Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

For example, that has been discussed many times.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

Please see the first post for requirements for posting in this thread.

If you are not sure what topics have been discussed already, then simply read the discussion!
MikeSchwartz
Posts: 11
Joined: 27. Mar 2015, 18:02

Re: Windows 4.3.28 Specifically for errors due to Security

Post by MikeSchwartz »

I'm still seeing this problem in version 5.0.0. (I've been having this problem since 4.3.14.) I was able to reproduce the issue on a completely clean machine running a fresh install of Windows 7 Enterprise x64 SP1 with nothing other than VirtualBox 5.0.0 and BeyondTrust PowerBroker Desktops client 5.0 (privman64.dll). No patches have been installed, and no other security software, or in fact any other software of any kind is installed. When I uninstall BeyondTrust, the problem goes away.

Host OS: Windows 7 Enterprise x64 SP1 with no patches
VirtualBox: v5.0.0 r101573
Security software: BeyondTrust PowerBroker Desktops client 5.0.0.311
Error:
Failed to open a session for the virtual machine Win7 x64.

The virtual machine 'Win7 x64' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Mike\VirtualBox VMs\Win7 x64\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
Attachments
E_FAIL (0x80004005).png
E_FAIL (0x80004005).png (32.48 KiB) Viewed 7800 times
VBoxStartup.zip
(5.26 KiB) Downloaded 34 times
HF
Posts: 31
Joined: 3. Dec 2014, 01:01

Re: Windows 4.3.28 Specifically for errors due to Security

Post by HF »

We have PowerBroker as well and VirtualBox after 4.3.16 won't work. Uninstalling powerbroker unfortunately is not an option and its clearly the problem, though MS gets blamed each time I've asked about the issue.
flameout
Posts: 5
Joined: 26. Jul 2015, 00:11

Re: Windows 7 VB5 Specifically for errors due to Security

Post by flameout »

Windows 7 SP1 32 bit

Failed to open a session for the virtual machine Debian.

The virtual machine 'Debian' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\User\VirtualBox VMs\Debian\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

Anti Virus:
AVira Product version 15.0.11.579 2015/06/16
Search engine 8.03.32.24 2015/07/13
Virus definition file 8.11.249.42 2015/07/20
Control Center 15.00.11.574 2015/06/16
Config Center 15.00.11.574 2015/06/16
Luke Filewalker 15.00.11.576 2015/06/16
Real-Time Protection 15.00.11.572 2015/06/16
Filter 15.00.11.550 2015/06/16
Web Protection 15.00.11.572 2015/06/16
Scheduler 15.00.11.572 2015/06/16
Updater 15.00.11.579 2015/06/16
Rootkits Protection 15.00.11.550 2015/06/16
Local Decider 15.00.11.572 2015/06/16


Windows firewall
Attachments
VBoxStartup.zip
Log
(2.88 KiB) Downloaded 27 times
flameout
Posts: 5
Joined: 26. Jul 2015, 00:11

Re: Discussion of Problems due to Hardened Security

Post by flameout »

I thought that one of the reasons for this forum was to help people get VB working if they had problems. I know that this subject has been re-hashed in the many posts above this one, but there seem to be many problems with few solutions.
My Win7 was updated yesterday and Kernel32.dll was replaced by Microsoft during that update. VB does not accept this file. I have tested it with anti virus turned off and it makes no difference. So apart from me trying to tell Microsoft that they dont know what they are doing, what other possible solutions are there?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

Actually no. The purpose of this topic is clearly stated in the first post (in bold red text no less), and it is primarily to collect diagnostic data for the devs. Solutions generally come in the form of new software versions. Sometimes solutions to non-VBox problems will also be given, if they are known (such as Windows update screwing up the certificates database on your host).
flameout
Posts: 5
Joined: 26. Jul 2015, 00:11

Re: Discussion of Problems due to Hardened Security

Post by flameout »

I was speaking about the forum not the topic. After doing a google for "windows dll certificates database corrupt" the first link returned by Google is this forum... It appears that VB seems to be one of the few applications that have this problem. I was unabke to find any possible solutions using Google.
It appears as if there is not a known solution to this problem, so I can only assume that Oracle lacks the ability to come up with a better way of ensuring security in their products even though other producst on the market do not have this problem. Guess this was all a waste of time and effort :( :evil:
MattD
Posts: 6
Joined: 20. Feb 2015, 21:08

Re: Discussion of Problems due to Hardened Security

Post by MattD »

If the Windows certificate database is not reliable, then I would assert that making VirtualBox rely on this unreliable component is a design flaw, or at the very least a bug.

I understand that this is a hardening feature. But, nobody who has made a report on this issue on these forums has (as far as I can tell) ever been told that their issue is malicious software. Thus, 100% of reported cases are "false positives". If this "security" feature doesn't actually prevent any attacks, but does prevent legitimate use, then the feature is completely non-functional.

