothing works .. i’m using vmware 11 on win 10

  9. Pingback: Hide VMWare Virtual Network Interfaces from Windows Firewall and Network and Sharing Center – Eduardo Mozart

  10. Pingback: Escondendo Dispositivos de Rede Virtuais do VMWare e VirtualBox do Firewall do Windows e da Central de Rede e Compartilhamento – Eduardo Mozart

  11. Aaron44126 says:

    VMware seems to add this by default now with newer versions of VMware Workstation. Strangely, Microsoft didn’t bother to add it for the Hyper-V Ethernet adapter. The same “trick” works for me to hide the Hyper-V Ethernet adapter on Windows 10.

  12. KengaRU says:

    Sometimes, there is need to setup VMNet adapter as uplink with Internet access for Windows 10 (f.e. custom firewall VM connected to Internet via attached to it USB network adapter). If you have to do so, you should set *NdisDeviceType to “6” if you want Windows 10 be connected to Net.

Leave a Reply to Aaron44126 Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: