Windows 4.3.20 specifically for errors due to security

[AlexMilford]

I have tested 4.3.21-97294 on Win 7 Pro SP1 (x64) running with the latest version of SEP (12.1.5) and this issue is still not fixed. I can resolve this by removing the Application & Device control component from SEP so I assume the fix would be to add some kind of exception but i'm not sure what for as nothing is reported in the logs

[Lounging Longhorn]

I have Windows 8.1 x64, HP Elite 8100 box, Core i5 760, 16GB RAM, Samsung EVO840 750GB SSD
VirtualBox 4.3.20 r96997

Using TrendMicro OfficeScan Corporate version, and we use pretty much every component of it...
Agent: 11.0.1028
Virus Scan Engine (64bit) 9,800.1009
Smart Scan Agent Pattern: 11.395
Intellitrap Exception Pattern 1.149.00
Intellitrap Pattern 0.213.00
Memory Inspection Pattern 1.287.00
Spyware/Grayware Scan Engine 6.2.4005
Spyware/Grayware Pattern 15.79
Smart Feedback Engine (64-bit) 2.52.1007
Behavior Monitoring Detection 1.423.64
Behavior Monitoring Core Driver 2.97.1148
Behavior Monitoring Core Service 2.97.1148
Behavior Monitoring Config Pattern 1.234.00
Policy Enforcement Pattern 1.216.00
Digital Signature Pattern 1.418.00
Memory Scan Trigger Pattern 0.011.64
Damage Cleanup Engine (64-bit) 7.3.1046
Damage Cleanup Template 1426
Early Boot Clean Drier (64-bit) 1.5.1017
Data Protection Module 6.0.1193

I did look at the startup log, and it appears that it doesn't like Trend. If I missed it somewhere in this thread or elsewhere, are there some Virtualbox directories that I need to exempt?

I use this for testing stuff at work, just upgraded my version from something much older (don't remember what) and now all this. I tried a complete uninistall and reinstall of Virtualbox (and deleted all my VMs in the process, oops).

We would consider a paid support contract if one was available. Who do I talk to about that? I need to do some Server 2012 testing, probably going to have to pay for vmware if I can't get this fixed soon.

[pal1000]

Microsoft Windows 7 Home Premium SP1 x64 patched to date. Had the taboo windows update, but it was removed via it's follow-up update (no manual update uninstall). Virtualbox has not been started in between.
Microsoft Security Essentials: 4.6.305;
Malwarebytes Anti-Malware 2.0.4.028;
This issue happens randomly sometimes. It goes away after reboot, but it can happen anytime (race condition - like behavior).
Fortunately it doesn't happen often. Chances don't exceed 10%.
Error signature is identical to the one from here:
viewtopic.php?f=6&t=64777&start=30#p306213
When issue occurs VirtualBox.exe process cannot be terminated normally and as such it has to be task-killed manually or automatically on log off / shutdown /restart.
This issue mostly happens if I open Virtualbox while a web browser is running. This scenario makes the security software over-thinking things and blocks Virtualbox. Disable real-time protection + re-log on is not enough to lift the ban, have to reboot.

[rnewman]

Still no luck with 4.3.21-97569

OS: Windows 7 Professional 64-bit SP1
Trendmicro Office scan: 11.0.1454
Virtualbox: 4.3.21-97569

Error screen shot and start-up log attached.

-Richard

[jrasmussen0]

Having issue when Avecto PrivilegeGuard 3.8.320 is installed. PrivilegeGuard hooks into every executable to elevate rights. I have to run VirtualBox 4.3.12 as a workaround.

1. Windows 7 64-bit SP1
2. VBoxStartup.log (attached)

VBoxStartup.zip

(2.97 KiB) Downloaded 18 times

3. McAfee AV and firewall, Avecto PrivilegeGuard

[mpack]

Having issue when Avecto PrivilegeGuard 3.8.320 is installed.

I rather doubt that is the complete story. While it may be true, you also seem to be suffering from the infamous KB3004394 issue. As evidenced by :-

80c.2968: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

Read about it here:
http://www.infoworld.com/article/285801 ... fende.html

Microsoft fix discussed here :-

http://www.infoworld.com/article/285911 ... 04394.html

and here :-

http://support2.microsoft.com/kb/3024777

[Jack Chen]

• Windows 7 Enterprise SP1 64-bit
  VBoxStartup log attached
  anti-virus, firewalls were all disabled

[mpack]

@Jack Chen: see my post immediately above yours.

