Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
oculushut
Posts: 1
Joined: 17. Dec 2015, 15:32

Re: Discussion of Problems due to Hardened Security

Post by oculushut »

Windows 7 Professional with Service Pack 1
McCafee
Avecto Privilege Guard
VirtualBox: Version 5.0.10 r104061

Dialogue with this displayed: "Creating process for virtual machine "Test1"(GUI/Qt)... (1/2)"
Dialogue with this displayed: Title: "VirtualBox - Error"

"Failed to open session for the virtual machine Test1."

"Details: An unexpected process (PID=0x000031D8) has tried to lock the machine 'Test1', while only the process started by LaunchVMProcess (PID=0x00001494) is allowed."
"
Result Code:
E_ACCESSDENIED (0x80070005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}"

Dialogue with this displayed: Title: "VirtualBox - Error In supR3HardNtChildWaitFor"

"Timed out after 60001 ms waiting for child request #1 (CloseEvents). (rc=258)"

"where: supR3HardNtChildWaitFor what: 5 Unknown Status 258 (0x102) (258) - Unknown Status 258 (0x102)"
Attachments
VBoxHardening.log
(15.85 KiB) Downloaded 51 times
scialo
Posts: 4
Joined: 18. Dec 2015, 11:28

Re: Discussion of Problems due to Hardened Security

Post by scialo »

SO: WIN7PRO SP1 64BIT
AV: AVIRA FREE
VB: 5.0.10 r104061

Code: Select all

The virtual machine 'debian' has terminated unexpectedly during startup with exit code 1 (0x1).  More details may be available in '...\VirtualBox VMs\debian\Logs\VBoxHardening.log'.

Codice 'uscita: E_FAIL (0x80004005)
Componente: MachineWrap
Interfaccia: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

Attachments
VBoxHardening.zip
(15.83 KiB) Downloaded 32 times
scialo
Posts: 4
Joined: 18. Dec 2015, 11:28

Re: Discussion of Problems due to Hardened Security

Post by scialo »

sandytf
Posts: 2
Joined: 22. Dec 2015, 16:35

Re: Discussion of Problems due to Hardened Security

Post by sandytf »

My computer is no longer able to launch my virtual machines. The anti-virus on the computer was changed since the last time I attempted to open a vm on this machine. In addition, I upgraded my version of VirtualBox just prior to attempting to open a vm, so there are at least a couple of variables at play. I had someone from IT temporarily disable the anti-virus real-time protection, but that didn't seem to make a difference. However, I'm not 100% sure the real-time protection was completely off. Does anyone have any suggestions on how to get my VirtualBox virtual machines to launch again? My VMware Workstation virtual machines appear to be unaffected and launching correctly. I would really prefer to not need to downgrade VirtualBox.

Host: Windows 7 Professional SP1 x64 connected to a Windows domain
Anti-virus: Trend Micro OfficeScan 11.0.4150 (I don't have the required privileges to disable or alter the anti-virus)
Anti-malware: Malwarebytes Anti-Malware (Build: 10/5/2015 Database: v2015.12.22.03) [To the best of my knowledge, this is completely turned off]
Virtualbox: 5.0.10 r104061 (with latest Additions module installed)
Guest: Ubuntu Linux 15.04 x64 (with slightly older additions installed)
First error dialog: supHardenedWinVerifyProcess failed with VERR_SUPP_VP_REPLACE_VIRTUAL_MEMORY_FAILED: (rc=-5673) where supR3HardNtChildPuiry what: 5
Second error dialog: The virtual machine 'Ubuntu 15.04' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VMs\Ubuntu 15.04\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
The VBoxHardening.log is attached.
Attachments
VBoxHardening.log
(17.27 KiB) Downloaded 35 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

VBoxHardening.log wrote: 1cb8.1d28: NtAllocateVirtualMemory (0000000000030000 LB 0x10000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
sandytf
Posts: 2
Joined: 22. Dec 2015, 16:35

Re: Discussion of Problems due to Hardened Security

Post by sandytf »

mpack,

Thank you for the response, but I'm not sure how that helps. I understand the issue is (primarily) with problematic anti-virus, but I have no control over the protection software installed on the machine. From reading this forum topic, VirtualBox appears to have an issue with a number of major anti-virus products. Hopefully, there will be some kind of workaround, especially since my virtual machines are primarily used for installer testing and I'm not worried about system security (with respect to VirtualBox).
satuim
Posts: 2
Joined: 23. Dec 2015, 09:27

Re: Discussion of Problems due to Hardened Security

Post by satuim »

This happened before and after an OS wipe. (Assuming its an AV problem). I'm getting a "Timed out after 60001 ms waiting for child request" error. The VM will eventually launch and run fine. But the error messages still occur and will terminate the VM if the messages are closed.

