Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
Findbox
Posts: 2
Joined: 14. Jul 2016, 08:07

Re: Discussion of Problems due to Hardened Security

Post by Findbox »

All of my 10 virtual machines (Win7, WinXP, Ubuntu) now get an error:

Code: Select all

supHardenedWinVerifyProcess failed with VERR_SUP_VP_FREE_VIRTUAL_MEMORY_FAILED: (rc=-5664)
where: supR3HardNtChildPurify what:5
VERR_SUP_VP_FREE_VIRTUAL_MEMORY_FAILED: (rc=-5664) - Process Purification Failure: NtFreeVirtualMemory failed on a chunk of executable memory which shouldn't be present in the process
VirtualBox - Error In supR3HardNtChildPurify.jpg
VirtualBox - Error In supR3HardNtChildPurify.jpg (51.99 KiB) Viewed 44724 times
VirtualBox - Ошибка открытия сессии.jpg
VirtualBox - Ошибка открытия сессии.jpg (73.07 KiB) Viewed 44724 times
Host:
1. Win10 Pro x64 with all updates, 16Gb, AMD FX-6350 6-Core. VirtualBox 5.0.24 r108355
2. VBoxStartup.log in attachment
3. Dr.Web Security Space 11.0 (disabled)

In the current configuration, I have successfully worked on several 5.0.x Virtualbox versions without issue.
After installation of "Visual Studio 2015 Community" virtual machines no longer be able to boot.
Then I removed the Studio and checked the integrity of system files by "sfc \scannow" - error remained the same.
I tried to install several younger 5.0.х versions with the same result.
Installing as "Run as an administrator" does not change the situation.
Downgrade to 4.3.12 did allow me to run virtual machines - but with the features - NAT only (network adapter not available) and some other erorrs.

Code: Select all

sc.exe query vboxdrv:
SERVICE_NAME: vboxdrv
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

How can i solve this issue??
Thanks!
Attachments
VBoxHardening.zip
(1.78 KiB) Downloaded 811 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

The log you provided is truncated, I can get little from it. The error screenshots look serious - I'd start scanning for malware.
Findbox
Posts: 2
Joined: 14. Jul 2016, 08:07

Re: Discussion of Problems due to Hardened Security

Post by Findbox »

I just removed the antivirus software completely, and the problem is resolved.
I escaped with small losses )
Thanks!
tuxkamen
Posts: 1
Joined: 14. Jul 2016, 21:54

Re: Discussion of Problems due to Hardened Security

Post by tuxkamen »

VBox: 5.0.22, installed as admin.
AV: Trend Micro Officescan
OS: Win 8

Error:
has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\path\to\vm\Logs\VBoxHardening.log'

VBoxManage.exe: error: Details: code E_FAIL (0x80004005), component MachineWrap, interface IMachine
No errors or rejects in the hardening log.

DLLs listed which lack WinVerifyTrust:

Code: Select all

\Device\HarddiskVolume3\Windows\System32\kernel32.dll
\Device\HarddiskVolume3\Windows\System32\advapi32.dll
\Device\HarddiskVolume3\Windows\System32\sechost.dll
\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
\Device\HarddiskVolume3\Windows\System32\sspicli.dll
\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
This happens both within vagrant and loading a VM image independently.
Attachments
VBoxHardening.log
(42.75 KiB) Downloaded 256 times
Teedub
Posts: 1
Joined: 15. Jul 2016, 13:27

Re: Discussion of Problems due to Hardened Security

Post by Teedub »

AV: Disabled all
VBox: 5.0.24 installed as Admin
OS: Windows 10 (Build 10240)

The virtual machine 'Kali' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in ... Etc


Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

kernel32.dll Lacks Win Verify Trust,

However the dll is signed. the only issue I can see is that it was signed by a cert that expired in May 2016, however the timestamp indicates that the code was signed within the valid period of the cert. Is this perhaps the issue?

Colleague running same build and same version of vBox, and is using the same kernel32.dll file does not have this issue.

Confused !

Hardening log attached
Attachments
VBoxHardening.log
(16.82 KiB) Downloaded 180 times
wblatt
Posts: 1
Joined: 15. Jul 2016, 17:02

Re: Discussion of Problems due to Hardened Security

Post by wblatt »

AV: Disabled all
VBox: 5.0.16, 5.0.24, 5.1.0 (installed as admin)
OS: Windows 7 Professional SP1 64 Bit (Build 7601)

I updated from 5.0.16 to 5.0.24. There were also some windows 7 updates. Since I updated my system, no VM is starting in "normal" mode. But "Start without GUI" and "Uncoupled Start"/"Abkoppelbarer Start" is working. After having problems I tried also new 5.1.0 and at least downgraded to 5.0.16, but problem persists.

If I start "normal", I get following error with all mentioned versions of VBox:


The virtual machine 'MySQL Server B' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\Virtual Machines\MySQL Server B\Logs\VBoxHardening.log'.


