virtualbox.org

[Cerberus]

Hi,

I've inherited a new machine and I'm unable to get a VM to start. The symptoms I'm seeing are similar to others in this thread, but if this isn't a security issue, please let me know which thread can help me.

Windows 7 Enterprise Serpvice Pack 1
Symantec Enpoint Protection 12.1.5337.5000
VirtualBox 4.3.20 r96997

Log is attached. Please let me know if you need other info.

Thanks!

[mpack]

Hmm. Win7 32bit host. Three guesses what the problem is.

1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

[Cerberus]

It's a 64 bit host. Looking at past posts on this error is conflicting. Some say it's Symantec (I did add an exception), others say it's various windows updates (Windows shows up-to-date).

Hmm. Win7 32bit host. Three guesses what the problem is.

1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

[MikeDiack]

To Cerberus:
I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes. Try uninstalling SEP and see if the problem goes away - I'm certain it will - if so, please report your findings here. Adding an exclusion For Virtual Box, may or may not help, the posts haven't been 100% clear that way.

[Petr Vones]

I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes.

Have you tried this: How to create an Application Control exception or stop sysfer.dll injection into a process with SEP http://www.symantec.com/business/suppor ... HOWTO95454 ?

[rnewman]

Hello,
No go with the latest build.

OS - Win7 Professional 64bit - SP1
Trendmicro Office Scan - 11.0.1454
Virtualbox - 4.3.21-98193

Screen shot and startup log attached.

-Richard

[mongorian]

Hi All -

I have posted previously on this issue and I have the problem with SEP where the process is never able to launch (instead you get the "progress" window that never leaves 0%). I saw the Symantec post earlier on (and referenced recently above) about how to correct this problem, but this being an enterprise owned and controlled system I do not seem to have access to any of these exception options.

Does anyone have any idea of any other way to workaround this issue, within the confines of an enterprise managed SEP installation? I do have Adminstrator privileges, but SEP is still locked down for me.

[MikeDiack]

Hi mongorian

In short, currently SEP is pretty much incompatible with VBox (versions 4.3.14 and later up to the current build 4.3.20)

In more detail:
Sadly no. For those of us in SEP systems in managed environments, where we cannot control the the locked downness of SEP with application controls, then current (and most builds going back to 4.3.14) of Virtual Box simply don't work with SEP 12.1.
It's really frustrating. I've contacted Symantec support to point this out, as well as posting here, as have many others. I have had a thought about an experiment I may try soon that may help though. I will let you know of the results.

Mike

[Jacob Klein]

Note: Oracle VirtualBox v4.3.22 Build 98236 ... was publicly released yesterday.
You should test against this, as the new baseline.

[mpack]

Per the previous post, the new 4.2.22 security discussion topic is here.

Locking this one.