OS
Windows 7 (6.1) Home Premium 64-bit.
Service Pack 1 (Build 7601)
DirectX 11.0

VirtualBox
4.3.34 (Same error happens on 5.x)

AV
Avira Free Antivirus
Malwarebytes Antimalware Free
Attachments
2015-12-23 17_05_25-Program Manager.jpg
2015-12-23 17_05_25-Program Manager.jpg (87.88 KiB) Viewed 10495 times
VBoxHardening.zip
The Logs
(41.06 KiB) Downloaded 30 times
MartyMacGyver
Posts: 1
Joined: 24. Dec 2015, 01:14
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Ubuntu, Windows

Re: Discussion of Problems due to Hardened Security

Post by MartyMacGyver »

CornelisJ wrote:Users that are not able to run VirtualBox in combination with Avira Antivirus can use the following workaround, quoted from Avira customer support.
After following these instructions I can use VirtualBox again without uninstalling Avira Antivirus.

==========
Unfortunately, the issue that you are currently experiencing is indeed related to a new bug. We are currently working to solve this bug as soon as possible.
Meanwhile, the solution that I am proposing to you is to simply disable the avipbb driver.
In order to disable avipbb driver, the following procedure can be followed:
• Open Avira configuration and go to General -> Security.
• Disable product protection options (all three).
• Press Ok button to save configuration.
• Press Start->Settings-> Control Panel->System.
• Start "Device Manager" in the tab "Hardware".
• In "View" menu activate the option "Show hidden devices".
• Now select the node "Non-plug and play drivers".
• Right-click on the driver "avipbb" and select "Properties".
• In tab "Driver" select the option "Disabled" and click OK.
• Close all and reboot.
After these manipulations, it is possible that the Mail Protection and Web Protection services will cease to function. Just in case it`s happening, do not worry and rest assured that your computer's security is in no way being jeopardized; the Real-Time Protection will continue to protect you by scanning any files.
==========
FWIW, I got bit by this today. I also use Avira Free Antivirus (if there's a better one I'd be glad to consider it).

In the end, I did all the above and VBox 5.0.10 seems to work now, at least for Ubuntu.

I'm not sure if disabling AV product protection is just to allow you to disable "avipbb" or not though - out of an abundance of caution I re-enabled the Avira product protection checkboxes as they were before, and things still appear to work, even after reboot. That said, I'm not sure what avipbb actually protects so I feel this compromises security somewhat.

(Also, right click your Avira taskbar icon to select "Configure..." - if you just open the main Avira window it's a bit tougher to find the configuration area.)

Finally, here's the link back to the thread on Avira's support forum:
answers (dot) avira (dot) com /en/question/avira-break-virtualbox-45586

(I'm considered "new"... thus the ridiculously convoluted link above. Google it to be safe if you'd prefer.)
satuim
Posts: 2
Joined: 23. Dec 2015, 09:27

Re: Discussion of Problems due to Hardened Security

Post by satuim »

MartyMacGyver wrote:
CornelisJ wrote:Users that are not able to run VirtualBox in combination with Avira Antivirus can use the following workaround, quoted from Avira customer support.
After following these instructions I can use VirtualBox again without uninstalling Avira Antivirus.

==========
Unfortunately, the issue that you are currently experiencing is indeed related to a new bug. We are currently working to solve this bug as soon as possible.
Meanwhile, the solution that I am proposing to you is to simply disable the avipbb driver.
In order to disable avipbb driver, the following procedure can be followed:
• Open Avira configuration and go to General -> Security.
• Disable product protection options (all three).
• Press Ok button to save configuration.
• Press Start->Settings-> Control Panel->System.
• Start "Device Manager" in the tab "Hardware".
• In "View" menu activate the option "Show hidden devices".
• Now select the node "Non-plug and play drivers".
• Right-click on the driver "avipbb" and select "Properties".
• In tab "Driver" select the option "Disabled" and click OK.
• Close all and reboot.
After these manipulations, it is possible that the Mail Protection and Web Protection services will cease to function. Just in case it`s happening, do not worry and rest assured that your computer's security is in no way being jeopardized; the Real-Time Protection will continue to protect you by scanning any files.
==========
FWIW, I got bit by this today. I also use Avira Free Antivirus (if there's a better one I'd be glad to consider it).

In the end, I did all the above and VBox 5.0.10 seems to work now, at least for Ubuntu.

I'm not sure if disabling AV product protection is just to allow you to disable "avipbb" or not though - out of an abundance of caution I re-enabled the Avira product protection checkboxes as they were before, and things still appear to work, even after reboot. That said, I'm not sure what avipbb actually protects so I feel this compromises security somewhat.

(Also, right click your Avira taskbar icon to select "Configure..." - if you just open the main Avira window it's a bit tougher to find the configuration area.)

