Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
michaln
Oracle Corporation
Posts: 2973
Joined: 19. Dec 2007, 15:45
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Any and all
Contact:

Re: Discussion of Problems due to Hardened Security

Post by michaln »

bwalog6 wrote:I wasn't complaining about a lack of response on that one. But if it's a touchy subject, I'll just leave you to it.
It's not touchy, it's simply a practical matter. If you're seeing some problem that others aren't (and it certainly sounds like it), the bug won't fix itself. So you need to provide enough information for it to get fixed. If you don't, it won't get fixed. It's up to you.
a.h.8
Posts: 3
Joined: 1. Dec 2015, 20:54

Re: Discussion of Problems due to Hardened Security

Post by a.h.8 »

mpack wrote:
Nessi wrote:Any other solution? It's not really an option... uninstalling AntiVirus software...
Sure it is. There's plenty of other AV suppliers out there, assuming resident AV is needed at all.
Well, at the best I would call that a workaround. I've been browsing through the discussion of the last 1.5 years and it seems, there have been problems with anti virus software on more than one occasion and with more than on product. The point is, that the issue looks a bit like a mine field to me, that can go off unexpectedly any time and any where. Just changing to a different anti virus software is therefore no guarantee to solve the problem. That is particularly annoying for naive users and could cost an otherwise great software product a lot of friends.

Also, please bear in mind that the use of a particular anti virus software might be dictated by other restrictions in a particular environment.

As far as I understand the issue, it is the authentication of certain functions in the host OS, that is error-prone and third-party-dependent. I'm sure that is not an easy issue to sort out – otherwise it probably would have done so already – and I'm not even sure, if that can be ultimately sorted out at all. But it should at least be possible to provide a more informative error message to the user, explaining the background of the problem, and allow him to authenticate the offending function manually and on his own risk. Yes, that is a risky thing to do, but probably still a lot better then going back to an outdated software version with no hardening at all.
Last edited by a.h.8 on 2. Dec 2015, 15:11, edited 1 time in total.
a.h.8
Posts: 3
Joined: 1. Dec 2015, 20:54

Re: Discussion of Problems due to Hardened Security

Post by a.h.8 »

By the way, is any progress on the issue going to be posted here or is there any other place I could subscribe to keep up to date with the development? After downgrading to 4.3.12 I have obviously disabled updates for VirtualBox for now, but this is certainly not a permanent solution. I would like to change this back as soon as possible.
OnMi
Posts: 1
Joined: 2. Dec 2015, 15:22

Re: Discussion of Problems due to Hardened Security

Post by OnMi »

Hi all.

Recently have encountered same problem with timeout upon VM startup. Error - supR3HardNtChildWaitFor (rc=258). It appeared out of hte blue. Just Avira updated. Disabling of real time scan engine, engine exception for VB nor new VB 5.0.10 didn't solve the issue.

Finally had to uninstall Avira, problem disappeared and everything works again.

HW: i5-2500k, 16 GB RAM,
Host OS: Windows 7 Pro, SP1, 64-bit
Virtual Box: 4.3.34 r104062
AV Avira (no longer now)

Note: tried to downgrade to version 4.3.12 as I found in forum. It worked, but have some VMs with newer add-ons, so it's not good solution.

Is it something that Avira have to solve or ball is on VB side?
Last edited by OnMi on 2. Dec 2015, 17:07, edited 1 time in total.
doveman1
Posts: 45
Joined: 13. Feb 2012, 08:23

Re: Discussion of Problems due to Hardened Security

Post by doveman1 »

doveman1 wrote:I'm running 4.3.12 with WIn7 guests but need to create a Win10 guest, so tried updating to 5.0.10. However with that, I couldn't boot either the new Win10 or my existing Win7 guests.

I tried all versions from 4.3.34 down to 4.3.24 and had the same problem. Only reinstalling 4.3.12 got my Win7 guest working again.

I've attached the VboxHardening.log from 5.0.10 when trying to boot the Win10 guest.

