Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.

Re: Discussion of Problems due to Hardened Security

Postby Hyroko » 11. Jun 2016, 14:20

No sign of MBAM that I could find:
Attachments
VBoxHardening.zip
(2.82 KiB) Downloaded 22 times
Hyroko
 
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Postby mpack » 11. Jun 2016, 14:49

Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).
mpack
Site Moderator
 
Posts: 33665
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Hyroko » 11. Jun 2016, 15:04

mpack wrote:Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).


About Windows I'm not sure, it came pre-installed with the PC and I just updated it.

And no, neither 4.x versions nor 5.0 normal version was working.
Hyroko
 
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Postby mpack » 11. Jun 2016, 17:43

4.x doesn't support Win10 hosts, so that would be a dead end regardless.
mpack
Site Moderator
 
Posts: 33665
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Hyroko » 11. Jun 2016, 18:03

mpack wrote:4.x doesn't support Win10 hosts, so that would be a dead end regardless.


So any idea about what's going on?
Hyroko
 
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Postby mpack » 12. Jun 2016, 10:48

I see nothing obvious. The problem with using prerelease software is that we know nothing about it. Unless I'm mistaking versions, it looks to me as if you are using preview / test builds of both the host OS and VirtualBox. In which case we just have to wait and see what the other pioneers eventually report back.
mpack
Site Moderator
 
Posts: 33665
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Hyroko » 14. Jun 2016, 09:36

mpack wrote:Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).


I was checking Microsoft site and it says that the lastest normal release (not preview) is 1511 (10.0.10586.318) which seems to be above the one that I have, so I guess my release is not a preview?
Hyroko
 
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Postby mpack » 14. Jun 2016, 10:20

The trouble is that I'm not finding your version listed at all on this Wikipedia site:
https://en.wikipedia.org/wiki/Windows_1 ... on_history

Whereas my own Win10 host build (10.0.10586.318), which is incidentally the most recently public release, is listed, and runs VirtualBox quite happily.

This makes me wonder if .306 was a intermediate beta release.
mpack
Site Moderator
 
Posts: 33665
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Scott Scott Scott Scott » 17. Jun 2016, 15:53

Downloaded and installed 5.0.22 as administrator. I have been unable to use any version of Virtualbox on this PC after 4.3.12.

I have tried VMs created with 4.3.12, exported from 4.3.12 and imported 5.0.22 and creating new VMs under 5.0.22 . All return the lacks WinVerify Trust in the log and only the VBoxHardening log is ever written to. No VBoxStartup log is produced.


Installed software that cannot be removed:
Windows 7
BeyondTrust PowerBroker Desktops Client for Windows, Active Defense Agent, McAfee Agent are installed on this desktop.
Attachments
VBoxHardening.log
latest VBoxHardening log
(73.96 KiB) Downloaded 34 times
Scott Scott Scott Scott
 
Posts: 2
Joined: 17. Jun 2016, 15:38

Re: Discussion of Problems due to Hardened Security

Postby Scott Scott Scott Scott » 17. Jun 2016, 17:20

See previous post. Is there a process/procedure to determine which product is causing conflict with the signed DLL's, so that I can hopefully get product update that will work better with DLL's
Scott Scott Scott Scott
 
Posts: 2
Joined: 17. Jun 2016, 15:38

Re: Discussion of Problems due to Hardened Security

Postby scottgus1 » 17. Jun 2016, 17:33

Scottx4, I usually look for the word "error" or "reject" when searching the log. I'm definitely no guru on these logs, which seem to be cryptically written. But I have seen logs where the word "error" or occasionally "reject" often shows what dll is failing the security checks.

You log does not contain the word "error" or "reject". So you have no unsigned DLLs lying about. However you have a plethora of "Lacks WinVerifyTrust" lines, on Windows DLL's, possibly* indicating that you have the offending Windows updates that have destroyed the Windows Security database Virtualbox uses to test the Windows files. Look for these updates: KB3004394, KB3045999, and KB3081320. If you can take them off, try that. If you can't take them off because of an uncooperative IT admin, you may not be able to use this PC or you may have to make a case with management.

