Page 1 of 14

Windows 4.3.20 specifically for errors due to security

PostPosted: 22. Nov 2014, 09:34
by MikeDiack
Continuation of https://forums.virtualbox.org/viewtopic.php?f=6&t=64111 for VirtualBox version 4.3.20.

NOTE 12th Dec: if you have a Windows 7 host that started failing in the last few days then this is most like due to buggy Windows update KB3004394. Microsoft have released a fix here. Do not post about your problem until you have tried their fix. While this Windows bug does trip over the VirtualBox hardening feature, it is not caused by it, and therefore is not a problem that should be discussed in this topic.

This topic is specifically for Windows users that may still have issues seen in version 4.3.20 caused by security being strengthened.

If you want to be taken seriously you need to post a few items as attachments (compressed is preferred)

    1) Host OS and version
    2) VBoxStartup.log (zipped)
    3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.

As in the previous (4.3.14, 4.3.16, 4.3.18) discussions, the purpose of this topic is to gather diagnostic data needed to solve the hardening issues, and nothing else. Wibble posts, opinion posts, and posts that don't include necessary diagnostics will most likely be deleted. If a test build is created then you'll be expected to have tried it before you post.

Please be explicit about errors. Don't say "same as xxxxx". See list above for what's required.

Test builds can be found here: https://www.virtualbox.org/wiki/Testbuilds


---- Original message by MikeDiack.

I thought we'd best create this, as people are posting 4.3.20 problems at the end of the 4.3.18 thread...
Please post entries here

Early signs are that:

Comodo has problems with the 4.3.20 build 96996 build.
Symantec Endpoint Protection has problems with the 4.3.20 build 96996 build.
It sounds like Avast is working.

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 22. Nov 2014, 16:02
by MuldeR
VirtualBox 4.3.20, Release-Build 96996

Starting with VirtualBox v4.3.18, including all the VirtualBox v4.3.19 Test-Builds and the VirtualBox v4.3.20 Release-Build, the following error occurs with all VM's (32-Bit and 64-Bit) that I try to launch under Windows 7 (x64):

Image Image

The last VirtualBox version that was still working under Windows 7 (x64) was v4.3.16. Pleaser fix this serious regression...

(At least restoring the "working" state from v4.3.16 would be a first step :roll:)

Code: Select all   Expand viewCollapse view
Host System: Windows 7 (x64), Service Pack 1, fully patched
Antivirus: Microsoft Security Essentials
Firewall: None (except for the standard Windows Firewall, of course)

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 22. Nov 2014, 17:36
by Petr Vones
MuldeR wrote:The last VirtualBox version that was still working under Windows 7 (x64) was v4.3.16. Pleaser fix this serious regression...
The log says you very likely use modified unsigned vesion of uxtheme.dll to get useable UI in Windows 7. VirtualBox no longer allows this, you are no longer owner of your system, you must use signed DLLs only :D Try to copy original unmodified Microsoft uxtheme.dll (presuming you have its backup) into the virtualbox directory where virtualbox.exe resides. This should satisfy the malware check and VirtualBox UI will look ugly but it should not affect other applications look as you probably wanted. If it does not work you have to revert back to the original uxtheme.dll in windows system directory but you will lose the Windows UI customization at all, for all applications.

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 22. Nov 2014, 19:33
by Docfxit
After installing ver. 4.3.20 and a reboot of the host, I can't get a win7 guest to start. This is the same problem I had in ver. 4.3.18

Image

Host Win7 sp1
Guest Win7 sp1
Host Anti-virus Bitdefender 2014
Host Firewall ZoneAlarm 13.3.052.000

Thank you for working on this,

Docfxit

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 23. Nov 2014, 15:10
by alfreire
Petr Vones wrote:
MuldeR wrote:The last VirtualBox version that was still working under Windows 7 (x64) was v4.3.16. Pleaser fix this serious regression...
The log says you very likely use modified unsigned vesion of uxtheme.dll to get useable UI in Windows 7. VirtualBox no longer allows this, you are no longer owner of your system, you must use signed DLLs only :D Try to copy original unmodified Microsoft uxtheme.dll (presuming you have its backup) into the virtualbox directory where virtualbox.exe resides. This should satisfy the malware check and VirtualBox UI will look ugly but it should not affect other applications look as you probably wanted. If it does not work you have to revert back to the original uxtheme.dll in windows system directory but you will lose the Windows UI customization at all, for all applications.

