If you have a USB NIC (wired or wireless), you could pass that over to the guest OS to bypass the host OS's NIC entirely. If you were on Linux and you have IOMMU capability with two onboard NICs, you can use KVM/QEMU to enable PCI pass-through of the second NIC. This is what I do for one of my Windows VMs under Linux. Generally, I disable networking for my Windows guest OS and instead use VirtioFS to pass files downloaded from the internet / my storage drive to the guest. If it isn't connected to the internet, you really don't need to update the OS, use Defender or the built-in firewall--which removes some of the fat-suit that MS requires to make their OS remotely safe to use. PCI pass-through can be used to move over an extra PCIe GPU, NVME drive or even whole USB or SATA controller for near native performance if you need Windows to play certain games or productivity software like CAD and the like.