[pal1000]

Microsoft Windows 7 Home Premium SP1 x64 patched to date. Had the taboo windows update, but it was removed via it's follow-up update (no manual update uninstall). Virtualbox has not been started in between.
Microsoft Security Essentials: 4.6.305;
Malwarebytes Anti-Malware 2.0.4.028;
This issue happens randomly sometimes. It goes away after reboot, but it can happen anytime (race condition - like behavior).
Fortunately it doesn't happen often. Chances don't exceed 10%.
Error signature is identical to the one from here:
viewtopic.php?f=6&t=64777&start=30#p306213
When issue occurs VirtualBox.exe process cannot be terminated normally and as such it has to be task-killed manually or automatically on log off / shutdown /restart.
This issue mostly happens if I open Virtualbox while a web browser is running. This scenario makes the security software over-thinking things and blocks Virtualbox. Disable real-time protection + re-log on is not enough to lift the ban, have to reboot.

Good news. This seams to be no longer reproducible in v4.3.21-97569.

[Wulfhere]

I just recently updated my Symantec from 12.1.4013 to 12.1.5 (RU5 build 5337). Until then, Virtualbox was working fine. I do not use Application and device control on my group (as domain admin) and I manage my WSUS server (so no patch from Microsoft to blame). I was getting the dreaded 'Result Code: E_FAIL (0x80004005)' like others posted here when attempting to start my Windows 7 32-bit guest (from Windows 7 64bit host). I was reading through the log as was suggested and found references to Symantec. I was in a hurry as I had to provide support access for another application. I removed the Symantec Client 12.1.5, rebooted, installed the 12.1.4013 and rebooted once again. I am back to the ability to run guests on my system. My Virtualbox is 4.3.20 r96997 and has been all through this experience.
I know all this sounds like a Symantec issue, but I have read all through this forum and it's predecessor (4.3.18). My antivirus update is no different in result with Virtualbox as it has been for at least 3 other AV products (+ or - 2 or 3 free versions). I do not have the time to remove Virtualbox, update my Client once again and re-install Virtualbox 4.3.20 to test my theory. That is, the hardening of Virtualbox is much like an AV function. When you make a change to Windows (like a certificate patch we are not supposed to reference here, or a security update) or update your AV product frequently as everyone knows you should, with Virtualbox watching the same arena for changes...Virtualbox chokes. If I were to test my theory (as I have already done the inverse), I could definitively say.. Give me the option for your hardening or for using my own (AV product).
Please don't throw another 'well, go use someone else's product, this one is free'. I am already licensed for another product and they also have a 'free' product with limited support. I choose to use Virtualbox for some instances and have used Virtualbox for several years. By the way, Win 10 works fine on the other free product. Back to my case, if you give us the option with a disclaimer, would that not solve the issue? There are a lot of people here trying to help, shutting them down helps no one.

[mpack]

@Wulfhere: If reporting a hardening issue then please provide the relevant VBoxStartup.log files as requested in the first message of this discussion. If you can't do that then please don't post in this thread: this thread is specifically for providing startup diagnostics to the devteam. If all you want to do is discuss the 4.3.20 release then post instead in the Discuss the 4.3.20 release topic.

[Vendetta]

hardening issue on windows 8.1 and I can't upload the vboxstartup log because its more than 128kb

[Vendetta]

Okay here it is in compressed format

[Something1]

I have the same R3 module error on the first page, and I know my uxtheme.dll is modified.
I'm wondering how I can revert it to the original, I don't remember what I did 3 years ago.. I don't see any theme extension software or anything.

I have a backup of the unmodified uxtheme.dll but I don't know what I should do to get rid of the modified version and start using the unhacked one. I tried placing the backup original file into my virtualbox folder and nothing happened, still the same error.

Edit: FIXED!!

Solution: If you downloaded third party themes and have a modified uxtheme.dll and you're trying to revert it back. Download universal theme patcher! install it and when it gives you the option to patch or restore, click restore under the uxtheme.dll option and you'll be able to run virtual box again!

[mpack]

@Vendetta: you appear to have installed something called "Internet Download Manager" which, for some reason, is injecting the unsigned "idmmkb.dll" into the VirtualBox execution space. GIven what I assume it does, I'm surprised it's so indiscriminate in where it copies itself.

@Something1: thanks, but the uxtheme.dll issue has been discussed in this thread already. And a workaround suggested which I would say is less drastic than yours.