4.3.14 conflicts with anti-virus packages.

Discussions related to using VirtualBox on Windows hosts.
Locked
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: 4.3.14 conflicts with anti-virus packages.

Post by mpack »

The devs did an open beta test prior to release. Did you report the same problem then?
ThetaPhi
Posts: 8
Joined: 18. Jul 2014, 14:08

Re: 4.3.14 conflicts with anti-virus packages.

Post by ThetaPhi »

Hi,

as suggested by mpack, I copy my investigations here. In fact, this does not only affect antivirus software - I personally don't have such anti-virus software that hooks into processes. Lots of users with NVIDIA GPUs on Laptops seem to have this problem, too (I am not completely sure, if this may also affect Desktop GPU drivers).

On many laptops you have dual-graphics adaptors (Intel ones in combination with NVIDIA). For normal work, it uses Intel Graphics to save power, but once an application starts 3D stuff that would better use the NVIDIA graphics, the system switches to the NVIDIA GPU. To detect this "behaviour change" in some applications, the NVIDIA driver uses "Microsoft Detours" (http://research.microsoft.com/en-us/projects/detours/) to hook into every process (like the Anti-Virus software does). By that it can intercept calls to graphics APIs in the Windows API and on the fly enable the NVIDIA GPU.

In contrast to Antivirus Software that I can easily uninstall and replace it by Windows own Defender/Security Essentials (which works), I cannot uninstall NVIDIA drivers.

See also the issue I opened: https://www.virtualbox.org/ticket/13200
Boxy
Posts: 22
Joined: 31. Jan 2010, 14:58
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: XP, Win7,SUSE,MS-DOS
Location: wild south of germany

Re: 4.3.14 conflicts with anti-virus packages.

Post by Boxy »

Today, I updated from VBOX 4.3.8 to 4.3.14.
Host is win7 64bit sp1 and current fixes.
Tested Guests are OpenSuse and XP
Processor C2D E8500 Wolfdale on ASUS P5Q
ATI Radeon HD4670, Catalyst 13.1
Security SW ist Kaspersky KISS 2014

After the update, I got the error popup for sup3HardenedWinVerifyProcess, Failed to verify process integrity, "Unknown image file" with rc=-5633 for mpr.dll and dwmapi.dll

After modifying registry: deleted entry with DISABLEUSERCALLBACKEXCEPTION for virtualbox under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Surprise: the popup rc=-5633 disappeared and VBOX started.

Activating a virtual guest (WinXP or OpenSuse, doesn't matter), I got the "Error in supR3HardenedWinReSpawn" popup:
Popup1 after removing DISABLEUSERCALLBACKEXCEPTION
Popup1 after removing DISABLEUSERCALLBACKEXCEPTION
Popup1.Suse.jpg (23.89 KiB) Viewed 10594 times
followed by another popup:
Popup2 after closing popup1
Popup2 after closing popup1
Popup2.Suse.jpg (25.96 KiB) Viewed 10594 times
Shut down KISS, no difference.
No messages in the Windows Event Log.

Uninstalled VBOX 4.3.14 and reinstalled it with KISS-shutdown at every windows restart, so KISS should not influence neither installation nor start VBOX:
Same behaviour.

Now - thank ghost ;-) - reload image
Last edited by Boxy on 23. Jul 2014, 22:25, edited 1 time in total.
Nurple
Posts: 3
Joined: 19. Jul 2014, 18:40
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: Ubuntu Trusty x64, Windows 7 / 10 x64

Re: 4.3.14 conflicts with anti-virus packages.

Post by Nurple »

My issue is with Startdock Decor8, ModenMix, and Start8. This is on Windows 8 x64. Error is the same on all 3 Startdock apps just different paths.

Decor8 - "C:\Program Files (x86)\Stardock\Decor8\Decor8_64.dll"

ModernMix - "C:\Program Files (x86)\Stardock\ModernMix\MMix_64.dll"
VirtualBox - Error.png
VirtualBox - Error.png (12.21 KiB) Viewed 10568 times
Startdock - Start8.png
Startdock - Start8.png (10.41 KiB) Viewed 10568 times
Anunes
Posts: 71
Joined: 17. Jul 2014, 18:49

Re: 4.3.14 conflicts with anti-virus packages.

Post by Anunes »

ThetaPhi wrote:Hi,

On many laptops you have dual-graphics adaptors (Intel ones in combination with NVIDIA). For normal work, it uses Intel Graphics to save power, but once an application starts 3D stuff that would better use the NVIDIA graphics, the system switches to the NVIDIA GPU. To detect this "behaviour change" in some applications, the NVIDIA driver uses "Microsoft Detours" (http://research.microsoft.com/en-us/projects/detours/) to hook into every process (like the Anti-Virus software does). By that it can intercept calls to graphics APIs in the Windows API and on the fly enable the NVIDIA GPU.
I think the GPU is a good point.
I have Intel HD 4600 and Nvidia 740 also.
With VB 4.3.12 there is no problem.
A lot o people have different AV and the same launch problem of VB 4.3.14, so the problem must be else where not with AV (I think).
vatoloco
Posts: 14
Joined: 16. Jul 2013, 13:46

Re: 4.3.14 conflicts with anti-virus packages.

