Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
RoxieRolla
Posts: 1
Joined: 14. Mar 2016, 18:16

Re: Discussion of Problems due to Hardened Security

Post by RoxieRolla »

The virtual machine '112_default_1441355258687_31623' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\..\112_default_1441355258687_31623\Logs\VBoxHardening.log'.
initial error message
initial error message
ss1.png (17.57 KiB) Viewed 8890 times
Rough order of events: installed Vbox 5.0.14 and the VMs worked briefly (after a struggle to remove all remnants of an earlier 4.x). I installed and used vagrant to create a VM, but neither the new nor VMs would open; I followed a number of forum of instructions to reinstall, install drivers - worked again; restarted host to install Windows upgrade - gone again; upgraded Vbox to 5.0.16 - still nothing.

Hosted on Windows 7 Enterprise 64-bit SP1
Linux guests
VirtualBox 5.0.14, recently upgraded to 5.0.16 with no change.

Antivirus McAfee v4.8.0.1938 - I can turn this off briefly if necessary

Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
VBoxHardening.zip
Hardening log
(10.52 KiB) Downloaded 34 times

Any help appreciated!
Ch@oticZ#r0
Posts: 1
Joined: 15. Mar 2016, 01:29

Re: Discussion of Problems due to Hardened Security

Post by Ch@oticZ#r0 »

Windows OS: Windows 7 w/SP1
Symantec Endpoint Protection: 12.1.6
VBox Version: 5.0.16

Hi All,

I have been having issues with VBox not running a VM. Currently I cannot even get the VM to run so I can install CENTOS 7. I have attached the log and the screenshot of the error. I have not had any issue with my Antivirus having conflict with Virtual Box, but that is strictly speaking from past experience.

Also just to specify that VBox was running before I installed a set of updates. If needed I can list the updates that were installed on the day in question, but that would take a while. If there is anything else please let me know and will try to supply any information I can.

Regards,
Ch@otic
Attachments
VM Failure Code
VM Failure Code
Screenshot - 3_14_2016 , 5_33_26 PM.png (48.15 KiB) Viewed 8873 times
VBoxHardening.zip
VBoxHardening.log
(3.17 KiB) Downloaded 32 times
dba_chicken
Posts: 7
Joined: 5. Jan 2016, 23:01

Re: Discussion of Problems due to Hardened Security

Post by dba_chicken »

Hi all

I've still problems getting my VB client to work. Since the AV problem has occured
the versions of both, VirtualBox as well as Avira has changed. All official participants
say that the problem should be solved. But in fact this does not affect my VB machine
(scroll down the graphic to see the lsilogicscsi error):
VM_Client_does_not_start.png
VM_Client_does_not_start.png (59.09 KiB) Viewed 8716 times
Find my hardening log attached. I really hope that I can find a solution for this issue.

Regards,
Martin
Attachments
VBoxHardening.zip
(23.41 KiB) Downloaded 28 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

dba_chicken wrote:I've still problems getting my VB client to work.
That's a bit vague. What are the symptoms? I ask because the hardening log you posted says that you don't have a hardening problem. Why do you think otherwise?
VBoxHardening.log wrote: 175c.a20: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 23377 ms, the end);
VERR_SSM_LOADED_TOO_MUCH is a saved state file incompatibility between versions (upgrading VirtuaBox while VMs are in a saved state is not a good idea - what state is being saved?). To clear this error you right click the VM and discard the saved state.
jpblair
Posts: 1
Joined: 25. Mar 2016, 22:44

Re: Discussion of Problems due to Hardened Security

Post by jpblair »

I can't start the Docker "default" VM using VirtualBox 5.0.16r105871. When I try to startup the machine either via Docker or directly through VirtualBox, I get this error:
virtualbox_error.png
virtualbox_error.png (17.01 KiB) Viewed 8701 times
I have an antivirus program installed called Cylance Protect, if that makes any difference. Here is the VBoxHardening.log file:
VBoxHardening.zip
(3.27 KiB) Downloaded 37 times
Thanks to whoever can help.
dba_chicken
Posts: 7
Joined: 5. Jan 2016, 23:01

