Windows 4.3.20 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.
Locked
Custler
Posts: 2
Joined: 23. Apr 2009, 12:13
Primary OS: MS Windows 10
VBox Version: OSE Debian
Guest OSses: Windows, Debian, Ubuntu, FreeBSD

Re: Windows 4.3.20 specifically for errors due to security

Post by Custler »

loader wrote:VirtualBox 4.3.20
Does not work since 4.3.14 on all our computers with CryptoPro cryptografic software installed (Windows XP, Windows 7, Windows 8.1).
cadespluginucsp.exe v3.9.8209 (test build) --> The virtual machine has terminated unexpectedly during startup with exit code 1073741819 (0xc0000005) [E_FAIL 0x80004005]
cadespluginucsp.exe v3.6.6785 (official build) --> BSOD (CProCtrl.sys)
It can be solved by ( http://www.cryptopro.ru/forum2/default. ... #post55035 ) add

Code: Select all

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CProExclude\VirtualBox]
"FileName"="VirtualBox.exe"
jonesn
Posts: 4
Joined: 10. Dec 2014, 11:10

Re: Windows 4.3.20 specifically for errors due to security

Post by jonesn »

I saw mention of a bug report against a new build a few posts above, and guessed the URL to be https://www.virtualbox.org/download/tes ... 69-Win.exe

However I seem to be missing where notice of the new builds is posted?

I'm still getting issues with SEP (as mentioned above), though the workaround (disable SEP app management) is still working

Thanks

**UPDATE** Ok I answered my own question. -> https://www.virtualbox.org/wiki/Testbuilds
gburke
Posts: 1
Joined: 19. Jan 2015, 17:15

Re: Windows 4.3.20 specifically for errors due to security

Post by gburke »

Failed to open a session for the virtual machine Ubuntu Linux.

The virtual machine 'Ubuntu Linux' has terminated unexpectedly during startup with exit code -1073741424 (0xc0000190). More details may be available in 'C:\Users\gburke\VirtualBox VMs\Ubuntu Linux\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}


Virtual Box: tried 3 different versions: 4.3.18 r96516, 4.3.20 r96997, 4.3.21 r97569
on Windows 64bit v8.0 (Version 6.2, Build 9200)
Symantec Endpoint Protection 12.1.5 (12.1 RU5) build 5337 (12.1.5337.5000)


Edit: Rolling back to 4.3.12 (which I had in my download folder) has fixed the issue, so I can continue with that until this issue is resolved.
All was working well for me until today. I had VirtualBox 4.3.18 installed. I then tried the 2 other version mentioned above and got the same error.
Last week, a forced update to SEP was installed but required a reboot. I didn't reboot until I turned off on Friday and on again this morning (opting to sleep instead each evening).
Attachments
VBoxStartup.zip
(3.11 KiB) Downloaded 54 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

@gburke: another Windows Update victim. You would do well to read previous messages before posting. For example, this.
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: Windows 4.3.20 specifically for errors due to security

Post by MikeDiack »

While I've no doubt that Windows Update has been an issue for some people. For others including myself, the Windows Update did NOT cause problems.
The common denominator for me and many others (since July 2014) is Symantec Endpoint Protection 12.1. RU5, which seems to be particularly incompatible with VBox 4.3.14+ (specifically no builds since 4.3.17 bld 96342, work with it).
I've sent in many logs etc as have others, for many of us we can't turn off the device/application management settings in it. I've written to Symantec about it also.
Is there anything we can do to run VBox builds > 4.3.12 on it, reliably?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

@Mike: I didn't say that everyone had the Windows update problem, I said that "gburke" did. It's quite obvious if you look at his log file, so I'm not sure what your point is.
pal1000
Posts: 20
Joined: 20. Oct 2014, 10:40

Re: Windows 4.3.20 specifically for errors due to security

Post by pal1000 »

pal1000 wrote:
pal1000 wrote:Microsoft Windows 7 Home Premium SP1 x64 patched to date. Had the taboo windows update, but it was removed via it's follow-up update (no manual update uninstall). Virtualbox has not been started in between.
Microsoft Security Essentials: 4.6.305;
Malwarebytes Anti-Malware 2.0.4.028;
This issue happens randomly sometimes. It goes away after reboot, but it can happen anytime (race condition - like behavior).
Fortunately it doesn't happen often. Chances don't exceed 10%.
Error signature is identical to the one from here:
viewtopic.php?f=6&t=64777&start=30#p306213
When issue occurs VirtualBox.exe process cannot be terminated normally and as such it has to be task-killed manually or automatically on log off / shutdown /restart.
This issue mostly happens if I open Virtualbox while a web browser is running. This scenario makes the security software over-thinking things and blocks Virtualbox. Disable real-time protection + re-log on is not enough to lift the ban, have to reboot.
Good news. This seams to be no longer reproducible in v4.3.21-97569.
After trying Malwarebytes Anti-Exploit Free, which disappointed me, this seams to be back.
New log attached:
After reading the log it appears it conflicts with MBAMSwissArmy.sys, a MalwareBytes Anti-Malware protection driver. As I said before it is most likely to happen if a web browser is running or already ran during same windows session.
Attachments
VBoxStartup.log
(14.33 KiB) Downloaded 32 times
MagFlip
Posts: 1
Joined: 22. Jan 2015, 15:49

Re: Windows 4.3.20 specifically for errors due to security

Post by MagFlip »

Host OS and version: Windows 8
Eset NOD32 Antivirus, Malwarebytes Anti-exploit Premium, Spyware Terminator 2012, Windows Defender
VBoxStartup.zip
(9.26 KiB) Downloaded 34 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

@pal1000: We do not support VirtualBox forks on these forums. Please go to the Portable VirtualBox forums (if they have any) for support, or install the official version.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

@MagFlip: see my answer to gburke. Your issue seems identical.
VBoxStartup.log wrote: 1054.119c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
 Edit:  Hmm. Nope, I take that back. You seem to be running Windows 8.1, not Win7. This is the first I've seen of these symptoms on a Win8.1 host. Is it 32bit? 
mongorian
Posts: 15
Joined: 27. Aug 2012, 18:51

Re: Windows 4.3.20 specifically for errors due to security

Post by mongorian »

@mpack - To what MikeDiack was saying a few posts back...

