Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.

Re: Discussion of Problems due to Hardened Security

Postby RoxieRolla » 14. Mar 2016, 18:36

The virtual machine '112_default_1441355258687_31623' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\..\112_default_1441355258687_31623\Logs\VBoxHardening.log'.
ss1.png
initial error message
ss1.png (17.57 KiB) Viewed 5377 times


Rough order of events: installed Vbox 5.0.14 and the VMs worked briefly (after a struggle to remove all remnants of an earlier 4.x). I installed and used vagrant to create a VM, but neither the new nor VMs would open; I followed a number of forum of instructions to reinstall, install drivers - worked again; restarted host to install Windows upgrade - gone again; upgraded Vbox to 5.0.16 - still nothing.

Hosted on Windows 7 Enterprise 64-bit SP1
Linux guests
VirtualBox 5.0.14, recently upgraded to 5.0.16 with no change.

Antivirus McAfee v4.8.0.1938 - I can turn this off briefly if necessary

Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

VBoxHardening.zip
Hardening log
(10.52 KiB) Downloaded 28 times



Any help appreciated!
RoxieRolla
 
Posts: 1
Joined: 14. Mar 2016, 18:16

Re: Discussion of Problems due to Hardened Security

Postby Ch@oticZ#r0 » 15. Mar 2016, 02:02

Windows OS: Windows 7 w/SP1
Symantec Endpoint Protection: 12.1.6
VBox Version: 5.0.16

Hi All,

I have been having issues with VBox not running a VM. Currently I cannot even get the VM to run so I can install CENTOS 7. I have attached the log and the screenshot of the error. I have not had any issue with my Antivirus having conflict with Virtual Box, but that is strictly speaking from past experience.

Also just to specify that VBox was running before I installed a set of updates. If needed I can list the updates that were installed on the day in question, but that would take a while. If there is anything else please let me know and will try to supply any information I can.

Regards,
Ch@otic
Attachments
Screenshot - 3_14_2016 , 5_33_26 PM.png
VM Failure Code
Screenshot - 3_14_2016 , 5_33_26 PM.png (48.15 KiB) Viewed 5360 times
VBoxHardening.zip
VBoxHardening.log
(3.17 KiB) Downloaded 21 times
Ch@oticZ#r0
 
Posts: 1
Joined: 15. Mar 2016, 01:29

Re: Discussion of Problems due to Hardened Security

Postby dba_chicken » 25. Mar 2016, 15:02

Hi all

I've still problems getting my VB client to work. Since the AV problem has occured
the versions of both, VirtualBox as well as Avira has changed. All official participants
say that the problem should be solved. But in fact this does not affect my VB machine
(scroll down the graphic to see the lsilogicscsi error):

VM_Client_does_not_start.png
VM_Client_does_not_start.png (59.09 KiB) Viewed 5214 times


Find my hardening log attached. I really hope that I can find a solution for this issue.

Regards,
Martin
Attachments
VBoxHardening.zip
(23.41 KiB) Downloaded 19 times
dba_chicken
 
Posts: 7
Joined: 5. Jan 2016, 23:01

Re: Discussion of Problems due to Hardened Security

Postby mpack » 25. Mar 2016, 15:41

dba_chicken wrote:I've still problems getting my VB client to work.

That's a bit vague. What are the symptoms? I ask because the hardening log you posted says that you don't have a hardening problem. Why do you think otherwise?

VBoxHardening.log wrote:175c.a20: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 23377 ms, the end);


VERR_SSM_LOADED_TOO_MUCH is a saved state file incompatibility between versions (upgrading VirtuaBox while VMs are in a saved state is not a good idea - what state is being saved?). To clear this error you right click the VM and discard the saved state.
mpack
Site Moderator
 
Posts: 33448
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby jpblair » 25. Mar 2016, 22:52

I can't start the Docker "default" VM using VirtualBox 5.0.16r105871. When I try to startup the machine either via Docker or directly through VirtualBox, I get this error:
virtualbox_error.png
virtualbox_error.png (17.01 KiB) Viewed 5199 times

I have an antivirus program installed called Cylance Protect, if that makes any difference. Here is the VBoxHardening.log file:
VBoxHardening.zip
(3.27 KiB) Downloaded 32 times


Thanks to whoever can help.
jpblair
 
Posts: 1
Joined: 25. Mar 2016, 22:44

Re: Discussion of Problems due to Hardened Security

Postby dba_chicken » 30. Mar 2016, 07:18

mpack wrote:VERR_SSM_LOADED_TOO_MUCH is a saved state file incompatibility between versions (upgrading VirtuaBox while VMs are in a saved state is not a good idea - what state is being saved?). To clear this error you right click the VM and discard the saved state.


