Skip to content

Hyper-V (Windows 11) — PowerShell

Import and start the RTA with a single elevated PowerShell command. The Import-RTA.ps1 script included in the package handles everything: NIC detection, external switch creation, VM import, and networking — with guard rails for the most common mistakes.

Before you start

Review the Hyper-V (Windows 11) overview. You'll need the extracted contents of Sophos-RTA.zip and a wired Ethernet NIC with internet egress. The script must be run as Administrator.

1. Extract the package

Extract Sophos-RTA.zip to a local path — avoid paths with spaces or non-ASCII characters. A top-level folder such as C:\RTA\ works well.

After extraction you should have:

C:\RTA\
├── README.md
├── Import-RTA.ps1
└── Sophos-RTA\
    ├── Virtual Machines\
    └── Virtual Hard Disks\

2. Open an elevated PowerShell

Right-click Start → Windows PowerShell (or Terminal) and choose Run as Administrator. The script pre-flights for elevation and will exit with a clear error if it is not running as Administrator.

3. Run the installer

Change to the folder where you extracted the zip and run:

cd C:\RTA
.\Import-RTA.ps1

The script will:

  1. Verify it is running as Administrator and that the Hyper-V feature is enabled.
  2. Detect the physical NIC that carries your default internet route.
  3. Reuse an existing external switch on that NIC, or create one named RTA-External — you will see a brief network blip (one to three seconds) as the NIC is re-bound to the virtual switch.
  4. Import the VM using a new unique ID (Compare-VM -Copy -GenerateNewId).
  5. Connect the VM's network adapter to the external switch and confirm MAC address spoofing is On.
  6. Print the VM name and the command to start it.

Use a wired Ethernet NIC — Wi-Fi will degrade the engagement

If your default route is through a wireless adapter, the appliance cannot operate as a distinct Layer-2 peer on the LAN — ARP poisoning, MITM, and host discovery against on-premises targets will not work. Running the RTA on Wi-Fi degrades the quality of the engagement and is strongly discouraged. The script detects Wi-Fi and makes you type yes to acknowledge the limitation before continuing; -Force skips the prompt for automated workflows.

.\Import-RTA.ps1 -Force

Connect a wired Ethernet cable and rerun the script — it picks up the wired NIC automatically.

4. Start the VM

The script prints the exact command. It will look like:

Start-VM -Name "Sophos-RTA"

You can also start it from Hyper-V Manager by right-clicking the VM and choosing Start.

Verify

Open Hyper-V Manager, select the VM, and click Connect to open the VM console. The Win11 Hyper-V package is a generic image, so on first boot the appliance comes up in activation mode and shows an Appliance Registration screen with a one-time activation code. No inbound ports are required.

Get-VM -Name "Sophos-RTA"
# State should show: Running

Reading the activation code

Connect to the VM console in Hyper-V Manager and read the activation code from the Appliance Registration screen — the appliance keeps it displayed until activated. Give the code to your Sophos engagement lead; once activated, the appliance provisions itself, brings up the outbound VPN tunnel, and the console switches to the live status dashboard.

Network access

The appliance makes one connection to do its job: an outbound tunnel to the Sophos headend. Nothing inbound is ever required — you never open or forward any ports to the appliance.

Allow this outbound destination
Destination connect.remotetesting.secureworks.com
IP addresses 3.33.194.251 and 15.197.255.2 (static — these do not change)
Port / protocol TCP 443, carrying OpenVPN (not HTTPS)
Direction Outbound only

Allow egress on TCP/443 to that destination from the appliance's network. On a next-generation firewall or NAC-controlled network, an L3 "allow 443" rule is often not enough — Layer-7 application control, TLS/SSL decryption, or NAC can still drop the tunnel even when the port is open. See Connectivity Troubleshooting for the exact firewall and NAC exceptions to request.

Troubleshooting

Deployed but something isn't right?

See Hyper-V (Windows 11) troubleshooting for the most common issues on this platform and how to fix them.