Windows 4.3.20 specifically for errors due to security
-
- Posts: 2
- Joined: 5. Feb 2015, 22:12
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Windows 7, Window 8.1, Windows 10, Unbuntu
Re: Windows 4.3.20 specifically for errors due to security
I upgraded from 4.3.10 to 4.3.20 and I created a new VM (Windows 10 tech preview). After that initial install the VM has not run and none of existing VMs (Win7 x64, Win 8.1 x64 and Ubuntu x64) run. I have tried removing a couple of KBs that have been mentioned in the thread (KB3000850 and KB3004394), but they are not installed.
Host: Windows 7 SP1 x64
Running McAfee enterprise level anti-virus (Particulars listed below)
McAfee Agent
Version number: 4.8.0.1500
Managed
Last security update check: 2/5/2015 12:00:06 PM
Last agent-to-server communication: 2/4/2015 5:07:35 PM
Agent to Server Communication Interval (every): 1 hour
Policy Enforcement Interval (every): 5 minutes
Agent ID: {A043C01D-1014-4E0D-A4A6-0FA146DACB29}
ePO Server/Agent Handler
McAfee ePO Deep Command Discovery Plugin
Version number: 2.2.0.371
Language: Multiple
McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.1247)
Build date: 1/16/2014
Anti-virus License Type: licensed
Scan engine version (32-bit): 5700.7163
Scan engine version (64-bit): 5700.7163
DAT version: 7702.0000
DAT Created on: 2/4/2015
Number of Signatures in extra.dat: 0
Name of threats that extra.dat can detect: None
Buffer Overflow and Access Protection DAT version: 659
Installed Patches: 4
Installed Modules:
Host: Windows 7 SP1 x64
Running McAfee enterprise level anti-virus (Particulars listed below)
McAfee Agent
Version number: 4.8.0.1500
Managed
Last security update check: 2/5/2015 12:00:06 PM
Last agent-to-server communication: 2/4/2015 5:07:35 PM
Agent to Server Communication Interval (every): 1 hour
Policy Enforcement Interval (every): 5 minutes
Agent ID: {A043C01D-1014-4E0D-A4A6-0FA146DACB29}
ePO Server/Agent Handler
McAfee ePO Deep Command Discovery Plugin
Version number: 2.2.0.371
Language: Multiple
McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.1247)
Build date: 1/16/2014
Anti-virus License Type: licensed
Scan engine version (32-bit): 5700.7163
Scan engine version (64-bit): 5700.7163
DAT version: 7702.0000
DAT Created on: 2/4/2015
Number of Signatures in extra.dat: 0
Name of threats that extra.dat can detect: None
Buffer Overflow and Access Protection DAT version: 659
Installed Patches: 4
Installed Modules:
-
- Posts: 12
- Joined: 26. May 2013, 04:34
Re: Windows 4.3.20 specifically for errors due to security
mpack wrote:What possessed you to convert the log to rtf? (wtf? rtf?).
Review the thread - I think I've posted enough about the Windows Update problem already.MikePar3IT.vboxstartup.log wrote: 101c.1064: Image Version: 6.1
...
14fc.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \\Device\\HarddiskVolume3\\Windows\\System32\\kernel32.dll [lacks WinVerifyTrust
Just a reply here regarding the KB3004394 problem; apparently that patch has been seen to hide itself, so you won't know it's still there, and cannot be removed (http://www.infoworld.com/article/285926 ... 4fe21.html). So I think VB needs to have a switch to *disable* the security check. Sure, put a big red warning next to the checkbox, but put it there regardless.
-
- Posts: 291
- Joined: 25. Aug 2011, 19:17
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: MS Windows (several versions); DOS
Re: Windows 4.3.20 specifically for errors due to security
I think I have come across another manifestation of the security problem. (I am not quite sure, because the form of this is rather different from what others have experienced, but the tail end of the log file suggests this is what it is to do with.)
I have been trying a variety of OSes, and have come across a problem when using VBox 4.3.14, ...18 and ...20. (I haven't tried 4.3.16) With these the VM will start, and will run perfectly well up to the first change of disk. However, when I click on "Choose a virtual floppy disk file" or "Choose a virtual CD/DVD file", then instead of the Windows "Choose file" dialog popping up, the virtual machine freezes. There is no error message, just the host's "Wait" cursor (the spinning circle because I am on Windows 7) and eventually a "(not responding)" message from the host in the Window title. At this point the VM will not respond to anything - you cannot stop it with Host-Q for instance - though you can kill the host process from the window Close button (or from Task Manager).