That actually made the trick, thanx a lot. During the hardening problems (I guess
Avira was part of it) I didn't get my client to work. I tried to get it up and running
again by updating VirtualBox.
Now, after your advice, I downgraded VirtualBox to 5.0.10 - it has been the
version when the hardening problems began. Using that version I was able to wake
up the client and to shut it down normally. Then, afterwards, I re-installed the most
current version 5.0.16 of VirtualBox and finally I was able to start the client :D

Thanx, mpack, that saved my day (respectively the last weekend and the time after ;))

Best Regards,
Martin

P.S.: You wrote that my last error post was a bit vague, but when you scroll down
the graphic I attached you see the error message which I had on screen during the
last weeks.
dba_chicken
 
Posts: 7
Joined: 5. Jan 2016, 23:01

Re: Discussion of Problems due to Hardened Security

Postby smb » 8. Apr 2016, 23:57

Hi,

sorry for my bad english :(

Directly after upgrading to VirtualBox-5.0.16-105871 (from an working, older 4.x version), none of my guests are starting anymore. I get the same error message at every guests, so I pick one, standing for all.

I have ESET NOD32 AV and Outpost Firewall. It doesn't matter, if I disable both of them or not and it was running before upgrading with them.
Host-System is Win7 64bit.

Error-Message:

Error -104 in supR3HardenedWinReSpawn! (enmWhat=5)
VERR_INVALID_NAME (-104) - Invalid (malformed) file/path name

The virtual machine 'Windows XP Prof Corp 32bit-Klon' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'E:\VirtualBox\Windows XP Prof Corp 32bit-Klon\Logs\VBoxHardening.log'.

Fehlercode:E_FAIL (0x80004005)
Komponente:MachineWrap
Interface:IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

error.jpg
error.jpg (71.38 KiB) Viewed 5010 times


Any hints to this error?
Attachments
VBoxHardening.rar
(9.66 KiB) Downloaded 22 times
smb
 
Posts: 2
Joined: 8. Apr 2016, 23:05

Re: Discussion of Problems due to Hardened Security

Postby mpack » 9. Apr 2016, 10:37

@smb. You can try disabling antivirus as a test, but to me it looks like you have the old corrupted Win7 host certificates problem.

KB3004394
http://www.infoworld.com/article/285801 ... fende.html
http://www.infoworld.com/article/285911 ... 04394.html

KB3045999
http://www.infoworld.com/article/291459 ... albox.html
mpack
Site Moderator
 
Posts: 33448
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby smb » 9. Apr 2016, 23:13

@mpack:

Thx for reply and your work.
I already diabled AV and Firewall, but it doesn't make any difference.

I read the articles and get the kb3024777 in order to delete kb3004394. After that I deleted kb3045999. Unfortunately my guests are still not starting (I also try disabling AV and FW after deinstalling those patches).

Hm, I also found this:
https://www.virtualbox.org/ticket/13659

Even when I disable my FW, Vbox is finding the dll in the sys32-folder.
I find in my log

Code: Select all   Expand viewCollapse view
468.fd8: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall : Owner is administrators group.
468.fd8: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º)
468.fd8: Error (rc=0):
468.fd8: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›
468.fd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º
468.fd8: Error (rc=0):
468.fd8: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll' (c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll): rcNt=0xc0000190
468.fd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll'


I did not spent enough time on this eror to know if this could be my actual problem or not. The correct path is c:\Program Files\Agnitum\Outpost Firewall Pro\

I'm not sure what to do, spending more time in trying to fix or go back to Vbox 4.3.12?
smb
 
