Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.

Re: Discussion of Problems due to Hardened Security

Postby Findbox » 14. Jul 2016, 10:44

All of my 10 virtual machines (Win7, WinXP, Ubuntu) now get an error:

Code: Select all   Expand viewCollapse view
supHardenedWinVerifyProcess failed with VERR_SUP_VP_FREE_VIRTUAL_MEMORY_FAILED: (rc=-5664)
where: supR3HardNtChildPurify what:5
VERR_SUP_VP_FREE_VIRTUAL_MEMORY_FAILED: (rc=-5664) - Process Purification Failure: NtFreeVirtualMemory failed on a chunk of executable memory which shouldn't be present in the process


VirtualBox - Error In supR3HardNtChildPurify.jpg
VirtualBox - Error In supR3HardNtChildPurify.jpg (51.99 KiB) Viewed 39886 times

VirtualBox - Ошибка открытия сессии.jpg
VirtualBox - Ошибка открытия сессии.jpg (73.07 KiB) Viewed 39886 times


Host:
1. Win10 Pro x64 with all updates, 16Gb, AMD FX-6350 6-Core. VirtualBox 5.0.24 r108355
2. VBoxStartup.log in attachment
3. Dr.Web Security Space 11.0 (disabled)

In the current configuration, I have successfully worked on several 5.0.x Virtualbox versions without issue.
After installation of "Visual Studio 2015 Community" virtual machines no longer be able to boot.
Then I removed the Studio and checked the integrity of system files by "sfc \scannow" - error remained the same.
I tried to install several younger 5.0.х versions with the same result.
Installing as "Run as an administrator" does not change the situation.
Downgrade to 4.3.12 did allow me to run virtual machines - but with the features - NAT only (network adapter not available) and some other erorrs.

Code: Select all   Expand viewCollapse view
sc.exe query vboxdrv:
SERVICE_NAME: vboxdrv
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0



How can i solve this issue??
Thanks!
Attachments
VBoxHardening.zip
(1.78 KiB) Downloaded 799 times
Findbox
 
Posts: 2
Joined: 14. Jul 2016, 08:07

Re: Discussion of Problems due to Hardened Security

Postby mpack » 14. Jul 2016, 10:58

The log you provided is truncated, I can get little from it. The error screenshots look serious - I'd start scanning for malware.
mpack
Site Moderator
 
Posts: 33485
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Postby Findbox » 14. Jul 2016, 11:16

I just removed the antivirus software completely, and the problem is resolved.
I escaped with small losses )
Thanks!
Findbox
 
Posts: 2
Joined: 14. Jul 2016, 08:07

Re: Discussion of Problems due to Hardened Security

Postby tuxkamen » 14. Jul 2016, 22:32

VBox: 5.0.22, installed as admin.
AV: Trend Micro Officescan
OS: Win 8

Error:
has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\path\to\vm\Logs\VBoxHardening.log'

VBoxManage.exe: error: Details: code E_FAIL (0x80004005), component MachineWrap, interface IMachine


No errors or rejects in the hardening log.

DLLs listed which lack WinVerifyTrust:
Code: Select all   Expand viewCollapse view
\Device\HarddiskVolume3\Windows\System32\kernel32.dll
\Device\HarddiskVolume3\Windows\System32\advapi32.dll
\Device\HarddiskVolume3\Windows\System32\sechost.dll
\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
\Device\HarddiskVolume3\Windows\System32\sspicli.dll
\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll


This happens both within vagrant and loading a VM image independently.
Attachments
VBoxHardening.log
(42.75 KiB) Downloaded 247 times
tuxkamen
 
Posts: 1
Joined: 14. Jul 2016, 21:54

Re: Discussion of Problems due to Hardened Security

Postby Teedub » 15. Jul 2016, 13:35

AV: Disabled all
VBox: 5.0.24 installed as Admin
OS: Windows 10 (Build 10240)

The virtual machine 'Kali' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in ... Etc


Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

kernel32.dll Lacks Win Verify Trust,

However the dll is signed. the only issue I can see is that it was signed by a cert that expired in May 2016, however the timestamp indicates that the code was signed within the valid period of the cert. Is this perhaps the issue?