Re: Discussion of Problems due to Hardened Security

Post by dba_chicken »

mpack wrote:VERR_SSM_LOADED_TOO_MUCH is a saved state file incompatibility between versions (upgrading VirtuaBox while VMs are in a saved state is not a good idea - what state is being saved?). To clear this error you right click the VM and discard the saved state.
That actually made the trick, thanx a lot. During the hardening problems (I guess
Avira was part of it) I didn't get my client to work. I tried to get it up and running
again by updating VirtualBox.
Now, after your advice, I downgraded VirtualBox to 5.0.10 - it has been the
version when the hardening problems began. Using that version I was able to wake
up the client and to shut it down normally. Then, afterwards, I re-installed the most
current version 5.0.16 of VirtualBox and finally I was able to start the client :D

Thanx, mpack, that saved my day (respectively the last weekend and the time after ;))

Best Regards,
Martin

P.S.: You wrote that my last error post was a bit vague, but when you scroll down
the graphic I attached you see the error message which I had on screen during the
last weeks.
smb
Posts: 2
Joined: 8. Apr 2016, 23:05

Re: Discussion of Problems due to Hardened Security

Post by smb »

Hi,

sorry for my bad english :(

Directly after upgrading to VirtualBox-5.0.16-105871 (from an working, older 4.x version), none of my guests are starting anymore. I get the same error message at every guests, so I pick one, standing for all.

I have ESET NOD32 AV and Outpost Firewall. It doesn't matter, if I disable both of them or not and it was running before upgrading with them.
Host-System is Win7 64bit.

Error-Message:

Error -104 in supR3HardenedWinReSpawn! (enmWhat=5)
VERR_INVALID_NAME (-104) - Invalid (malformed) file/path name

The virtual machine 'Windows XP Prof Corp 32bit-Klon' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'E:\VirtualBox\Windows XP Prof Corp 32bit-Klon\Logs\VBoxHardening.log'.

Fehlercode:E_FAIL (0x80004005)
Komponente:MachineWrap
Interface:IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
error.jpg
error.jpg (71.38 KiB) Viewed 8512 times
Any hints to this error?
Attachments
VBoxHardening.rar
(9.66 KiB) Downloaded 29 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

@smb. You can try disabling antivirus as a test, but to me it looks like you have the old corrupted Win7 host certificates problem.

KB3004394
http://www.infoworld.com/article/285801 ... fende.html
http://www.infoworld.com/article/285911 ... 04394.html

KB3045999
http://www.infoworld.com/article/291459 ... albox.html
smb
Posts: 2
Joined: 8. Apr 2016, 23:05

Re: Discussion of Problems due to Hardened Security

Post by smb »

@mpack:

Thx for reply and your work.
I already diabled AV and Firewall, but it doesn't make any difference.

I read the articles and get the kb3024777 in order to delete kb3004394. After that I deleted kb3045999. Unfortunately my guests are still not starting (I also try disabling AV and FW after deinstalling those patches).

Hm, I also found this:
https://www.virtualbox.org/ticket/13659

Even when I disable my FW, Vbox is finding the dll in the sys32-folder.
I find in my log

Code: Select all

468.fd8: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall : Owner is administrators group.
468.fd8: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º)
468.fd8: Error (rc=0):
468.fd8: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›
468.fd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Agnitum\Outpost Firewall ?????????????????????›????????????????????????????????????????????????????????????????º
468.fd8: Error (rc=0):
468.fd8: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll' (c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll): rcNt=0xc0000190
468.fd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll'
I did not spent enough time on this eror to know if this could be my actual problem or not. The correct path is c:\Program Files\Agnitum\Outpost Firewall Pro\