This phenomenon isn't totally consistent. Sometimes it does work, but usually it doesn't.
I am not complaining about this. I have gone back to 4.3.12 and everything is fine. I am simply reporting the issue in case it is useful in sorting out the security problem.
I am attaching a log file (as far as it goes - since the VM had to be forcibly aborted, the log doesn't finish properly). This one was from an early OS, as it happens, but that fact doesn't seem to be relevant. The issue occurs with any guest.
I have been trying a variety of OSes, and have come across a problem when using VBox 4.3.14, ...18 and ...20. (I haven't tried 4.3.16) With these the VM will start, and will run perfectly well up to the first change of disk. However, when I click on "Choose a virtual floppy disk file" or "Choose a virtual CD/DVD file", then instead of the Windows "Choose file" dialog popping up, the virtual machine freezes. There is no error message, just the host's "Wait" cursor (the spinning circle because I am on Windows 7) and eventually a "(not responding)" message from the host in the Window title. At this point the VM will not respond to anything - you cannot stop it with Host-Q for instance - though you can kill the host process from the window Close button (or from Task Manager).
This phenomenon isn't totally consistent. Sometimes it does work, but usually it doesn't.
I am not complaining about this. I have gone back to 4.3.12 and everything is fine. I am simply reporting the issue in case it is useful in sorting out the security problem.
I am attaching a log file (as far as it goes - since the VM had to be forcibly aborted, the log doesn't finish properly). This one was from an early OS, as it happens, but that fact doesn't seem to be relevant. The issue occurs with any guest.
- Attachments
-
- VBox.zip
- (12.04 KiB) Downloaded 23 times
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Windows 4.3.20 specifically for errors due to security
@dlharper
I don't believe it's the security hardening problem. If it were, you wouldn't be able to launch your VM at all. I would head to the general discussion about 4.3.20: Discuss the 4.3.20 release.
I don't believe it's the security hardening problem. If it were, you wouldn't be able to launch your VM at all. I would head to the general discussion about 4.3.20: Discuss the 4.3.20 release.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 291
- Joined: 25. Aug 2011, 19:17
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: MS Windows (several versions); DOS
Re: Windows 4.3.20 specifically for errors due to security
You may well be right. I was guessing from the fact that the last line in the log file, which is where everything fails, is a security error message.socratis wrote:I don't believe it's the security hardening problem. If it were, you wouldn't be able to launch your VM at all. I would head to the general discussion about 4.3.20: Discuss the 4.3.20 release.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.20 specifically for errors due to security
Actually, I believe VBox continues to filter all DLL loads within the host process, so even if the load is delayed then it still gets checked.
In this case I have to go with dlharper: the problem seems to be Avast trying to sneak an unsigned DLL into the VBox process. I see this is with 4.3.18, which strictly speaking makes it off topic here. The devs will perhaps only be interested in evidence you provide related to 4.3.20 or 4.3.21.
In this case I have to go with dlharper: the problem seems to be Avast trying to sneak an unsigned DLL into the VBox process. I see this is with 4.3.18, which strictly speaking makes it off topic here. The devs will perhaps only be interested in evidence you provide related to 4.3.20 or 4.3.21.
-
- Posts: 291
- Joined: 25. Aug 2011, 19:17
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: MS Windows (several versions); DOS
Re: Windows 4.3.20 specifically for errors due to security
I got exactly the same result with 4.3.20 before trying some intermediate versions. I am not wildly keen on re-installing 4.3.20 just to create a log file of a failure, and then having to uninstall it and then reinstall 4.3.12 to get something that works for me. (I managed to screw things up yesterday by installing an earlier version over a later one, without remembering to uninstall the newer one first. It took several hours to sort that out!)
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.20 specifically for errors due to security
I understand, just a note for the future.
-
- Posts: 129
- Joined: 23. May 2014, 12:35
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: XP Pro, Win7, Win10
Re: Windows 4.3.20 specifically for errors due to security
Trying to start Win7 32bit guest in Win7 32bit host.
