🐜 Slow Install.ps1 | Boxstarter

[aftwro]

What's the problem?

Installing FlareVM takes over a day sometimes, due to how many packages boxstarter has to install, and due to how slow it is, 010editor.vm took over an hour alone to download, even though I'm running server-grade networking (1Gbps Up/Downlink).

Steps to Reproduce

1. Get your VM ready for FlareVM install (Disable Security Mitigations, Defender.......etc)
2. Get Install.ps1
3. Run
4. VM Should restart as normal of course
5. Package install starts, but is excruciatingly slow.

X3txyAmC4U.mp4

Environment

• VM Software: VirtualBox (Latest at the time of posting)
• VM PowerShell Version:
  
• VM Chocolatey Version:
  
• VM Boxstarter Version:
  

VM OS version and Service Pack
-----

Version                 : 10.0.19045
BuildNumber             : 19045
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Pro

VM OS RAM (MB)
-----
0

VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName     Size         FreeSpace
-------- --------- ------------ ----------     ----         ---------
A:       2
C:       3                                     136808968192 115653873664
D:       5                      VBox_GAs_7.1.6 60225536     0

VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.3803

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
2.4.2

VM Boxstarter Version
-----

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3




VM Installed Packages
-----
010editor.vm|15.0.1
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
chocolatey|2.4.2
common.vm|0.0.0.20250203
debloat.vm|0.0.0.20240327
installer.vm|0.0.0.20241002


Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\Users\flare--vm\Desktop\Tools
RAW_TOOLS_DIR: C:\Tools``

Additional Information

boxstarter.log
chocolatey.log
consoleOutput.log

Above I've attached all logs available, along with a speedtest of my network inside the guest machine.

Host Specs:
AMD Ryzen 7 9700X
32GB 6000Mhz CL36 DDR5
Radeon RX 7800XT
All SSD Storage (Same or similar SMART Health, 99% with 12TBW)

Guest Specs:
6vCores
VDI File in an NVMe disk.

[Ana06]

I have also noticed in the last days that the download of 010Editor from https://download.sweetscape.com/010EditorWin64Installer15.0.1.exe seem to be slow. @mandiant/flare-vm any ideas what the issue can be? 😕

[stevemk14ebr]

A CDN to cache downloads could be appropriate. Something like cloudflare or google CDN could be setup to pull the original files from their URLs and then the install script would rely on the CDN URL. This would require infrastructure to resolve and would need work to automate alongside the packages bot. But it's possible and would fix the issue.

As long as the package hashes continue to be validated I don't see any security risks to the approach.

[aftwro]

This is meta but:

Apparently FlareVM, Or Mandiant in general is actually a part of G(oogle)CP now?!

Google has a reputation of killing off projects, and I'm afraid they could do it to FlareVM, and CommodoVM as these projects to them are seen as minor projects.

There's also the possibility of someone forking the repos and maintaining FlareVM, and preserving it for the future. While not ideal, I'd imagine there's not much work needed to maintain both projects.

[stevemk14ebr]

Both myself and @Ana06 are on the FLARE team at Mandiant. Our team heavily relies on FLAREVM. You do not have to be worried.