I'm not sure what to do, spending more time in trying to fix or go back to Vbox 4.3.12?
calebo
Posts: 1
Joined: 12. Apr 2016, 10:06

Re: Discussion of Problems due to Hardened Security

Post by calebo »

VirtualBox-5.0.17-106471-Win.exe
Windows 10 Version 10.0.10586 Build 10586
Attachments
VBoxHardening.log
(98.2 KiB) Downloaded 31 times
Eric S
Posts: 2
Joined: 15. Apr 2016, 00:15

Re: Discussion of Problems due to Hardened Security

Post by Eric S »

I believe this is a hardening issue. VMs work on VirtualBox versions earlier than 4.3.14, but not after. This is with Version 5.0.16 r105871.

Code: Select all

Failed to open a session for the virtual machine V-LU-ERSM02.

The virtual machine 'V-LU-ERSM02' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005).  More details may be available in 'C:\Users\eric.smith\VirtualBox VMs\V-LU-ERSM02\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
1) Host is Windows 7 Professional x64
2) Log attached
3) System has Webroot SecureAnywhere - I've tried disabling it, but not unisntalling

Any help would be appreciated. Thanks!
Attachments
VBoxHardening.zip
(5.81 KiB) Downloaded 39 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

@EricS, it seems to me that you may have the corrupted certificates issue that seems to afflict Win7 host users, e.g. from KB3004394 and KB3045999.
Eric S
Posts: 2
Joined: 15. Apr 2016, 00:15

Re: Discussion of Problems due to Hardened Security

Post by Eric S »

@mpack - Thanks. I don't see errors in my log to know how the problem relates to OS patches, but I trust your much greater experience.

Is there a solution that has both a patched OS and a hardened version of VirtualBox?

I found your 9 Apr 2016, 10:37 post with links to InfoWorld about bad patches. There's also an InfoWorld article dated 18 Feb 2015 saying that KB3004394 was re-released in working form (sorry, I can't do URLs in the forum yet).

I also see posts by frank from Oracle (e.g. 6. May 2015, 13:36) implying fixes in later builds of VirtualBox, and saying, "the Microsoft hotfix which is highly recommended as they contain important security fixes", suggesting that he doesn't think it is a good idea to just run without the patches.

There was another post (which I can't find again at the moment) to the effect that it wasn't enough remove the patch and to Google for the full solution, but after trying to do that I've come up empty so far.

Are there specific steps? Link, perhaps?

Thanks!
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

I'm sorry, but as an XP user who never allows Windows updates to happen automatically on PCs I care about, I've never been affected by the Win7 patch problem and can't give detailed advice on solving it. It now seems to mostly affect people who have been using Win7 for a long time, but only recently installed VirtualBox. VirtualBox doesn't cause the problem, VirtualBox is simply one of the few apps which - for technical reasons - relies on the certificate information not being corrupted. If you can't fix the corruption then I guess that the ultimate fix would be to reinstall the host OS.

Also note that my reply started with "it seems to me". All of this is a guess.
Eggs00
Posts: 4
Joined: 17. Apr 2016, 10:16

Re: Discussion of Problems due to Hardened Security

Post by Eggs00 »

Hello everyone. I'm trying to run Linux Mint inside my host machine and keep getting errors. The error is displayed at the bottom of the VM while booting.

The error looks like:
end kernel panic - not syncing attempted to kill init 0x00000004



Host: Windows 10 Home
with Virtual Box version 5.0.16
Security Software installed : Avast 11.1.22.53 , MBAM 2.2.1.1043
I've included two different logs in the zip file.

Please help! I'm extremely frustrated ..ackkk

Thanks!!!
Attachments
VBoxHardening.zip
(44.01 KiB) Downloaded 27 times
Here's an image of the error
Here's an image of the error
LINUX ERROR.png (24.99 KiB) Viewed 8341 times
Locked