At a minimum, there should be an option to disable the feature.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Discussion of Problems due to Hardened Security

Post by Perryg »

MattD wrote: At a minimum, there should be an option to disable the feature.
There is. You compile it yourself without hardening, just like Linux. It has been hardened on Linux builds long before Windows was.
flameout
Posts: 5
Joined: 26. Jul 2015, 00:11

Re: Discussion of Problems due to Hardened Security

Post by flameout »

Some of the comments on this forum are very unhelpful. I am not sure if the moderators work for Oracle or are paid by them, but until now the only help I have had here is...
my first post was locked because I raised an issue which exists albeit without an answer. I have then been told to read through various other posts that contain pages of people
with the same problem and no solutions and now the suggestion by another moderator to compile it yourself. This is a bit like a car manufacturer preventing a car from starting
because the road has potholes in it and the manufacturer is scared that you will blame them for the poor ride. Then they offer a solution... get all the parts and assemble your own car.

I agree 100% with MattD above. If the Windows certificate database is not reliable then why use it as part of a security check?
Saying that hardening was done long ago on Linux is also not helpful.
If the people who have posted on the forum about this problem were using Linux, then they most likely would not have posted anything because it works okay. So clearly the hardening used in Linux does not cause a problem.
The hardening done in Windows is where the problem exists. So instead of locking posts / telling people to read pages of unhelpful stuff, why dont the moderators open up a fresh post and try get someone from Oracle to
assist with this? Or if it requires a re-compile perhaps give some advice how this could be achieved?

Yes I know it is a self help forum but moderators getting everyone to post to a topic which seems to indicate that developers are using this to try and resolve the problem, when clearly this is not their intention is defeating the object of the forum.
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Discussion of Problems due to Hardened Security

Post by Perryg »

Sorry flameout, I thought anyone that wants to build would know to look at VirtualBox.org for that answer, but in any case here is the link so you don't need to look it up. https://www.virtualbox.org/wiki/Windows ... structions
WorkinNTN
Posts: 2
Joined: 5. Feb 2015, 22:12
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: Windows 7, Window 8.1, Windows 10, Unbuntu

Re: Discussion of Problems due to Hardened Security

Post by WorkinNTN »

Host: Windows 7 Professional SP1 (x64)
Using built in Windows Firewall

McAfee Anti-Virus System Information

McAfee Agent
Version number: 4.8.0.1938
Managed
ePO Server/Agent Handler


McAfee ePO Deep Command Discovery Plugin
Version number: 2.2.0.371
Language: Multiple


McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.1247)
Build date: 1/16/2014

Anti-virus License Type: licensed

Scan engine version (32-bit): 5700.7163

Scan engine version (64-bit): 5700.7163

DAT version: 7877.0000
DAT Created on: 7/29/2015

Number of Signatures in extra.dat: 0
Name of threats that extra.dat can detect: None
Buffer Overflow and Access Protection DAT version: 659

Installed Patches: 4

Installed Modules:
Attachments
VBoxStartup.zip
(12.4 KiB) Downloaded 31 times
elektroland
Posts: 1
Joined: 3. Aug 2015, 19:03

Re: Discussion of Problems due to Hardened Security

Post by elektroland »

Hello everybody,

unfortunately I have the same issue with the actual VirtualBox 5.0.0 r 101573. The following message appears:

<<<<<<<<<<
Für die virtuelle Maschine openSUSE_13.2 konnte keine neue Sitzung eröffnet werden.

The virtual machine 'openSUSE_13.2' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\Users\elektroland\VirtualBox\Machines\openSUSE_13.2\Logs\VBoxStartup.log'.

Fehlercode:E_FAIL (0x80004005)
Komponente:MachineWrap
Interface:IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
>>>>>>>>>>

Host OS: Windows 8.1 32bit on 64bit processor (all actual update patches installed)
Virus protection: Avira Free Antivirus 15.0.11.579
Built in Windows Firewall

Thank you for your help.