The host is Win8.1. The Vbox.log refers to DLLs from RadeonPro and MSI Afterburner. I'm running Avast Antivirus and Comodo Firewall (Firewall component only).
VBox.log wrote: 00:00:02.504949 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume1\Program Files (x86)\RadeonPro\AppProfiles64.dll
00:00:02.505020 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RadeonPro\AppProfiles64.dll' (C:\Program Files (x86)\RadeonPro\AppProfiles64.dll): rcNt=0xc0000190
00:00:02.505092 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_NOT_SIGNED fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume1\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
00:00:02.505123 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll' (C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll): rcNt=0xc0000190
00:00:02.541694 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume1\Program Files (x86)\RadeonPro\AppProfiles64.dll
00:00:02.541741 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RadeonPro\AppProfiles64.dll' (C:\Program Files (x86)\RadeonPro\AppProfiles64.dll): rcNt=0xc0000190
00:00:02.541804 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_NOT_SIGNED fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume1\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
00:00:02.541864 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll' (C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll): rcNt=0xc0000190
00:00:02.606708 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume1\Program Files (x86)\RadeonPro\AppProfiles64.dll
00:00:02.606760 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RadeonPro\AppProfiles64.dll' (C:\Program Files (x86)\RadeonPro\AppProfiles64.dll): rcNt=0xc0000190
00:00:02.606835 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_NOT_SIGNED fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume1\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
00:00:02.606865 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll' (C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll): rcNt=0xc0000190
00:00:02.833682 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_UNSUPPORTED_ARCH fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume1\Program Files (x86)\RadeonPro\AppProfiles64.dll
00:00:02.833733 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RadeonPro\AppProfiles64.dll' (C:\Program Files (x86)\RadeonPro\AppProfiles64.dll): rcNt=0xc0000190
00:00:02.833806 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: cached rc=VERR_LDRVI_NOT_SIGNED fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume1\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
00:00:02.833837 supR3HardenedErrorV: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll' (C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll): rcNt=0xc0000190
I found even with MSI Afterburner and Radeon Pro shutdown, so that they didn't appear in the logs, I was still unable to boot my guests with versions above 4.3.12, so I don't know what the problem is.
viewtopic.php?f=2&t=74754#p346453
Exciter
Posts: 4
Joined: 1. Dec 2015, 22:36

Re: Discussion of Problems due to Hardened Security

Post by Exciter »

paia wrote:Avira Antivirus uninstallled and all guests are working again!
Had the same problem and it was solved!
Damien1970
Posts: 1
Joined: 3. Dec 2015, 20:43

Re: Discussion of Problems due to Hardened Security

Post by Damien1970 »

Hi,

I am running VirtualBox 5.0.10 on a Win7 Virtual Desktop (we implement multi-site follow-me computing using Citrix XenServer private virtual desktops, version is Citrix 7).
Desktop VM has 2 cpu, 8Gb RAM and runs Win7 Pro SP1 64-bit o/s.

When I create a test Linux VM in VirtualBox and try to start it it fails with the following error:

Failed to open a session for the virtual machine MyTestVM.
The virtual machine 'MyTestVM' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\dmulcahy\VirtualBox VMs\MyTestVM\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

I used all the default setting when creating the test VM and same error ocurrs if I try to start an imported existing VM.

VBoxHardening.log attached.

Are there any known issues running VMs in VirtualBox when it is in turn being run on a virtual desktop?

Thanks,
Damien.
Attachments
VBoxHardening.log
(5.64 KiB) Downloaded 51 times
JustinH
Posts: 106
Joined: 6. Aug 2015, 05:09

Re: Discussion of Problems due to Hardened Security

Post by JustinH »

I ran into the same issue after an Avira update. Uninstalled Avira and now the VMs run. Win7 x64 host.
bollity
Posts: 1
Joined: 4. Dec 2015, 15:06

Re: Discussion of Problems due to Hardened Security

Post by bollity »

So, I have to choose between my beloved Avira and my beloved Virtualbox ?. This is hard decision.
AGrayBird
Posts: 1
Joined: 5. Dec 2015, 06:50

Re: Discussion of Problems due to Hardened Security

Post by AGrayBird »

I am running 64-bit Windows 7 Pro as a host with VirtualBox version 5.0.10 r104061.
When I try to run any VM I am getting an error that says:
The virtual machine 'Win7-Risky2' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'F:\Users\Phil\VirtualBox VMs\Win7-Risky2\Logs\VBoxHardening.log'.


Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

I have Avira installed. I tried turning it off, but am still unable to get my VMs to work.
Additionally I scanned both MBAMSwissArmy.sys and apisetschema.dll (wasn't sure which the log was complaining about) in VirusTotal and both came up clean.
Attachments
VBoxHardening.zip
VBoxHardening log
(25.71 KiB) Downloaded 34 times
donteatthebug
Posts: 2
Joined: 22. Nov 2014, 16:55

Re: Discussion of Problems due to Hardened Security

Post by donteatthebug »

a.h.8 wrote: [...] it should at least be possible to [...] allow {the user] to authenticate the offending function manually and on his own risk. Yes, that is a risky thing to do, but probably still a lot better then going back to an outdated software version with no hardening at all.

OMG Yes Please ! ! !

:( :cry: I've been unable to run anything newer than VirtualBox v4.3.12 due to these frustrating "hardening" errors. Really wish VirtualBox would at least provide some kind of way to allow bypassing these hardening obstacles at own risk (other than tweaking the source code and compiling our own build with signed drivers & all etc), just like most other software out there. :( :cry:

I used to love VirtualBox and recommended it to everyone... until the post v4.3.12 apocalyptic hardening was forced upon us on that terrifying Tuesday July 15th 2014.
Will the nightmare ever end?


