Page 1 of 33

Discussion of Problems due to Hardened Security

PostPosted: 14. May 2015, 10:36
by mpack
This topic is now closed. The conclusions have been boiled down to a short tutorial in the "Howtos and Tutorials" area: Howto: Diagnosing VirtualBox Hardening Issues. If you don't find a solution there then open a normal question topic in the "Windows Hosts" forum and remember to include a zipped attachment containing your VBoxHardening.log file.

----------------------------- Original Text ------------------------------------------

Continuation of https://forums.virtualbox.org/viewtopic.php?f=6&t=66639 for VirtualBox version 4.3.28 and later.

This topic is specifically for Windows users that may still have issues seen in version 4.3.28 and later caused by security being strengthened.

If you want to be taken seriously you need to post a few items as attachments (compressed is preferred)

    1) Host OS and version
    2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
    3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.

As in the previous (4.3.14 through 4.3.26) discussions, the purpose of this topic is to gather diagnostic data needed to solve the hardening issues, and nothing else. Wibble posts, opinion posts, and posts that don't include necessary diagnostics will most likely be deleted. If a test build is created then you'll be expected to have tried it before you post.

Please be explicit about errors. Don't say "same as xxxxx". See list above for what's required.

Test builds (when available) can be found here: https://www.virtualbox.org/wiki/Testbuilds

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 11:32
by Gaetan
Hi,

Windows 2008 R2 Standard SP1
Mc Afee Security As A Service 6.0.3.

Evrything was fine with VirtualBox 4.3.26.
I normally stop my Suse VM, hosted with my Windows 2008 R2 Standard.
I upgrade from 4.3.26 to 4.3.28, I saw, as I was installing from a terminal server, that I lost my session. Going to the screen of Win2008 physical host, reboot my Win 2008 Host as requested at the end of the virtualbox upgrade.

When starting my VM, I've got :

"VirtualBox - Error In supR3HardenedWinReSpawn".
Ntcreatefile(\device\VBoxDrvStub) failed : 0xc0000034
STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
Drivers is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about it's state. Rebooting may actually help. (rc=101).
Make sure the kernel module has been loaded successfully.


C:\Program Files\Oracle\VirtualBox>sc query vboxdrv

SERVICE_NAME: vboxdrv
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 2 (0x2)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

[EDIT] : Between update from 4.3.26 to 4.3.28, I applied Windows update with 12 importants updates.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 13:23
by Gaetan
Works fine now, when removing Windows Update KB3004394. Not necessary to reboot the host, just re-run VirtualBox.
Problem is solved, sorry.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 13:36
by loukingjr
Gaetan wrote:Works fine now, when removing KB3004394.
Problem is solved, sorry.

FWIW, you had a problem, you found the solution and you fixed it on your own. You let others know who may have the same problem. You should be proud, not sorry. It would be great if more users did that.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 20:55
by ikar.us
Well, he found a workaround.
That's great, of course.
But removing a regular windows update is a workaround, not a solution.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 20:59
by nickrobert
I tried 4.3.28 with no luck. I believe the issue may be the BeyondTrust PowerBroker SW noted below, but I cannot remove it from my corporate laptop. Let me know if I can provide more info for troubleshooting. Details:

VBox version: 4.3.28r100309
Host OS: Win 7 Enterprise SP1
Host AV, etc.:
-- McAfee VirusScan Enterprise 8.8.04001
-- McAfee Agent 4.8.0.1500
-- BeyondTrust PowerBroker Desktops Client for Windows 6.5.1.23
-- OPNET Application Capture Agent 3.9
-- Cisco NAC Agent 4.9.0.33

Zipfile with startup log is attached
The VM is running RHEL5 64-bit. Error message below:

Failed to open a session for the virtual machine Kickstart_4.7.1.

The virtual machine 'Kickstart_4.7.1' has terminated unexpectedly during
startup with exit code -1073741819 (0xc0000005). More details may be
available in 'x:\xx\VirtualBox
VMs\Kickstart_4.7.1\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 21:17
by loukingjr
ikar.us wrote:Well, he found a workaround.
That's great, of course.
But removing a regular windows update is a workaround, not a solution.

The solution has to come from Microsoft. Just as they fixed a number of bad updates in the past two months.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 22:07
by DeepChange
Not only the driver fails, but also the Oracle_VM_VirtualBox_Extension_Pack-4.2.28-97679.vbox-extpack is broken because it is marked as version 4.3 not the expected 4.2 :o; this is a frustrating waste of time :( because I'll have to kill 4.28 at work and at home, and reinstall 4.26 which does work.