*I was told once by one of the gurus that "Lacks WinVerifyTrust" might not necessarily indicate a Windows security database corruption, but I'm not familiar with what else it could be. Just hunt out those updates, as a first indication.


And, disregard what I said about the Lacks WinVerifyTrust... I find that I have tons of those in the hardening log in a working Windows 10 VB5 host that boots guest just fine. I see that I really don't know anything about these logs, listen to Mpack...
Last edited by scottgus1 on 17. Jun 2016, 18:44, edited 3 times in total.
scottgus1
Site Moderator
 
Posts: 11665
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Discussion of Problems due to Hardened Security

Postby mpack » 17. Jun 2016, 18:24

0xC0000005 is an invalid memory access. Probably there are two DLLs. #1 got the bums rush, #2 didn't: but crashes when it tries to call or access data in #1.

I'm seeing "BeyondTrust Powerbroker" in the adversaries section. Sounds eminently ditchable.
mpack
Site Moderator
 
Posts: 33665
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby puri » 18. Jun 2016, 16:33

From the current logs last line before freezing immediately after start "Watcher ERROR [COM]: aRC=E_ACCESSDENIED (0x80070005) aIID={0169423f-46b4-cde9-91af-1e9d5b6cd945} aComponent={VirtualBoxWrap} aText={The object is not ready}, preserve=false aResultDetail=0"

I run a Win10 10.0.10586 and since several month VBox - sometimes updated mostly without trouble.
All other software run fine ... very less trouble.

Since approximately 3...4 weeks I have observed a mysterious behavior of VBox but unfortunately I can't say at which Win10 release or which Vbox release it starts.
After few minutes VBox works and a virtual machine was started I could not enter into the machine window seems to be blocked.
But I found in task manager of Win10 that there was started always a second VBox&machine ... like a shadow but frozen so that I could not enter into first machines window. After shooting down this second in task manager all works fine again until 2 weeks ago. All VBox machines and Vbox crashes.

I have cleaned the system and tried the install the latest Vbox 5.x but nothing works .

Mostly it freezes after starting whatever I do admin or not.
The latest Win 10 update I had approximately 1 week ago.

If it sometimes starts and I try to create a new machine, in most cases I have no really choice for a machine type and if had luck it crashes at formatting a disk. I have not counted how often I have tried this with all tricks.

But one crazy thing I tried today to see what is happens and which failure message occurs.

I have Sandboxie installed and so I tried to start Vbox within Sandboxie which is quite simple.

If there is a problem, Sandboxie should create a different message.

Perhaps the message gives a idea what is going wrong.
Attachments
Sandboxie-VBox-init.jpg
Sandboxie-VBox-init.jpg (32.68 KiB) Viewed 4191 times
puri
 
Posts: 1
Joined: 18. Jun 2016, 15:45

Re: Discussion of Problems due to Hardened Security

Postby Sundar N » 21. Jun 2016, 01:30

I am running Virtual Box 5.0.22 r108108 on Windows 7 Professional SP 1. When I try to run a Windows 8.1 VM, I get:
The virtual machine 'Windows-8.1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\UserData\Intel-VM-Sundar\Logs\VBoxHardening.log'.


From above posts, I gather that 0xc0000005 is an invalid memory access. But it is not clear from the VBoxHardening.log as to what is going wrong. The last two entries from the log are:
258c.6a0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 121 ms, the end);
274c.10f0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 772 ms, the end);

There are no occurrences of 'error' or 'reject' in this log.

I do not see errors in the McAfee Access protection log when I try to run the VM. So, what could be going wrong?
Sundar N
 
Posts: 1
Joined: 21. Jun 2016, 01:23

Re: Discussion of Problems due to Hardened Security

Postby Robert Fernando » 6. Jul 2016, 17:12

Failed to open a session for the virtual machine Win 7 Ent sp1.
The virtual machine 'Win 7 Ent sp1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\kulkarni.s\VirtualBox VMs\Win 7 Ent sp1\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

win 7 enterprise x64 sp1 16gb of ram
samsung laptop i7 cpu
Attachments
VBoxHardening.log
(23.6 KiB) Downloaded 22 times
Robert Fernando
 
Posts: 2
Joined: 6. Jul 2016, 17:08

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: Darktemplar, Google [Bot], mpack and 45 guests