Finally, here's the link back to the thread on Avira's support forum:
answers (dot) avira (dot) com /en/question/avira-break-virtualbox-45586

(I'm considered "new"... thus the ridiculously convoluted link above. Google it to be safe if you'd prefer.)
Thanks this worked I'm glad the fix with Avira was simple.
(if there's a better one I'd be glad to consider it).
Another good one is Avast. But I prefer sticking with Avira.
Torchwood
Posts: 18
Joined: 27. Apr 2015, 21:03
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows XP, Xubuntu, Mint

Re: Discussion of Problems due to Hardened Security

Post by Torchwood »

Thanks!!! Another success story! This solution worked for me with both Virtualbox versions 4.3.30 and 5.0.12 ... was on 4.3.30 since swapping antivirus back to Avast due to these issues. Looks like Avira engineers have finally gotten in the game by at least narrowing bug down to a driver, if not a bug fix yet. But since I am only running the Avira Free version, this workaround really has no downside, as the web and mail protections are for paid subscribers only.
Last edited by Torchwood on 2. Jan 2016, 19:54, edited 1 time in total.
"Everything should be made as simple as possible, but not simpler." — Albert Einstein
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

Please: there is no need to quote another members post in it's entirety when we can all see it for ourselves, right above yours - or at least we could if your own post didn't contain so much redundant text. You are just wasting bandwidth, making the forum harder to browse. This is a phpBB forum, not a mailing list!
BanjoFox
Posts: 1
Joined: 5. Jan 2016, 19:05

Re: Discussion of Problems due to Hardened Security

Post by BanjoFox »

Still seeing the "lacks WinVerifyTrust" issue on both of my Linux guests.
Did a clean install (removed previous version of VirtualBox), but kept vmdk's.

Version VirtualBox-4.3.12-93733-Win still works though, so I will be rolling back.
I'm 9000% certain that this is a McAfee issue, but since this is a corporate machine there isn't much I can do about it...

System Info:
Windows 7 Enterprise (64-bit)
Service Pack 1

VirtualBox Info
VirtualBox-5.0.12-104815-Win (with Extension Pack)
Hardening Log attached

Antivirus Info
McAfee Host Intrusion Prevention
Version number: 8.0
Build date: Thursday, September 08, 2011
Build Number: 8.0.0.1919
Security Content Version: 8.0.0.3896

McAfee Agent
Version number: 4.8.0.1938

McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.1247)
Scan engine version (32-bit): 5700.7163
Scan engine version (64-bit): 5700.7163
Attachments
VBoxHardening.zip
(6.88 KiB) Downloaded 30 times
dba_chicken
Posts: 7
Joined: 5. Jan 2016, 23:01

Re: Discussion of Problems due to Hardened Security

Post by dba_chicken »

  • 1) Host OS and version
    ---> Windows 7 Professional 64 Bit SP1, patched to most current updates
    2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
    ----> See attached
    3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.
    ----> Avira Antivirus Pro, patched to most current version, active
    Windows Firewall (default)
    TeamViewer (10.x)
I'm looking forward to getting a patch or the possible solution (regarding OS vendor or AV vendor for example)

Regards,
Martin
Attachments
VBoxHardening.zip
(2.91 KiB) Downloaded 30 times
moudy001
Posts: 4
Joined: 10. Jan 2016, 16:07

Re: Discussion of Problems due to Hardened Security

Post by moudy001 »

Hi,

fix suggested by CorneliusJ worked, but not as easily as described. On my Computer I could disable all 3 protection options as suggested, BUT the Avira services were and could not be stopped and also the avipbb driver could not be disabled in device manager. It kept coming back to "system" in Properties.

Naturally I tried doing all this in an Administrators account! But there still seems to be a problem with permissions

What helped: Booted a Linux System and renamed avipbb.drv in /system32/drivers to renamed avipbb.dr_disabled

Question is now: What happens after next Avira Update? Will Avira perhaps restore / repair the mission driver???

Hope there will be a solid solution for this problem soon!

----------------------------

DELL Latitude E6430, Intel Core i5 3320M, 8 GB RAM, Windows 7 Prof 64bit, Windows Updates all up to date

Avira Professional:
Produktversion 15.0.15.129 03.12.2015
Suchengine 8.03.34.118 04.01.2016
Virendefinitionsdatei 8.12.44.200 11.01.2016
Control Center 15.00.15.106 11.01.2016
Config Center 15.00.15.106 11.01.2016
Luke Filewalker 15.00.15.122 11.01.2016
Echtzeit-Scanner 15.00.15.106 11.01.2016
Filter 15.00.15.103 11.01.2016
Email-Schutz 15.00.15.106 11.01.2016
Browser-Schutz 15.00.15.125 11.01.2016
Planer 15.00.15.106 11.01.2016
Updater 15.00.15.108 11.01.2016
Local Decider 15.00.15.106 11.01.2016
Wolf45
Posts: 4
Joined: 5. Dec 2015, 19:59

Re: Discussion of Problems due to Hardened Security

Post by Wolf45 »

MartyMacGyver wrote:Users that are not able to run VirtualBox in combination with Avira Antivirus can use the following workaround, quoted from Avira customer support.
After following these instructions I can use VirtualBox again without uninstalling Avira Antivirus.

==========
Unfortunately, the issue that you are currently experiencing is indeed related to a new bug. We are currently working to solve this bug as soon as possible.
Meanwhile, the solution that I am proposing to you is to simply disable the avipbb driver. .......
......
In order to disable avipbb driver, the following procedure can be followed:
Works fine

Dos anyone know when/or if? AVIRA will fix this bug?
Locked