Skip to content

Hyper-V (Windows 11)

Deploy the Sophos Remote Testing Appliance (RTA) on a Windows 11 (Pro or Enterprise) host running Hyper-V. We ship a pre-built, importable Hyper-V VM package — you do not need to build a VM from scratch or convert a disk image. Run one script (or follow the wizard), and the appliance is ready to start.

How delivery works on Hyper-V (Windows 11)

Your engagement lead sends you a single file: Sophos-RTA.zip.

Item What it is
Sophos-RTA.zip A pre-built, exported Hyper-V VM ready to import. Extract and run Import-RTA.ps1.

The zip expands to:

Sophos-RTA.zip
├── README.md                  (quick-start card)
├── Import-RTA.ps1             (one-run installer)
└── Sophos-RTA/
    ├── Virtual Machines/      (*.vmcx, *.VMRS — VM configuration)
    └── Virtual Hard Disks/    (rta_latest.vhdx — ~40 GB)

The exported VM is already configured: Gen2, Secure Boot Off, 4 vCPU / 8 GB, MAC address spoofing On. You do not rebuild or reconfigure it — import, connect to your external switch, and boot.

Requirements

Resource Minimum Recommended
Windows edition Windows 11 Pro or Enterprise (Hyper-V feature enabled) Windows 11 Pro or Enterprise
vCPU assigned to VM 2 4 (pre-configured in the package)
Memory assigned to VM 4 GB 8 GB (pre-configured in the package)
Boot disk 40 GB 40 GB
Host NIC Wired Ethernet with internet egress Wired Ethernet on the engagement LAN
Hyper-V switch type External (bound to the physical NIC) External on a wired Ethernet NIC

Use a wired Ethernet NIC — Wi-Fi will degrade the engagement

The appliance needs Layer-2 adjacency to on-premises targets for techniques such as ARP poisoning, MITM, and host discovery. Hyper-V cannot bridge a Wi-Fi adapter as a true L2 peer — over Wi-Fi the VM gets internet but cannot act as a distinct host on the LAN. Running the RTA on Wi-Fi degrades the quality of the engagement and is strongly discouraged; use a wired Ethernet NIC. The installer script detects Wi-Fi and warns before proceeding.

Choose a deployment method

  • PowerShell — Import-RTA.ps1

    Recommended — the easiest and fastest route. Run a single script from an elevated PowerShell prompt. It detects your NIC, creates the external switch, imports the VM, and prints the start command. Done in under two minutes.

  • Hyper-V Manager (GUI)

    Manual import wizard — useful if your environment restricts script execution or you prefer point-and-click. Requires a few extra steps to wire the network adapter and confirm the security settings.