Colleague running same build and same version of vBox, and is using the same kernel32.dll file does not have this issue.

Confused !

Hardening log attached
Attachments
VBoxHardening.log
(16.82 KiB) Downloaded 172 times
Teedub
 
Posts: 1
Joined: 15. Jul 2016, 13:27

Re: Discussion of Problems due to Hardened Security

Postby wblatt » 15. Jul 2016, 17:26

AV: Disabled all
VBox: 5.0.16, 5.0.24, 5.1.0 (installed as admin)
OS: Windows 7 Professional SP1 64 Bit (Build 7601)

I updated from 5.0.16 to 5.0.24. There were also some windows 7 updates. Since I updated my system, no VM is starting in "normal" mode. But "Start without GUI" and "Uncoupled Start"/"Abkoppelbarer Start" is working. After having problems I tried also new 5.1.0 and at least downgraded to 5.0.16, but problem persists.

If I start "normal", I get following error with all mentioned versions of VBox:


The virtual machine 'MySQL Server B' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\Virtual Machines\MySQL Server B\Logs\VBoxHardening.log'.


Fehlercode:
E_FAIL (0x80004005)
Komponente:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}


sigcheck to dwmapi.dll:

Verified: Unsigned
Link Date: 05:20 14.03.2015
Publisher: Microsoft Corporation
Description: Microsoft Desktopfenster-Manager-API
Product: Betriebssystem Microsoft<< Windows<<
Prod version: 6.1.7600.16385
File version: 6.1.7600.16385 (win7_rtm.090713-1255)
MachineTyp: 64-bit

Regarding sigcheck dwmapi.dll, I don't know if it's a problem or ok!?
Attachments
VBoxHardening.zip
(23.55 KiB) Downloaded 144 times
wblatt
 
Posts: 1
Joined: 15. Jul 2016, 17:02

Re: Discussion of Problems due to Hardened Security

Postby dchristm77 » 29. Jul 2016, 01:04

Windows 10 Enterprise Version 1511 OS Build 10586.494
McAfee Security 5.0.2.132
Virtualbox Version 5.1.2 r108956

After a corporate upgrade to windows 10 whenever I attempt to start any VM I get:

Failed to open a session for the virtual machine Centos 7.

The virtual machine 'Centos 7' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\dchri1\VirtualBox VMs\Centos 7\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

From the log:

78.28c4: Fatal error:
78.28c4: supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034
181c.22c0: supR3HardenedWinCheckChild: enmRequest=2 rc=-225 enmWhat=0 : supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034

181c.22c0: Error -225 in supR3HardenedWinCheckChild! (enmWhat=5)
181c.22c0: supR3HardenedDllNotificationCallback: NtCreateFile failed on 'C:\WINDOWS\system32\umppc4209.dll' / '\??\C:\WINDOWS\system32\umppc4209.dll': 0xc0000034

I have attempted re-installs and ensured Hyper-V is not installed.
Attachments
VBoxHardening.zip
(2.92 KiB) Downloaded 94 times
dchristm77
 
Posts: 1
Joined: 29. Jul 2016, 00:46

Re: Discussion of Problems due to Hardened Security

Postby Barcode » 29. Jul 2016, 04:58

1)HOST OS : WIn 7 Ultimate SP1 64 bit
3)Avira Antivirus . I uninstall all of them. and I turn off the firewall.

So. My VB have an erroe . It look similar to the trouble that everyone is struggle with.
The virtual machine 'mininet2.2.1' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Sony\VirtualBox VMs\mininet2.2.1\Logs\VBoxHardening.log'.

Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}


Help me pls
Attachments
VBoxHardening.rar
(13.66 KiB) Downloaded 62 times
Barcode
 
Posts: 1
Joined: 29. Jul 2016, 04:50

Re: Discussion of Problems due to Hardened Security

Postby thisGuy » 3. Aug 2016, 22:43

I am running on a company Win 7 SP1 (x64) PC with running McAfee Agent, McAfee DLP Endpoint, McAfee Host Intrusion, McAfee VirsuScan Enterprise, Avecto Privilege Guard. Virtualbox was started using "Run with elevated privileges" from Avecto which should grant it admin rights.

Running latest version (5.1.0 r108711) of virtubox and attempting to run a 64bit VM (vdi) downloaded from osboxes.org (Linux Mint 18 Sarah).

Error:
Failed to open a session for the virtual machine Mint VM.

The virtual machine 'Mint VM' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\myusenamer\VirtualBox VMs\Mint VM\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Attachments
VBoxHardening.zip
(5.27 KiB) Downloaded 77 times
thisGuy
 
Posts: 2
Joined: 18. Jul 2016, 23:18

Re: Discussion of Problems due to Hardened Security

Postby Slon » 7. Aug 2016, 23:39

I've got the same problem on Windows 8 trying to start new Android Genymotion image.

Code: Select all   Expand viewCollapse view
20b0.1fe8: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
698.2a9c: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
698.2a9c: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
698.2a9c: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.


BTW rebooting didn't help. VB is on latest version.
Slon
 
Posts: 1
Joined: 7. Aug 2016, 23:36

Re: Discussion of Problems due to Hardened Security

Postby socratis » 8. Aug 2016, 00:12

Slon wrote:I've got the same problem on Windows 8
Which part of the problem described so far in this thread, resembles your problem? I don't think it is the same problem. Please start your own thread.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Discussion of Problems due to Hardened Security

Postby Shane-B » 8. Aug 2016, 22:29

The error E_INVALIDARG (0x80070057) followed by E_FAIL (0x80004005) MachineWrap Interface:IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

I finally got this resolved after hours of finally investigating. And months of trying new versions thinking it would get resolved. I had not gotten it working since versions after 4.3.12 until now.
Watching process monitor I noticed it was looking under HKEY_CURRENT_USER\Software\Classes\CLSID and finding oleaut32.dll which I knew was wrong, because that's a system dll and not a user specific dll.
I had a newly loaded machine available and tested and found that that key was largely empty except for java addin keys so I removed all of the sub keys for HKEY_CURRENT_USER\Software\Classes\CLSID\* except the java ones on my main machine and sure enough, my virtualbox VMs booted again.
Last edited by Shane-B on 29. Aug 2016, 15:53, edited 2 times in total.
Shane-B
 
Posts: 1
Joined: 8. Aug 2016, 22:24

Re: Discussion of Problems due to Hardened Security

Postby falcotec » 15. Aug 2016, 13:19

Hi, for me a lot of trouble related to updates in 4.x did work only after starting the installer file .exe again and do the "repair".
That also worked for me when upgrading from 4.x to 5.0.x and now it does the trick after upgrading from 5.0.x (24?) to 5.1.x
I did start the exe file again as usr with admin rights (no right mouse button admin) and it works afte that and starts the virtual machine.
falcotec
 
Posts: 7
Joined: 5. Jul 2011, 15:54
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: Windows XP SP3, Windows Small Business Server 2003

Re: Discussion of Problems due to Hardened Security

Postby sathesh » 16. Aug 2016, 23:48

1) Host OS and version
Windows 7 Enterprise


2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
Attached

3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.

McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.8.0 (8.8.0.975)
Build date: 8/15/2012
Attachments
VBoxHardening.zip
(7.36 KiB) Downloaded 111 times
sathesh
 
Posts: 1
Joined: 16. Aug 2016, 23:40

Re: Discussion of Problems due to Hardened Security

Postby mpack » 17. Aug 2016, 13:11

You have a memory access exception, probably due to some DLL being ejected from memory. It's hard to know which DLL it is, but make sure your host graphics drivers and antivirus software are both up to date. A useful test is to temporarily disable the AV to see if the problem goes away: that tells you if it's the AV.
mpack
Site Moderator
 
Posts: 33485
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: Google [Bot] and 34 guests