Fehlercode:
E_FAIL (0x80004005)
Komponente:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}


sigcheck to dwmapi.dll:

Verified: Unsigned
Link Date: 05:20 14.03.2015
Publisher: Microsoft Corporation
Description: Microsoft Desktopfenster-Manager-API
Product: Betriebssystem Microsoft<< Windows<<
Prod version: 6.1.7600.16385
File version: 6.1.7600.16385 (win7_rtm.090713-1255)
MachineTyp: 64-bit

Regarding sigcheck dwmapi.dll, I don't know if it's a problem or ok!?
Attachments
VBoxHardening.zip
(23.55 KiB) Downloaded 153 times
dchristm77
Posts: 1
Joined: 29. Jul 2016, 00:46

Re: Discussion of Problems due to Hardened Security

Post by dchristm77 »

Windows 10 Enterprise Version 1511 OS Build 10586.494
McAfee Security 5.0.2.132
Virtualbox Version 5.1.2 r108956

After a corporate upgrade to windows 10 whenever I attempt to start any VM I get:

Failed to open a session for the virtual machine Centos 7.

The virtual machine 'Centos 7' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\dchri1\VirtualBox VMs\Centos 7\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

From the log:

78.28c4: Fatal error:
78.28c4: supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034
181c.22c0: supR3HardenedWinCheckChild: enmRequest=2 rc=-225 enmWhat=0 : supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034

181c.22c0: Error -225 in supR3HardenedWinCheckChild! (enmWhat=5)
181c.22c0: supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034

I have attempted re-installs and ensured Hyper-V is not installed.
Attachments
VBoxHardening.zip
(2.92 KiB) Downloaded 101 times
Barcode
Posts: 1
Joined: 29. Jul 2016, 04:50

Re: Discussion of Problems due to Hardened Security

Post by Barcode »

1)HOST OS : WIn 7 Ultimate SP1 64 bit
3)Avira Antivirus . I uninstall all of them. and I turn off the firewall.

So. My VB have an erroe . It look similar to the trouble that everyone is struggle with.
The virtual machine 'mininet2.2.1' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Sony\VirtualBox VMs\mininet2.2.1\Logs\VBoxHardening.log'.

Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}


Help me pls
Attachments
VBoxHardening.rar
(13.66 KiB) Downloaded 70 times
thisGuy
Posts: 2
Joined: 18. Jul 2016, 23:18

Re: Discussion of Problems due to Hardened Security

Post by thisGuy »

I am running on a company Win 7 SP1 (x64) PC with running McAfee Agent, McAfee DLP Endpoint, McAfee Host Intrusion, McAfee VirsuScan Enterprise, Avecto Privilege Guard. Virtualbox was started using "Run with elevated privileges" from Avecto which should grant it admin rights.

Running latest version (5.1.0 r108711) of virtubox and attempting to run a 64bit VM (vdi) downloaded from osboxes.org (Linux Mint 18 Sarah).
Error:
Failed to open a session for the virtual machine Mint VM.

The virtual machine 'Mint VM' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\myusenamer\VirtualBox VMs\Mint VM\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Attachments
VBoxHardening.zip
(5.27 KiB) Downloaded 85 times
Slon
Posts: 1
Joined: 7. Aug 2016, 23:36

Re: Discussion of Problems due to Hardened Security

Post by Slon »

I've got the same problem on Windows 8 trying to start new Android Genymotion image.

Code: Select all

20b0.1fe8: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
698.2a9c: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
698.2a9c: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
698.2a9c: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
BTW rebooting didn't help. VB is on latest version.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Discussion of Problems due to Hardened Security

Post by socratis »

Slon wrote:I've got the same problem on Windows 8
Which part of the problem described so far in this thread, resembles your problem? I don't think it is the same problem. Please start your own thread.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Shane-B
Posts: 1
Joined: 8. Aug 2016, 22:24

Re: Discussion of Problems due to Hardened Security

Post by Shane-B »

The error E_INVALIDARG (0x80070057) followed by E_FAIL (0x80004005) MachineWrap Interface:IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

I finally got this resolved after hours of finally investigating. And months of trying new versions thinking it would get resolved. I had not gotten it working since versions after 4.3.12 until now.
Watching process monitor I noticed it was looking under HKEY_CURRENT_USER\Software\Classes\CLSID and finding oleaut32.dll which I knew was wrong, because that's a system dll and not a user specific dll.
I had a newly loaded machine available and tested and found that that key was largely empty except for java addin keys so I removed all of the sub keys for HKEY_CURRENT_USER\Software\Classes\CLSID\* except the java ones on my main machine and sure enough, my virtualbox VMs booted again.
Last edited by Shane-B on 29. Aug 2016, 15:53, edited 2 times in total.
falcotec
Posts: 7
Joined: 5. Jul 2011, 15:54
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: Windows XP SP3, Windows Small Business Server 2003

Re: Discussion of Problems due to Hardened Security

Post by falcotec »

Hi, for me a lot of trouble related to updates in 4.x did work only after starting the installer file .exe again and do the "repair".
That also worked for me when upgrading from 4.x to 5.0.x and now it does the trick after upgrading from 5.0.x (24?) to 5.1.x
I did start the exe file again as usr with admin rights (no right mouse button admin) and it works afte that and starts the virtual machine.
sathesh
Posts: 1
Joined: 16. Aug 2016, 23:40

Re: Discussion of Problems due to Hardened Security

Post by sathesh »

1) Host OS and version
Windows 7 Enterprise


2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
Attached

3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.

McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.975)
Build date: 8/15/2012
Attachments
VBoxHardening.zip
(7.36 KiB) Downloaded 119 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

You have a memory access exception, probably due to some DLL being ejected from memory. It's hard to know which DLL it is, but make sure your host graphics drivers and antivirus software are both up to date. A useful test is to temporarily disable the AV to see if the problem goes away: that tells you if it's the AV.
Locked