Resolved problem for me too... thank you very much... :D
Regards... ;-)

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 23. Nov 2014, 19:29
by ProTofik
Every single version of VirtualBox released after 4.2.12 is failing to start virtual machines.
Here is the log:
Code: Select all   Expand viewCollapse view
50c.c68: Log file opened: 4.3.20r96996 g_hStartupLog=000000000000006c g_uNtVerCombined=0x63258000
50c.c68: \SystemRoot\System32\ntdll.dll:
50c.c68:     CreationTime:    2014-11-20T17:40:25.033193200Z
50c.c68:     LastWriteTime:   2014-10-29T03:53:30.904424400Z
50c.c68:     ChangeTime:      2014-11-20T17:48:08.848209700Z
50c.c68:     FileAttributes:  0x20
50c.c68:     Size:            0x1a7540
50c.c68:     NT Headers:      0xd8
50c.c68:     Timestamp:       0x5450559e
50c.c68:     Machine:         0x8664 - amd64
50c.c68:     Timestamp:       0x5450559e
50c.c68:     Image Version:   6.3
50c.c68:     SizeOfImage:     0x1ac000 (1753088)
50c.c68:     Resource Dir:    0x148000 LB 0x62450
50c.c68:     ProductName:     Microsoft® Windows® Operating System
50c.c68:     ProductVersion:  6.3.9600.17415
50c.c68:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
50c.c68:     FileDescription: NT Layer DLL
50c.c68: \SystemRoot\System32\kernel32.dll:
50c.c68:     CreationTime:    2014-11-20T17:40:18.435263900Z
50c.c68:     LastWriteTime:   2014-10-29T04:09:24.572407200Z
50c.c68:     ChangeTime:      2014-11-20T17:48:07.534671500Z
50c.c68:     FileAttributes:  0x20
50c.c68:     Size:            0x13fc30
50c.c68:     NT Headers:      0xf8
50c.c68:     Timestamp:       0x545054ca
50c.c68:     Machine:         0x8664 - amd64
50c.c68:     Timestamp:       0x545054ca
50c.c68:     Image Version:   6.3
50c.c68:     SizeOfImage:     0x13e000 (1302528)
50c.c68:     Resource Dir:    0x12e000 LB 0x518
50c.c68:     ProductName:     Microsoft® Windows® Operating System
50c.c68:     ProductVersion:  6.3.9600.17415
50c.c68:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
50c.c68:     FileDescription: Windows NT BASE API Client DLL
50c.c68: \SystemRoot\System32\KernelBase.dll:
50c.c68:     CreationTime:    2014-11-20T17:40:26.797569900Z
50c.c68:     LastWriteTime:   2014-10-29T03:55:08.402989600Z
50c.c68:     ChangeTime:      2014-11-20T17:47:50.900058700Z
50c.c68:     FileAttributes:  0x20
50c.c68:     Size:            0x114a90
50c.c68:     NT Headers:      0xf0
50c.c68:     Timestamp:       0x54505737
50c.c68:     Machine:         0x8664 - amd64
50c.c68:     Timestamp:       0x54505737
50c.c68:     Image Version:   6.3
50c.c68:     SizeOfImage:     0x115000 (1134592)
50c.c68:     Resource Dir:    0x110000 LB 0x3528
50c.c68:     ProductName:     Microsoft® Windows® Operating System
50c.c68:     ProductVersion:  6.3.9600.17415
50c.c68:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
50c.c68:     FileDescription: Windows NT BASE API Client DLL
50c.c68: \SystemRoot\System32\apisetschema.dll:
50c.c68:     CreationTime:    2013-08-22T12:13:09.745625900Z
50c.c68:     LastWriteTime:   2013-08-22T12:35:12.091034400Z
50c.c68:     ChangeTime:      2014-10-01T07:55:08.688676900Z
50c.c68:     FileAttributes:  0x20
50c.c68:     Size:            0x11360
50c.c68:     NT Headers:      0xd0
50c.c68:     Timestamp:       0x52160049
50c.c68:     Machine:         0x8664 - amd64
50c.c68:     Timestamp:       0x52160049
50c.c68:     Image Version:   6.3
50c.c68:     SizeOfImage:     0x13000 (77824)
50c.c68:     Resource Dir:    0x11000 LB 0x3f8
50c.c68:     ProductName:     Microsoft® Windows® Operating System
50c.c68:     ProductVersion:  6.3.9600.16384
50c.c68:     FileVersion:     6.3.9600.16384 (winblue_rtm.130821-1623)
50c.c68:     FileDescription: ApiSet Schema DLL
50c.c68: NtOpenDirectoryObject failed on \Driver: 0xc0000022
50c.c68: supR3HardenedWinFindAdversaries: 0x0
50c.c68: Calling main()
50c.c68: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
50c.c68: SUPR3HardenedMain: Respawn #1
50c.c68: System32:  \Device\HarddiskVolume4\Windows\System32
50c.c68: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
50c.c68: KnownDllPath: C:\Windows\system32
50c.c68: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
50c.c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
50c.c68: supR3HardNtEnableThreadCreation:
50c.c68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb2cbaa650 pvNtTerminateThread=00007ffb2cc21170