From my viewpoint, the VirtualBox failures seem to be getting more frequent... may I suggest need better "resources" allocated to dev and QA to minimise :roll: and :evil:

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 14. May 2015, 22:11
by loukingjr
DeepChange wrote:Not only the driver fails, but also the Oracle_VM_VirtualBox_Extension_Pack-4.2.28-97679.vbox-extpack is broken because it is marked as version 4.3 not the expected 4.2 :o; this is a frustrating waste of time :( because I'll have to kill 4.28 at work and at home, and reinstall 4.26 which does work.

From my viewpoint, the VirtualBox failures seem to be getting more frequent... may I suggest need better "resources" allocated to dev and QA to minimise :roll: and :evil:

You seem very confused. The current version of VirtualBox is 4.3.28 as is the extension pack. Which btw, is what this thread covers.

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 15. May 2015, 04:15
by fsvl
Oracle VirtualBox 4.3.28r100309 on
MS-Windows 7 Professional SP1 64-bit (updated yesterday - without the validation components in Windows Activation Technologies for Windows 7)
with:
- BeyondTrust PowerBroker Desktop Client
- McAfee Agent and VirusScan Enterprise
- Tumbleweed Desktop Validator
See f6_t67840.txt in attached Logs.zip archive for software version details and VBoxStartup.log for exact error messages.

Failed to open a session for the virtual machine guest.

The virtual machine 'guest' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in '...\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Get messages for manu DLLs in VM Guest Log file (see VBoxStartup.log in attached Logs.zip):
supR3HardenedScreenImage/Imports, supR3HardenedScreenImage/NtCreateSection and supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on ...dll [lacks WinVerifyTrust]
supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1977 ms, the end);
supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2599 ms, the end);

Failure occurs on first guest startup (after creating the first guest after a fresh first time installation of VirtualBox - no guest OS installed yet) and tried different guest configurations.

Thanks

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 15. May 2015, 15:00
by rnewman
Hello,
No go with the latest build, yet again...

OS - Win7 Professional 64bit - SP1
Trendmicro Office Scan - 11.0.1454
Virtualbox - 4.3.28

Screen shot and startup log attached.

I am happy to assist with debugging. Are there any switches or process that would provide additional diagnostic information?

Thanks,
Richard

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 15. May 2015, 15:02
by mpack
Perhaps you should try installing different AV software?

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 15. May 2015, 17:08
by rnewman
Sorry, I'd love to install different AV, but that's not possible on this machine.
I'd like to assist and get this working with Trend as it is one of the prominent vendors in the market.

Having now followed this issue for over a year, and with still so many posts with similar issues, maybe the methodology for the new hardening feature needs to be revisited.
We in the security field applaud this effort and are glad that it is important. However, there are different ways to accomplish the same goal.

-Richard

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 18. May 2015, 10:22
by slovenec
Hi,

I'm also having problems with VirtualBox 4.3.28 for Windows hosts. After I install VB and create virtual machine I can't start it and I get error:

VB_error.PNG
VB_error.PNG (26.66 KiB) Viewed 64673 times

VB_error2.PNG
VB_error2.PNG (40.49 KiB) Viewed 64673 times


Host machine is on Win7 Pro SP1 with all updates etc. (work laptop). As antivirus I use Sophos and ofc I can't change that, company policy. Log is in attach.

If someone could help me with this problem I would appreciate it.

LOG:

VBoxStartup.zip
(1.85 KiB) Downloaded 427 times

Re: Windows 4.3.28 Specifically for errors due to Security

PostPosted: 18. May 2015, 17:09
by Tyco_Phil
A while ago I had virtualbox running fine, with a number of different guests, except for usb flash drive in guests. I installed a newer version of virtualbox to see if that would fix it and instead my VMs would not start. I uninstalled the newer version and went back to the previous version. Same problem exists! I have uninstalled and removed all VMs and nothing has worked. My IT department had made some Group Policy changes in the meantime.

After looking on the forums I checked for KB3004394, found it, uninstalled it, no difference, reinstalled VirtualBox, no difference, still getting same error.

First error message:
Failed to create the VirtualBox COM object.
The application will now terminate.
Details:
Callee RC: E_INVALIDARG(0x80070057)

Follow up error message:
Failed to open a session for the virtual machine test.
The virtual machine 'test' has terminated unexpectedly during startup with exit code 1(0x1).
Details
Result Code:E_FAIL( 0x8000405)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

I am running on a company Win 7 SP1 PC with Administrator rights running McAfee Agent, McAfee DLP Endpoint, McAfee SiteAdvisor Enterprise Plus, McAfee VirsuScan Enterprise + AntiSpyware Enterprise.

VirtualBox is running in Compatibility Mode (Vista SP2).