Post by vatoloco »

1. Windows 7 64.
2. No antivirus installed, not even Windows Defender.
3. VirtualBox itself does start (but it takes longer, 2-3 seconds, whereas 4.3.10 took 0.5 sec).
3. VMs do not start, I get the same errors as here.

The closest to an antivirus that I have installed is Sandboxie and a 3rd party firewall control.
Chocobear
Posts: 2
Joined: 19. Jul 2014, 19:52

Re: 4.3.14 conflicts with anti-virus packages.

Post by Chocobear »

I keep getting this error when I try to start a virtual space. This is version 4.3.14 r95030. I am running it on Windows 8.1 and I cannot get the Linux OS to run. I have disabled antivirus and reinstalled it to no avail. While typing this message, the error changed to Error In Supr3HardenedWinInstallHome... I am very confused as to what the cause of this error is. What should be my next step?
Trysis
Posts: 51
Joined: 12. Apr 2013, 22:06
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: Linux, assorted; Windows 7; Windows 8.1

Re: 4.3.14 conflicts with anti-virus packages.

Post by Trysis »

For all the people who have disabled &/or uninstalled all their antivirus software, as mpack and others have said, that's not the only cause. It could be some malware or rootkit or really nosy program. Also, Windows doesn't have a perfect track record with removing ALL traces of a program upon uninstallation (not that other OS' s are any better), so it could be lingering traces of the antivirus programs. In general, the problem comes down to nosy programs spying on VirtualBox. mpack or someone else could explain better I'm sure.
DrTeeth
Posts: 12
Joined: 19. Jul 2014, 23:54

Re: 4.3.14 conflicts with anti-virus packages.

Post by DrTeeth »

NilexBM wrote:
cremor wrote:I get the following error with McAfee when starting the Manager. I can't disable McAfee since this is a corporate PC and the scanner is configured by Domain settings.
I got exactly the same error with Symantec Endpoint Protection.
People are getting this error with NO AV installed.

On trying to load VB on win 7 + 8.1 x64 hosts, I get error boxes protesting about several x64 DLLs - which are different for each PC.
Last edited by DrTeeth on 20. Jul 2014, 00:19, edited 1 time in total.
You've never known happiness until you're married; but by then it is too late!
DrTeeth
Posts: 12
Joined: 19. Jul 2014, 23:54

Re: 4.3.14 conflicts with anti-virus packages.

Post by DrTeeth »

socratis wrote:a) It's not mandatory to update. And you can always downgrade. WITH NO LOSS!
If there were no loss to downgrading, an update would not have been issued. Simples!
You've never known happiness until you're married; but by then it is too late!
ElQuia
Posts: 155
Joined: 30. May 2008, 23:31

Re: 4.3.14 conflicts with anti-virus packages.

Post by ElQuia »

I did a clean install of Win7 x64 on a clean machine, with ESS and later avast, MS office, libre office, photoshop, total commander and some systema utilities as net monitoring soft.

4.3.14 will not work. 4.3.12 WILL work

I have a PC to play, or to WORK, with losts of regular soft. I wont or cant buy a PC just for VBox. I my case I am in to tech and use vbox for OS testing and to get some work done on other oses.

Its not security. Its a bug. want a hardened vbox, ok, agree, but make it work on regular clean systems with real world soft, injection or not
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: 4.3.14 conflicts with anti-virus packages.

Post by Perryg »

@ElQuia,

You seem to under the illusion that this is what the DEVs wanted to do. It is far from that. It was something that had to be done for specific reasons. With the help of others the remedy should be on its way.

So if you want to call it a bug go ahead but since no one else is actually trying to help with the source code to fix this you have two options. Revert back to version 4.3.12, or use something else.
Trysis
Posts: 51
Joined: 12. Apr 2013, 22:06
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: Linux, assorted; Windows 7; Windows 8.1

Re: 4.3.14 conflicts with anti-virus packages.

Post by Trysis »

Can't all the programs just get along? Can't the antiviruses learn they don't have to spy on everything and the other programs learn sometimes it's OK to be spied on? One lonely rogue program can't possibly compromise a whole OS right?
another1
Posts: 3
Joined: 20. Jul 2014, 05:24

Re: 4.3.14 conflicts with anti-virus packages.

Post by another1 »

It seems that the main workaround is to install VB4.3.12.

But 4.3.12 has a major problem: certain guests are very slow. In particular, this affects Ubuntu 14.04 guests.

There is a known fix (see: ticket 12941) which was made available via a link that is no longer working.

Until VB 4.3.14 is available, can you you restore the link to the 4.3.13 GA -OR- tell us if we can use 4.3.14 GA with VB 4.2.12 ?

Thanks!
J.L.
Posts: 78
Joined: 17. Jan 2013, 07:38
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: LMDE, Ubuntu, Windows XP, Windows 7
Contact:

Re: 4.3.14 conflicts with anti-virus packages.

Post by J.L. »

Using VBox 4.3.14 GA on 4.3.12. No problems so far with mouse pointer integration, shared folders, better video support, seamless windows, time synchronization, and shared clipboard. Fixed Ubuntu.
Windows 10 is the actual host, not 8 (no option).
Locked