50c.c68: supR3HardenedWinDoReSpawn(1): New child e90.1bf4 [kernel32].
50c.c68: supR3HardNtChildGatherData: PebBaseAddress=00007ff72645f000 cbPeb=0x388
50c.c68: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb2cb90000 uNtDllChildAddr=00007ffb2cb90000
50c.c68: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb2cbaa650
50c.c68: supR3HardenedWinSetupChildInit: Start child.
50c.c68: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
50c.c68: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
50c.c68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
50c.c68:  *0000000000000000-fffffffffff9ffff 0x0001/0x0000 0x0000000
50c.c68:  *0000000000060000-000000000003ffff 0x0004/0x0004 0x0020000
50c.c68:  *0000000000080000-0000000000070fff 0x0002/0x0002 0x0040000
50c.c68:   000000000008f000-000000000008dfff 0x0001/0x0000 0x0000000
50c.c68:  *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
50c.c68:   000000000018c000-0000000000188fff 0x0104/0x0004 0x0020000
50c.c68:   000000000018f000-000000000018dfff 0x0004/0x0004 0x0020000
50c.c68:  *0000000000190000-000000000018bfff 0x0002/0x0002 0x0040000
50c.c68:   0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000
50c.c68:  *00000000001a0000-000000000019dfff 0x0004/0x0004 0x0020000
50c.c68:   00000000001a2000-0000000000193fff 0x0001/0x0000 0x0000000
50c.c68:  *00000000001b0000-00000000001aefff 0x0040/0x0040 0x0020000 !!
50c.c68: supHardNtVpScanVirtualMemory: Freeing exec mem at 00000000001b0000 (00000000001b0000 LB 0x1000)
50c.c68:   00000000001b1000-ffffffff80381fff 0x0001/0x0000 0x0000000
50c.c68:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
50c.c68:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
50c.c68:   000000007fff0000-ffff8009d9baffff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff726430000-00007ff72640cfff 0x0002/0x0002 0x0040000
50c.c68:   00007ff726453000-00007ff726448fff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff72645d000-00007ff72645afff 0x0004/0x0004 0x0020000
50c.c68:  *00007ff72645f000-00007ff72645dfff 0x0004/0x0004 0x0020000
50c.c68:   00007ff726460000-00007ff725fbffff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff726900000-00007ff7268fefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726901000-00007ff72687cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726985000-00007ff726983fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726986000-00007ff726948fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c3000-00007ff7269c1fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c4000-00007ff7269c2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c5000-00007ff7269c2fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c7000-00007ff7269c5fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c8000-00007ff7269c6fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c9000-00007ff7269c4fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269cd000-00007ff726993fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726a06000-00007ff32087bfff 0x0001/0x0000 0x0000000
50c.c68:  *00007ffb2cb90000-00007ffb2cb8efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2cb91000-00007ffb2ca64fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccbd000-00007ffb2ccb6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccc3000-00007ffb2ccb5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd0000-00007ffb2cccefff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd1000-00007ffb2cccdfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd4000-00007ffb2ccd2fff 0x0010/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd5000-00007ffb2cc6dfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2cd3c000-00007ff659a97fff 0x0001/0x0000 0x0000000
50c.c68:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
50c.c68: VirtualBox.exe: timestamp 0x546f44b2 (rc=VINF_SUCCESS)
50c.c68: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
50c.c68: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
50c.c68: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
50c.c68: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 60 sleeps
50c.c68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
50c.c68:  *0000000000000000-fffffffffff9ffff 0x0001/0x0000 0x0000000
50c.c68:  *0000000000060000-000000000003ffff 0x0004/0x0004 0x0020000
50c.c68:  *0000000000080000-0000000000070fff 0x0002/0x0002 0x0040000
