VB tries to install an unsigned driver when starting a VM

[GIGA1BYTE]

On the backup copy of my windows 7 OS that has already had many fiddles to get rid of this issue:

It does look like the behavior with installing some security updates that relate to certificate hashing is different with and without multibooting.

Without multibooting into the OS:

No more boot looping.

Installing KB3033929 gets rid of the program compatibility assistant popup about the "installing of an unsigned driver". That is a success on the issue.
After installing this security update, Sigverif.exe still shows the VBoxNetadp6.sys as unsigned.
But the properties dialog now shows 3 certificates including a SHA-256 one for oracle.

I was now able to install KB4474419 (more support for sha-2?) maybe because of "no multiboot" or maybe because of KB3033929 (probably the former as no prerequisites were listed).
Also installed KB5004378 and KB3125574.
Note also had KB4490628 already installed as it is a prereq for KB5004378.

After those updates Sigverif no longer shows any VBox drivers as unsigned.

Now hope that this actually still pans out on my real working OS (might just test it out on the clean backup first).

[fth0]

Ok, that looks like the latest SHA-2 support for Windows 7 is needed nowadays. Thanks for reporting back.

[GIGA1BYTE]

Just a final comment in case there is some confusion:

Issue arises when windows 7 users also use Microsoft Security Essentials and don't have SHA-2 code signing support.
Microsoft Security Essentials uses the following driver (MpKslDrv.sys).
Every time Microsoft security essentials updates its engine or definitions, it installs and associates with a unique named "copy"of this driver.
Without SHA-2 code signing support, this "copy" is seen as unsigned by Microsoft security essentials itself.
Opening a VB guest triggers a popup dialog from the Microsoft Compatibility Assistant, and this popup informs about the unsigned (MpKslDrvxxxxxx.sys) driver.
This popup was a bit annoying but also concerning as it suggests the antivirus program is compromised.
Not sure why VB is causally involved in triggering the popup (maybe MSE is injected).

There are a number of attempts by Microsoft to add SHA-2 code signing support.
The best way forward is to add this support using their very latest attempt.
KB4474419 (code signing) and maybe also KB5004378 (servicing stack for windows updates)

My experience is that KB4474419 will not install if the OS is booted with a non-windows boot loader or with a multi-OS boot loader.
In my case it caused a boot loop with a non-windows multi-OS boot loader (see earlier post).

Thanks for the contributing snippets of info that made it possible to find a solution.

[scottgus1]

KB4474419 will not install if the OS is booted with a non-windows boot loader or with a multi-OS boot loader.

An information link on KB3033929 says that:

Some users cannot install this security update if their computers meet the following conditions:

* Have a multiple-boot configuration of Windows and various distributions of Linux
* Use a non-Windows boot loader
* Have Windows and Linux installed on separate drives

Could be the same situation with KB4474419.

This from windowsreport.com https://windowsreport.com/kb4474419-kb4 ... kb4484071/ says:

If you want to continue receiving security patches on your Windows 7 machines, you really need to install KB4474419, KB4490628, and KB4484071 before you hit the update button.

All of these updates support SHA-2

Glad you got your system running again!