Still no-go on the latest test build (VirtualBox-5.0.11-104456-Win.exe)
Host OS: Windows 7 Ultimate SP1 64bit
Antivirus\Firewall: ESET Smart Security v8.0.319.0
Attachments
VBoxHardening.zip
(34.41 KiB) Downloaded 42 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

@donteatthebug:

Blame the spammers and hackers for the need for hardening, not the devs. The commercial reality is that VirtualBox can't be seen as a credible vector for malware, because the competition will not.

As to your problem - a glance at your log reveals it.
1244.968: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Fox\AppData\Local\Temp\ammemb64.dll [lacks WinVerifyTrust]
1244.968: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Fox\AppData\Local\Temp\ammemb64.dll [lacks WinVerifyTrust]
1244.968: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Fox\AppData\Local\Temp\ammemb64.dll [lacks WinVerifyTrust]
<and many more like it>
This seems to be a generic DLL loaded by some .NET apps, so the actual faulting app is harder to identify.

I'm curious to know why a legit DLL is being loaded from a temp folder and injected into the VirtualBox execution space, and why so many attempts? Until these questions are answered I suggest that you really shouldn't want to "turn off hardening at your own risk".
Perryg
Site Moderator
Posts: 34369
Joined: 6. Sep 2008, 22:55
Primary OS: Linux other
VBox Version: OSE self-compiled
Guest OSses: *NIX

Re: Discussion of Problems due to Hardened Security

Post by Perryg »

File name: ammemb64.dll
Publisher: Actual Tools
Product name: Actual Multiple Monitors
Typical file path: C:\users\user\appdata\local\temp\ammemb64.dll
File version: 5.1.1
Size: 1.64 MB (1,719,600 bytes)
Build date: 4/12/2013 8:18 PM
I would suggest checking and removing the above if it exists and trying again.
Wolf45
Posts: 4
Joined: 5. Dec 2015, 19:59

Re: Discussion of Problems due to Hardened Security

Post by Wolf45 »

I have the same problem, WIN 7 Host 64 bit on Dell Laptop Studio 1558

exactly since update Avira on 30.11.2015

I use Vritualbox every day no problems before since 01.12.205 the problem occured.

Virtualbox updated before on 23.11.2015 to Version 5.0.10 r104061

It seemed to be a problem in conjunktion with AVIRA.

Ich habe daas selbe Problem, Host ist Win7 in Version 64 bit auf einem DELL Laptop Studio 1558.
Und zwar genau seit dem automatischen Update vom AVIRA Virenscanner (free) am 30.11.2015 kam das Problem.
Ich verwende Virtualbox jeden Tag, deswegen kann ich es zeitlich zuordnen, andere Updates fielen in diesem Zeitraum nicht an.

Erst dachte ich uups was ist nun los, beim bestätigen von OK war die VM sofort geschlossen / abgebrochen.
Dann habe ich das nach dem Start der VM einfach mal weiterlaufen lassen (dauert ewig) plötzlich war die VM da. Klicke ich dann bei einem der 2 Fenster mit der Störungsmeldung auf OK stürzt sofort die VM ab.

Ignoriere ich aber die Störungsmeldungen, dann läuft die VM ganz normal, dauert halt ewig bis sie startet. Mache ich einen Neustart der VM ohne Virtualbox vorher zu beenden, dann summieren sich bei jedem Neustart 2 nochmal 2 gleiche Fehlermeldungen hinzu. das kann man beliebig oft machen.

Ich arbeite momentan damit weiter, weil Datenkorruption gab es bislang nicht. Aber ideal ist es nicht.

Eine Vermutung von mir sind die letzt bekanntgewordenen unsicheren Zertifikate von DELL welche von AVIRA geblockt werden, aber ich weiß es nicht.
CornelisJ
Posts: 12
Joined: 5. Dec 2015, 20:55

Re: Discussion of Problems due to Hardened Security

Post by CornelisJ »

Users that are not able to run VirtualBox in combination with Avira Antivirus can use the following workaround, quoted from Avira customer support.
After following these instructions I can use VirtualBox again without uninstalling Avira Antivirus.

==========
Unfortunately, the issue that you are currently experiencing is indeed related to a new bug. We are currently working to solve this bug as soon as possible.
Meanwhile, the solution that I am proposing to you is to simply disable the avipbb driver.
In order to disable avipbb driver, the following procedure can be followed:
• Open Avira configuration and go to General -> Security.
• Disable product protection options (all three).
• Press Ok button to save configuration.
• Press Start->Settings-> Control Panel->System.
• Start "Device Manager" in the tab "Hardware".
• In "View" menu activate the option "Show hidden devices".
• Now select the node "Non-plug and play drivers".
• Right-click on the driver "avipbb" and select "Properties".
• In tab "Driver" select the option "Disabled" and click OK.
• Close all and reboot.
After these manipulations, it is possible that the Mail Protection and Web Protection services will cease to function. Just in case it`s happening, do not worry and rest assured that your computer's security is in no way being jeopardized; the Real-Time Protection will continue to protect you by scanning any files.
==========
Locked