50c.c68:   000000000008f000-000000000008dfff 0x0001/0x0000 0x0000000
50c.c68:  *0000000000090000-fffffffffff93fff 0x0000/0x0004 0x0020000
50c.c68:   000000000018c000-0000000000188fff 0x0104/0x0004 0x0020000
50c.c68:   000000000018f000-000000000018dfff 0x0004/0x0004 0x0020000
50c.c68:  *0000000000190000-000000000018bfff 0x0002/0x0002 0x0040000
50c.c68:   0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000
50c.c68:  *00000000001a0000-000000000019dfff 0x0004/0x0004 0x0020000
50c.c68:   00000000001a2000-ffffffff80363fff 0x0001/0x0000 0x0000000
50c.c68:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
50c.c68:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
50c.c68:   000000007fff0000-ffff8009d9baffff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff726430000-00007ff72640cfff 0x0002/0x0002 0x0040000
50c.c68:   00007ff726453000-00007ff726448fff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff72645d000-00007ff72645afff 0x0004/0x0004 0x0020000
50c.c68:  *00007ff72645f000-00007ff72645dfff 0x0004/0x0004 0x0020000
50c.c68:   00007ff726460000-00007ff725fbffff 0x0001/0x0000 0x0000000
50c.c68:  *00007ff726900000-00007ff7268fefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726901000-00007ff72687cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726985000-00007ff726983fff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726986000-00007ff726948fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269c3000-00007ff7269b8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff7269cd000-00007ff726993fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68:   00007ff726a06000-00007ff32087bfff 0x0001/0x0000 0x0000000
50c.c68:  *00007ffb2cb90000-00007ffb2cb8efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2cb91000-00007ffb2ca64fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccbd000-00007ffb2ccb6fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccc3000-00007ffb2ccb5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd0000-00007ffb2cccbfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd4000-00007ffb2ccd2fff 0x0010/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2ccd5000-00007ffb2cc6dfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
50c.c68:   00007ffb2cd3c000-00007ff659a97fff 0x0001/0x0000 0x0000000
50c.c68:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
50c.c68: supR3HardNtChildPurify: Done after 848 ms and 1 fixes (loop #1).
e90.1bf4: Log file opened: 4.3.20r96996 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
e90.1bf4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb2cb90000
50c.c68: supR3HardNtEnableThreadCreation:
e90.1bf4: ntdll.dll: timestamp 0x5450559e (rc=VINF_SUCCESS)
e90.1bf4: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1753088 allocation)
e90.1bf4: System32:  \Device\HarddiskVolume4\Windows\System32
e90.1bf4: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
e90.1bf4: KnownDllPath: C:\Windows\system32
e90.1bf4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
e90.1bf4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
e90.1bf4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
e90.1bf4: Registered Dll notification callback with NTDLL.
e90.1bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
e90.1bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
e90.1bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
e90.1bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
e90.1bf4: supR3HardenedDllNotificationCallback: load   00007ffb29ec0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
e90.1bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
e90.1bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
e90.1bf4: supR3HardenedDllNotificationCallback: load   00007ffb2abe0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
e90.1bf4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
e90.1bf4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2abe0000 'C:\Windows\system32\KERNEL32.DLL'
e90.1bf4: supR3HardenedDllNotificationCallback: load   00007ff726900000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
e90.1bf4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
e90.1bf4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
e90.1bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
50c.c68: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 102 ms, CloseEvents);