Posts: 2
Joined: 8. Apr 2016, 23:05

Re: Discussion of Problems due to Hardened Security

Postby calebo » 12. Apr 2016, 10:12

VirtualBox-5.0.17-106471-Win.exe
Windows 10 Version 10.0.10586 Build 10586
Attachments
VBoxHardening.log
(98.2 KiB) Downloaded 23 times
calebo
 
Posts: 1
Joined: 12. Apr 2016, 10:06

Re: Discussion of Problems due to Hardened Security

Postby Eric S » 15. Apr 2016, 00:29

I believe this is a hardening issue. VMs work on VirtualBox versions earlier than 4.3.14, but not after. This is with Version 5.0.16 r105871.

Code: Select all   Expand viewCollapse view
Failed to open a session for the virtual machine V-LU-ERSM02.

The virtual machine 'V-LU-ERSM02' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005).  More details may be available in 'C:\Users\eric.smith\VirtualBox VMs\V-LU-ERSM02\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}


1) Host is Windows 7 Professional x64
2) Log attached
3) System has Webroot SecureAnywhere - I've tried disabling it, but not unisntalling

Any help would be appreciated. Thanks!
Attachments
VBoxHardening.zip
(5.81 KiB) Downloaded 30 times
Eric S
 
Posts: 2
Joined: 15. Apr 2016, 00:15

Re: Discussion of Problems due to Hardened Security

Postby mpack » 15. Apr 2016, 10:23

@EricS, it seems to me that you may have the corrupted certificates issue that seems to afflict Win7 host users, e.g. from KB3004394 and KB3045999.
mpack
Site Moderator
 
Posts: 33448
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Eric S » 15. Apr 2016, 21:23

@mpack - Thanks. I don't see errors in my log to know how the problem relates to OS patches, but I trust your much greater experience.

Is there a solution that has both a patched OS and a hardened version of VirtualBox?

I found your 9 Apr 2016, 10:37 post with links to InfoWorld about bad patches. There's also an InfoWorld article dated 18 Feb 2015 saying that KB3004394 was re-released in working form (sorry, I can't do URLs in the forum yet).

I also see posts by frank from Oracle (e.g. 6. May 2015, 13:36) implying fixes in later builds of VirtualBox, and saying, "the Microsoft hotfix which is highly recommended as they contain important security fixes", suggesting that he doesn't think it is a good idea to just run without the patches.

There was another post (which I can't find again at the moment) to the effect that it wasn't enough remove the patch and to Google for the full solution, but after trying to do that I've come up empty so far.

Are there specific steps? Link, perhaps?

Thanks!
Eric S
 
Posts: 2
Joined: 15. Apr 2016, 00:15

Re: Discussion of Problems due to Hardened Security

Postby mpack » 16. Apr 2016, 11:15

I'm sorry, but as an XP user who never allows Windows updates to happen automatically on PCs I care about, I've never been affected by the Win7 patch problem and can't give detailed advice on solving it. It now seems to mostly affect people who have been using Win7 for a long time, but only recently installed VirtualBox. VirtualBox doesn't cause the problem, VirtualBox is simply one of the few apps which - for technical reasons - relies on the certificate information not being corrupted. If you can't fix the corruption then I guess that the ultimate fix would be to reinstall the host OS.

Also note that my reply started with "it seems to me". All of this is a guess.
mpack
Site Moderator
 
Posts: 33448
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Eggs00 » 17. Apr 2016, 10:40

Hello everyone. I'm trying to run Linux Mint inside my host machine and keep getting errors. The error is displayed at the bottom of the VM while booting.

The error looks like:
end kernel panic - not syncing attempted to kill init 0x00000004



Host: Windows 10 Home
with Virtual Box version 5.0.16
Security Software installed : Avast 11.1.22.53 , MBAM 2.2.1.1043
I've included two different logs in the zip file.

Please help! I'm extremely frustrated ..ackkk

Thanks!!!
Attachments
VBoxHardening.zip
(44.01 KiB) Downloaded 19 times
LINUX ERROR.png
Here's an image of the error
LINUX ERROR.png (24.99 KiB) Viewed 4839 times
Eggs00
 
Posts: 4
Joined: 17. Apr 2016, 10:16

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 46 guests