Windows 4.3.20 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.

Re: Windows 4.3.20 specifically for errors due to security

Postby Cerberus » 11. Feb 2015, 18:45

Hi,

I've inherited a new machine and I'm unable to get a VM to start. The symptoms I'm seeing are similar to others in this thread, but if this isn't a security issue, please let me know which thread can help me.

Windows 7 Enterprise Serpvice Pack 1
Symantec Enpoint Protection 12.1.5337.5000
VirtualBox 4.3.20 r96997

Log is attached. Please let me know if you need other info.

Thanks!
Attachments
VBoxStartup.zip
(3.83 KiB) Downloaded 30 times
Cerberus
 
Posts: 2
Joined: 11. Feb 2015, 18:38

Re: Windows 4.3.20 specifically for errors due to security

Postby mpack » 11. Feb 2015, 19:22

Hmm. Win7 32bit host. Three guesses what the problem is.

cerberus.startup.log wrote:1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
mpack
Site Moderator
 
Posts: 30035
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Postby Cerberus » 11. Feb 2015, 21:30

It's a 64 bit host. Looking at past posts on this error is conflicting. Some say it's Symantec (I did add an exception), others say it's various windows updates (Windows shows up-to-date).

mpack wrote:Hmm. Win7 32bit host. Three guesses what the problem is.

cerberus.startup.log wrote:1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
Cerberus
 
Posts: 2
Joined: 11. Feb 2015, 18:38

Re: Windows 4.3.20 specifically for errors due to security

Postby MikeDiack » 12. Feb 2015, 00:13

To Cerberus:
I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes. Try uninstalling SEP and see if the problem goes away - I'm certain it will - if so, please report your findings here. Adding an exclusion For Virtual Box, may or may not help, the posts haven't been 100% clear that way.
MikeDiack
 
Posts: 66
Joined: 20. Mar 2009, 15:57
Location: UK
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Win 7, Vista, XP, Linux, Win 8/ Win 8.1, Win 2000, Win NT 4

Re: Windows 4.3.20 specifically for errors due to security

Postby Petr Vones » 12. Feb 2015, 12:25

MikeDiack wrote:I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes.

Have you tried this: How to create an Application Control exception or stop sysfer.dll injection into a process with SEP http://www.symantec.com/business/suppor ... HOWTO95454 ?
Petr Vones
 
Posts: 56
Joined: 27. Dec 2012, 01:20
Location: Czech Republic
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Windows Server 2008+ 64-bit

Re: Windows 4.3.20 specifically for errors due to security

Postby rnewman » 12. Feb 2015, 15:08

Hello,
No go with the latest build.

OS - Win7 Professional 64bit - SP1
Trendmicro Office Scan - 11.0.1454
Virtualbox - 4.3.21-98193

Screen shot and startup log attached.

-Richard
Attachments
VirtualBox-4.3.21-98193.zip
(191.42 KiB) Downloaded 43 times
rnewman
 
Posts: 37
Joined: 11. Sep 2014, 19:58

Re: Windows 4.3.20 specifically for errors due to security

Postby mongorian » 13. Feb 2015, 01:16

Hi All -

I have posted previously on this issue and I have the problem with SEP where the process is never able to launch (instead you get the "progress" window that never leaves 0%). I saw the Symantec post earlier on (and referenced recently above) about how to correct this problem, but this being an enterprise owned and controlled system I do not seem to have access to any of these exception options.

Does anyone have any idea of any other way to workaround this issue, within the confines of an enterprise managed SEP installation? I do have Adminstrator privileges, but SEP is still locked down for me.
mongorian
 
Posts: 15
Joined: 27. Aug 2012, 18:51

Re: Windows 4.3.20 specifically for errors due to security

Postby MikeDiack » 13. Feb 2015, 11:46

Hi mongorian

In short, currently SEP is pretty much incompatible with VBox (versions 4.3.14 and later up to the current build 4.3.20)

In more detail:
Sadly no. For those of us in SEP systems in managed environments, where we cannot control the the locked downness of SEP with application controls, then current (and most builds going back to 4.3.14) of Virtual Box simply don't work with SEP 12.1.
It's really frustrating. I've contacted Symantec support to point this out, as well as posting here, as have many others. I have had a thought about an experiment I may try soon that may help though. I will let you know of the results.

Mike
MikeDiack
 
Posts: 66
Joined: 20. Mar 2009, 15:57
Location: UK
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Win 7, Vista, XP, Linux, Win 8/ Win 8.1, Win 2000, Win NT 4

Re: Windows 4.3.20 specifically for errors due to security

Postby Jacob Klein » 13. Feb 2015, 12:26

Note: Oracle VirtualBox v4.3.22 Build 98236 ... was publicly released yesterday.
You should test against this, as the new baseline.
Jacob Klein
 
Posts: 505
Joined: 20. Nov 2013, 01:07

Re: Windows 4.3.20 specifically for errors due to security

Postby mpack » 13. Feb 2015, 13:04

Per the previous post, the new 4.2.22 security discussion topic is here.

Locking this one.
mpack
Site Moderator
 
Posts: 30035
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Previous

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 55 guests