I'm running VirtualBox 4.3.20 on fully up-to-date Windows 8.1. I already tried disabling anti-virus (Eset 8 Smart Security) but it doesn't change anything.
Version 4.2.12 works without a problem.

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 24. Nov 2014, 05:28
by pfeerick
As with previous builds, the release version of 4.3.20 is not working for me. SFC /SCANNOW has not found anything. Restarting has not changed anything. Will try removing A/V to see if that changes anything.

vbox-4.3.20-error.PNG
Error message when trying to start up virtual machine that previously worked with 4.3.12 (last usable version)
vbox-4.3.20-error.PNG (9.88 KiB) Viewed 59983 times


Edit: I can confirm in my case that Bitdefender AV Free is the culprit. Disabling the AV had no apparent effect, but uninstalling and rebooting did. I get got an error about the USB 2 controller (as I had not updated the extension pack yet - but disabling that in the VM settings resulting in normal startup). I've attached the log file for the working VM startup.

Host: Win7 Ultimate SP7
Guest: Win10 Preview
Host Anti-virus: Bitdefender Free (latest)
Host Firewall: Windows default

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 05:30
by MuldeR
So deleting posts is the reaction to people making legitimate bug reports? What's the purpose of a discussion forum (and even a dedicated thread!), if feedback is unwanted? :roll:

(For the very least, if you delete other people's posts, send a PM to inform those people about this action. And explain why it has been taken)

Petr Vones wrote:
MuldeR wrote:The last VirtualBox version that was still working under Windows 7 (x64) was v4.3.16. Pleaser fix this serious regression...
The log says you very likely use modified unsigned vesion of uxtheme.dll to get useable UI in Windows 7. VirtualBox no longer allows this, you are no longer owner of your system, you must use signed DLLs only :D Try to copy original unmodified Microsoft uxtheme.dll (presuming you have its backup) into the virtualbox directory where virtualbox.exe resides. This should satisfy the malware check and VirtualBox UI will look ugly but it should not affect other applications look as you probably wanted. If it does not work you have to revert back to the original uxtheme.dll in windows system directory but you will lose the Windows UI customization at all, for all applications.


@Petr Vones:
Peter Vones, thank you very much for this valuable information. Reverting to the standard theme has fixed it for me indeed!

@VirtualBox Developers:
  1. Please add an error message that is at least somewhat expressive, so normal users like me (who are not VirtualBox developers) have a chance to understand why VirtualBox refuses to work.
  2. Please make it clear, on the web-site and in the documentation, that VirtualBox v4.3.18 and v4.3.20 do not work on Windows when custom themes are in place. How could anybody have known that this can be a problem?
  3. Please add an option to allow VirtualBox to operate when custom Windows themes are in place. Security is good, but if VirtualBox dictates the user which themes he/she is allowed to use, then this has gone too far!
Image

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 09:25
by RelakS
@MuldeR
Let me guess, you were the one who _copied_ the log file instead of attach it.


Anyway, 4.3.20 does not work for me.

Environment:
On Windows 7 SP1 64bit with McAfee pack: Host Intrusion Precention 8.0 (8.0.0.2151), McAfee Agent 4.6.0.3122, Endpoint Encription Agent 1.2.1.315, Endpoint Encryption for PC 6.2.1.315, GTI Proxy Agent 1.1.0.550, Virus Scan Enterprise 8.8.0 (8.8.0.849)
VM extension pack 4.3.12 build93733

One virtual machine crashed - VBoxStartup.zip
Another one crashed the host - Minidump.zip - now it comes veith a VBoxStartup.log as well

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 14:00
by Anunes
Hi,
Just to reeport it is working!
Host : win 8.1 all updates ; KB 3000850 removed
Cpu : intel i5
Dual GPU : Intel 4600 and Nvidia Gt740M
Guest: Linux Mint; Win 10 Preview x32 /x64
AV: Windows Defender and Windows Firewall

Guest Aditions is also working

Some remarks:
I find 4.3.20 is slower than 4.3.12 and seems to me not so responsive to the keyboard. There are some delays on the keystrokes.