Best regards,

Roland.
Attachments
VBoxStartup.zip
(5.55 KiB) Downloaded 26 times
greenerbeard
Posts: 1
Joined: 5. Aug 2015, 20:19

Re: Discussion of Problems due to Hardened Security

Post by greenerbeard »

Well by now I have read all the posts in this thread, and I have to agree with the latest posts, sadly; while most of the posts reports very similar errors, very few answers, solutions are given, if any.
I mean, there's poor indication of any workable trick or way, or hint to the how solve it; the best suggestion, and it comes at the end, IMHO is to compile VB (VirtualBox) on one's own, but clearly is more a joke than anything else, for the vast majority of people who comes here clearly, logically, does not have the skills to do something like hacking and then compiling a working, and trimmed, version of any program, let alone one so refined as VB...
I came here because of a problem, of course; in this thread there's only one other post that mention it, and by searching around the web I've been able to find very few others who had this same issue;
but by searching around, after two days now of looking I've been able to find, if not a permanent solution, a working cheat.
The problem I have is the same of poster Rufus T. Firefly, 7, Jul 2015, 16:23
here it is:

“winverifytrust failed on stub executable: winverifytrust failed with hrc=CERT_E_CHAINING on "\Device\harddiskVolume1\Programmi\Oracle\VirtualBox\VirtualBox.exe"
(rc=22919)”

by searching with google I came upon this file, from the VB source code:

SUPHardenedVerifyImage-win.cpp

Reading through it, I came upon the function that is the cause of my troubles; it mention specifically the error messages related to the specific tokens missing, of course if and when are missing...

so, after realizing the why and what of this error message, I was almost certain it was caused by the certificates in MS Windows, the way they are handled, and of course to the policy followed by Oracle regarding it.

After playing around with the MS Windows configuration files for quite a while, in the end I focused on the Internet Properties panel, in Control Panel, there is a specific voice to check or uncheck the way Windows allows programs to use those certificates.
I don't know if it could be an easy way to solve at least some of the problems of people here, many are different from mine, and seems to be related with some anti viruses internals, the way they deal with access to some metadata attached to certain files; but they are all anyway related to certificates, mostly at least.

I anyway solved the above mentioned issue by simply making a copy of the certificate that seemed at the root of the VB refusal to start, with the above error box;

so, I exported the certificate from 'Verisign commercial authority' taken from another PC that I luckily had, and simply pasted it in the section in Internet properties that contains all the listed certificates, MS Windows in fact automatically updates them every time it connects to the Internet, as I understand... the problem for me is simply that I was curious to better understand to what the issue was made of, so I didn't want yet to give up and simply update the certificates by connecting to the Internet; in fact the pc with the problem was a fresh install, of Windows xp, installed 3 days ago, and I plan not to connect it for some more time, if I can... anyway, once pasted the certificate in the section that says 'trusted', miracle! Without touching anything, the very same VB that refused stubbornly to start install after install, and after having changed the Windows registry to make it create logs of everything, as it advised in the Virtual Box page dedicated to Windows problems, and having created a bunch of logs, simply updating the certificates gave the solution.
I think it's clear that the same problem, albeit for different devices, is spread here all over many posts; VB is not accepting certificates, for various reasons... so maybe there is a way to update it, by simply finding a machine where VB works, and copying the relevant certificates... still if the cause is some anti viruses that block access to the certificates, clearly the only solution would be to get rid of the antivirus, or at least configure it as not to block access, something probably of the same difficulty as compiling VB by hand...

My procedure:

go to the folder where VB is installed, and right-click the icon of VirtualBox.exe;
click on 'properties' in the drop-down dialogue that open;
on the properties panel, click on the tab that says digital signatures;
here I have only one, “Oracle Corporation”;
click on 'Details'
on the newly opened dialogue, click on 'show certificate'
in the new dialogue window, click the tab 'certification path'
here in my computer, I have 3 levels of certificates, and the wrong one was the one at the top, that says 'VeriSign', in my computer it was ticked with a red cross, and said 'unable to verify signature',
of course because that computer still had the copy of MS Windows xp clean from install, service pack 3, from 2005-6, I believe...

anyway, to change it, or any other certificates that are out of order, one must first find a good one;
once found, and copied, i.e. exported by opening the relevant procedure to copy it, using the guided procedure offered by MS Windows in the dialogue 'details'.

To find a good one, goto some computer that has one, where VB is working...
open Control Panel
open Internet Connections
open Internet Options
in the 'Contents' tab, click on the button 'certificates'
find the one that is not accepted by the VB in the computer with problems, by opening the tab of 'trusted' certificates
once found, ckick the button 'export'
follow the guided procedure

Once saved in the proper file format, offered by default as well, (mine was saved as '.cer') put in some removable media.
Now go to the machine where VB does not work
Open Control Panel
open Internet properties
open the tab that says 'contents'
click the button that says 'certificates...'
click the button that says 'import'
follow the guided procedure that opens
be careful to paste it in the trusted section, by clicking the option to manually choose where to paste it.
Done!

Hope it will help somebody...
just wish that people much more IT savvy than me could spend five minutes trying to help...
or maybe there is some reason why such a patchy solution has not been given...
I am not at all an expert in IT, just found by way of trial... this time I've been lucky, that's all, but is also dangerous to play around without a very deep knowledge of IT; computers are very, very complicated stuff...

sorry for the poor labelling, but my copy of MS Windows is in Italian...
Locked