On Host:
Antivirus None
Firewall None
Protection Software None
Debugging programs None
- Attachments
-
- VBox.zip
- (10.94 KiB) Downloaded 26 times
-
- Site Moderator
- Posts: 34369
- Joined: 6. Sep 2008, 22:55
- Primary OS: Linux other
- VBox Version: OSE self-compiled
- Guest OSses: *NIX
Re: Windows 4.3.20 specifically for errors due to security
To start with you have over committed your memory. See if you can fix that first and then see if the other errors go away.00:00:00.771393 Host RAM: 3405MB total, 798MB available
00:00:00.915070 RamSize <integer> = 0x0000000040000000 (1 073 741 824, 1 024 MB)
00:01:07.097149 VM: Raising runtime error 'HostMemoryLow' (fFlags=0x2)
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Windows 4.3.20 specifically for errors due to security
That and uninstall "Spell Catcher+", or get them to sign their DLLs if they intend to inject them into some other apps' execution space.
-
- Posts: 2
- Joined: 10. Sep 2014, 18:56
Re: Windows 4.3.20 specifically for errors due to security
Windows 7 32 bit sp1
MS Security Essentials
V Box 4.3.20 r96997
---------------------------
VirtualBox.exe - Application Error
---------------------------
The instruction at 0x00000000 referenced memory at 0x00000000. The memory could not be written.
Thank you in advance.
MS Security Essentials
V Box 4.3.20 r96997
---------------------------
VirtualBox.exe - Application Error
---------------------------
The instruction at 0x00000000 referenced memory at 0x00000000. The memory could not be written.
Thank you in advance.
- Attachments
-
- VBox.zip
- (64.99 KiB) Downloaded 23 times
Re: Windows 4.3.20 specifically for errors due to security
I read that post.mpack wrote:@Beomagi: you have the KB3004394 problem. Read the first post.
I don't have that KB - I didn't see that installed, AND I ran the fix to remove it.
Re: Windows 4.3.20 specifically for errors due to security
Host: Windows 8.1
Guest: any, tested with Sabayon Linux (installed long time ago) and Modern.IE virtual box snapshot
AV/firewall: none
Windows update: I have installed KB3004394 but I read in this thread that this update is buggy only on Win7 hosts, since I have Win8.1 I haven't uninstalled it.
Issue: Unable to start virtual machine. Popup window appeared with error message, pasted below.
Version: 4.3.20 r96997
Guest: any, tested with Sabayon Linux (installed long time ago) and Modern.IE virtual box snapshot
AV/firewall: none
Windows update: I have installed KB3004394 but I read in this thread that this update is buggy only on Win7 hosts, since I have Win8.1 I haven't uninstalled it.
Issue: Unable to start virtual machine. Popup window appeared with error message, pasted below.
Version: 4.3.20 r96997
Honestly, I am not sure is this the right thread for my post... If it's not please tell me where to post. Thanks.Failed to open a session for the virtual machine IE9 - Win7.
The virtual machine 'IE9 - Win7' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\***\VirtualBox VMs\IE9 - Win7\Logs\VBoxStartup.log'.
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
- Attachments
-
- VBoxStartup.7z
- (2.47 KiB) Downloaded 23 times
-
- Posts: 75
- Joined: 20. Mar 2009, 15:57
- Primary OS: MS Windows 8.1
- VBox Version: PUEL
- Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
- Location: UK
Re: Windows 4.3.20 specifically for errors due to security
A small bit of good news on the test build in at least one configuration
Quick report on the test build: 4.3.21-97963 running on a fully patched Windows 8.1 64 bit host with Comodo Internet Security 8.1.0.4426 (which was released on 4 Feb 2015).
Linux and XP guests are working fine on this configuration.
I don't currently have access to a host system with Symantec Endpoint Protection 12.1 RU5 (though I will soon!), but it sounds like others have not had success in this configuration.
Quick report on the test build: 4.3.21-97963 running on a fully patched Windows 8.1 64 bit host with Comodo Internet Security 8.1.0.4426 (which was released on 4 Feb 2015).
Linux and XP guests are working fine on this configuration.
I don't currently have access to a host system with Symantec Endpoint Protection 12.1 RU5 (though I will soon!), but it sounds like others have not had success in this configuration.