I think there is some problem with "Windows Database Update", I am getting error 80070490 when I run the troubleshooting . It says it is repaired but if I run it again the error is still there.
After installing 4.3.20 and re-run that troubleshooting , VB could not start afterwords, there was a msg to re-install it and had some garbage on the msg.
Uninstall VB a re-install it solved the problem.

That error 80070490 was apearing with 4.3.12.
After I uninstaled KB 3000850 the error 80070490 was gone. Next time I removed 4.3.12 it appeared again and I can not get ride of it.

EDIT: 4.3.20 is as quick as 4.3.12 or even more quick. The slowness I exepreeinced above was, may be, because of the first Starts of the Guest's or heavy system activity.

It is the 2nd. time I get a error on closing VirtualBox : There pop's up a Windows saying something like "Runtime error - Pure Virtual Call". it is Microsoft Visual C++ error message. I also have that error in other App.

Thank you

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 16:33
by MuldeR
RelakS wrote:@MuldeR
Let me guess, you were the one who _copied_ the log file instead of attach it.

Nope, you are guessing wrong. Why should I do that? Also, I wonder how this would be relevant to the underlying problem?

(BTW: You could have easily verified that all my error reports always had the corresponding log files attached. Well, at least you could have checked those reports that have not "disappeared" for unknown reasons)

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 16:39
by Jacob Klein
The reason your post disappeared is likely that you suggested that they reconsider forcing this hardened security upon us, creating all of these incompatibilities with antivirus vendors and dll injector programs. The mod(s) don't take kindly to ideas like that, I believe, which is a bit disappointing, since valid concerns/feedback end up getting nuked. It's a sticky situation. Probably best to just keep pointing out the problems, until the developers reach the same conclusion as your proposition.

I've had my posts deleted, and my threads locked, as well. Very frustrating. In fact, I'm uncertain how long this post will remain visible, which makes it very difficult to give feedback.

Regards,
Jacob

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 25. Nov 2014, 17:47
by RelakS
MuldeR wrote:Nope, you are guessing wrong. Why should I do that? Also, I wonder how this would be relevant to the underlying problem?


OK, sorry, I just saw a post like that and it was obviously deleted.

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 26. Nov 2014, 06:01
by KHG
Host: Microsoft Windows [Version 6.1.7601], Windows 7 Enterprise Service pack 1
VBoxStartup.log: as attached file
Host antivirous & proctection software: Microsoft Forefront endpoint proctection 2010, Micosoft EMET, Websense endpoint
Virtualbox version: 4.3.20 r96997

Virtualbox showed the following dialog:
critical_error.png
critical_error.png (25.92 KiB) Viewed 59063 times


and then showed the following message:

Code: Select all   Expand viewCollapse view
Failed to open a session for the virtual machine test debian.

The virtual machine 'test debian' has terminated unexpectedly during startup with exit code 1 (0x1).  More details may be available in 'C:\Users\KHG\VirtualBox VMs\test debian\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Re: Windows 4.3.20 specifically for errors due to security

PostPosted: 26. Nov 2014, 10:48
by frank
MuldeR wrote:VirtualBox 4.3.20, Release-Build 96996

Starting with VirtualBox v4.3.18, including all the VirtualBox v4.3.19 Test-Builds and the VirtualBox v4.3.20 Release-Build, the following error occurs with all VM's (32-Bit and 64-Bit) that I try to launch under Windows 7 (x64)...


I'm not 100% sure but I think your problem is fixed in the updated 4.3.20 Windows build (rev 96997, old rev was 96996). Please could you check?