Can you confirm whether the issue that we are experiencing, that is separate from the Microsoft patching issues and seems to possibly be SEP related with VBox 4.3.18 and higher, is being investigated by anyone? I have only heard chatter regarding the other (known) problems that have been encountered around MS patches.

Can you provide any update on the issue causing the "Creating process for virtual machine..." stuck dialog window? Are you in agreement that this is indeed a different issue?

I greatly appreciate the time that everyone on here takes to make sure this product is as stable as possible. I just don't want this one to get lost among the others.

From my search, it looks like the following users have reported this specific issue: myself, rbal, ICE-vn, & MikeDiack.


Also, not sure if this helps (it's probably been seen already since it was in one of the logs I posted earlier), but here is a "failure" message that I noticed in a 4.3.20 startup log, including a bit of the log before and after as well for reference...

1dc4.2290: \SystemRoot\System32\apisetschema.dll:
1dc4.2290: CreationTime: 2014-03-06T07:45:21.922596400Z
1dc4.2290: LastWriteTime: 2013-08-29T02:18:31.933000000Z
1dc4.2290: ChangeTime: 2014-03-06T16:35:47.474196300Z
1dc4.2290: FileAttributes: 0x20
1dc4.2290: Size: 0x1a00
1dc4.2290: NT Headers: 0xc0
1dc4.2290: Timestamp: 0x521eafbe
1dc4.2290: Machine: 0x8664 - amd64
1dc4.2290: Timestamp: 0x521eafbe
1dc4.2290: Image Version: 6.1
1dc4.2290: SizeOfImage: 0x50000 (327680)
1dc4.2290: Resource Dir: 0x30000 LB 0x3f8
1dc4.2290: ProductName: Microsoft® Windows® Operating System
1dc4.2290: ProductVersion: 6.1.7601.22436
1dc4.2290: FileVersion: 6.1.7601.22436 (win7sp1_ldr.130828-1532)
1dc4.2290: FileDescription: ApiSet Schema DLL
1dc4.2290: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1dc4.2290: supR3HardenedWinFindAdversaries: 0x2
1dc4.2290: \SystemRoot\System32\drivers\SysPlant.sys:
1dc4.2290: CreationTime: 2014-04-23T14:55:34.169653900Z
1dc4.2290: LastWriteTime: 2014-04-23T14:55:34.200853900Z
1dc4.2290: ChangeTime: 2014-04-23T14:55:34.200853900Z
1dc4.2290: FileAttributes: 0x20
1dc4.2290: Size: 0x25ed8
1dc4.2290: NT Headers: 0x100
1dc4.2290: Timestamp: 0x52647ffd
1dc4.2290: Machine: 0x8664 - amd64
1dc4.2290: Timestamp: 0x52647ffd
1dc4.2290: Image Version: 5.0
1dc4.2290: SizeOfImage: 0x2e000 (188416)
1dc4.2290: Resource Dir: 0x2c000 LB 0x498
1dc4.2290: ProductName: Symantec CMC Firewall
1dc4.2290: ProductVersion: 12.1.4013.4013
1dc4.2290: FileVersion: 12.1.4013.4013
1dc4.2290: FileDescription: Symantec CMC Firewall SysPlant

... Thanks again for your time and help.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

mongorian wrote:Can you confirm whether the issue ... is being investigated by anyone?
I'm not in a position to confirm anything. I'm a user like yourself, I'm not on the VBox devteam.
stefan.becker
Volunteer
Posts: 7639
Joined: 7. Jun 2007, 21:53

Re: Windows 4.3.20 specifically for errors due to security

Post by stefan.becker »

MagFlip wrote:Host OS and version: Windows 8
Eset NOD32 Antivirus, Malwarebytes Anti-exploit Premium, Spyware Terminator 2012, Windows Defender
VBoxStartup.zip
Hey, thats not enough Security. Please install Norton, Kaspersky and Bitdefender as addon.

Then no virus has a chance because there is no more free cpu time.

:)

ESET NOD32 is enough. Deactivate / Uninstall all other "Security" tools. Sometimes more is less.
pal1000
Posts: 20
Joined: 20. Oct 2014, 10:40

Re: Windows 4.3.20 specifically for errors due to security

Post by pal1000 »

Windows 7 x64 SP1 patched to date
Microsoft Security Essentials 4.6.305.0;
Malwarebytes Anti-Malware Premium 2.0.4.1028

Installed Virtualbox 4.3.21-97569. Did this after short web browsing session. At the end of installation it asked for a reboot. I am very familiar with the fact that ask for reboot =failed installation. Rebooting doesn't solve the problem. Ran Virtualbox and the failing results are embedded. Checking driver status with

Code: Select all

sc.exe query vboxdrv
results in not found error. So the driver was rejected from installation by security software. Got the VM running by rebooting the host and then running the installer again in repair mode.
Image
Image
Attachments
VBoxStartup.zip
(27.62 KiB) Downloaded 26 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

pal1000.vbox.log wrote: 4f4.5c0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
Locked