![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 47%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
3,013 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Completely depends upon how the software is determining if you're running in a VM or not. There are different ways it might try to figure it out and so you'd have to protect against each one. For example VM software generally allow for a virtualization ID for networking so that the network can better handle VM requests. But that also means this is something that can be checked. If you enable Enhanced Session then this is also detectable in a VM. For example Cisco's VPN software won't run under a VM but if you disable ES then it doesn't see it as a VM anymore.
There are other things the software could look at as well. For example VM software generally use a virtualized network driver in the host to actually provide network services. Software may look for well-known network drivers used by virtualization software. Or perhaps they tracert a call and see if any requests are bouncing through a virtual switch (if that is even possible). Or perhaps they scan loaded binaries to see if there are well-known VM libraries loaded. There are any # of ways to detect a VM and identifying all of them would be a lot of work.