Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

hi!

i've win 8.1 home ed and my probl is with the network driver
i get an error :

KnownDllPath: C:\Windows\system32
7d4.1168: supR3HardenedVmProcessInit: Opening vboxdrv stub...
7d4.1168: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
7d4.1168: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
7d4.1168: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
7d4.1168: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
12cc.116c: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
12cc.116c: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
12cc.116c: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.

and i have to close Vbox and restart in order to be able to use it..

how can i solve this issue..??

thxs so much in adv.!!

cheers!!

:)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

The practical distinction in this context is that user level code (incl. malware) has no access to the cut down OS that underlies a real world type 1 hypervisor.

I should also post a reminder that the questioner did not mention ESXi, he just said "VMware", plus he made an assertion about its design which I am not able to verify (and not interested in verifying, since we're not here to discuss VMware).
CaptainFlint
Posts: 107
Joined: 9. Oct 2007, 10:17
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Various Windows and Linux distros
Location: Moscow, Russia
Contact:

Re: Windows 4.3.28 Specifically for errors due to Security

Post by CaptainFlint »

mpack wrote:I should also post a reminder that the questioner did not mention ESXi, he just said "VMware"
Actually, since we are talking in the context of VirtualBox, I meant particularly VMware Player/Workstation — the two VMware products that are the closest to VirtualBox in functionality. Of course, for "bare-metal" virtualization systems the Windows host DLL injection could not have been an issue.
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

mpack wrote:The practical distinction in this context is that user level code (incl. malware) has no access to the cut down OS that underlies a real world type 1 hypervisor.

I should also post a reminder that the questioner did not mention ESXi, he just said "VMware", plus he made an assertion about its design which I am not able to verify (and not interested in verifying, since we're not here to discuss VMware).
and about my post..??!!
:)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

What about your post? You didn't provide even the minimal info asked for in the first message, so I ignored you. I'm only willing to put a certain amount of effort into fixing someone else's problem.
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

mpack wrote:What about your post? You didn't provide even the minimal info asked for in the first message, so I ignored you. I'm only willing to put a certain amount of effort into fixing someone else's problem.
apologize:

here is what you ask:
 Edit: 1) Host OS and version
2) VBoxStartup.log (zipped)
3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant. 
my data are:

Host s.o: win 8.1 64 bit home

the vbox log is on my first post
 Edit: KnownDllPath: C:\Windows\system32
7d4.1168: supR3HardenedVmProcessInit: Opening vboxdrv stub...
7d4.1168: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
7d4.1168: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
7d4.1168: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
7d4.1168: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
12cc.116c: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
12cc.116c: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
12cc.116c: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)

Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.

and i have to close Vbox and restart in order to be able to use it. 
.

antivirus : antivir free italian ed:
Versione del prodotto 15.0.10.434 22/04/2015
Motore di ricerca 8.03.30.48 10/06/2015
File di definizione dei virus 8.11.240.66 12/06/2015
Control Center 15.00.10.414 19/05/2015
Config Center 15.00.10.414 19/05/2015
Luke Filewalker 15.00.10.430 19/05/2015
Real-Time Protection 15.00.10.414 19/05/2015
Filtro 15.00.10.352 19/05/2015
Web Protection 15.00.10.414 19/05/2015
Pianificatore 15.00.10.414 19/05/2015
Updater 15.00.10.434 19/05/2015
Rootkits Protection 15.00.10.322 19/05/2015
Local Decider 15.00.10.414 19/05/2015

firewall : windows DISABLED

no other security prog or prog as per yr a/m point n.3


now i really hope for yr kind helping..

cheers!!

:)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

p060477 wrote: the vbox log is on my first post
No it isn't. Nor on any of your other posts. We need the entire log as a zipped attachment.
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

We need the entire log as a zipped attachment.
here it is !!

no other security prog or prog as per yr a/m point n.3
except malawarebyte , but not running live in real time,as for ex: avira antivir free,
i use malawarebyte only to do some scan of my pc , but i repeat is the free vers.,
not the shareware paied one,
that has really no real-time protection, -to be clear-


now i really hope for yr kind helping..

cheers!!

:)
Attachments
VBoxStartup.7z
(2.54 KiB) Downloaded 40 times
wunjo
Posts: 8
Joined: 26. Feb 2015, 15:25
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: most linux

Re: Windows 4.3.28 Specifically for errors due to Security

Post by wunjo »

wunjo wrote:Hi Mpack,

Did you guys already found out why directly after first install of VBox there are no errors about certification, and after closing the Vbox and restart the app there suddenly appear these errors?

There must be something wrong calling these certifications, isn't it?
Again using 4.3.12
Must be forgotten my zip :-)
VBoxStartup.zip
This is one with certification errors
(12.79 KiB) Downloaded 46 times
with errors,
VBoxStartup_2.zip
Without certification errors
(38.2 KiB) Downloaded 39 times
without errors

protection Avast free, Passive Malwarebytes, Spybot- S&D 2.4 free
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

p060477 wrote: here it is !!
Try doing a full uninstall then reinstall of VirtualBox. When installing be sure to use "Run as administrator" and install for the correct user. Then reboot the host.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

@wunjo: yes, I'm seeing a lot of certification errors, and while I also see unusual device drivers related to Avast, the "without errors" log also has those.

So, you need to be investigating recent Windows Updates.
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

mpack wrote:
p060477 wrote: here it is !!
Try doing a full uninstall then reinstall of VirtualBox. When installing be sure to use "Run as administrator" and install for the correct user. Then reboot the host.
Hi

first thxs so much indeed

done

nothing has changed

same issue

pls help

thx again

cheers !

:)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

Ok, so what happened when you typed 'sc.exe query vboxdrv' as the error message suggests?
wunjo
Posts: 8
Joined: 26. Feb 2015, 15:25
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: most linux

Re: Windows 4.3.28 Specifically for errors due to Security

Post by wunjo »

mpack wrote:@wunjo: yes, I'm seeing a lot of certification errors, and while I also see unusual device drivers related to Avast, the "without errors" log also has those.

So, you need to be investigating recent Windows Updates.
Thanks for answering.

I've done this in the past while 4.3.26 was actual, no results and even rebuild the certification database, also no results. I'm following these posts since 4.3.16, the first time I was confronted with this issue.
My point is, why it runs directly after a "fresh" install (uninstall and restart of the OS) and why not after a closing vBox and reopen it again? This behavior occurs since 4.3.16
Looks a mystery to me..but found a post about calling certification somewhere, which stated that in win7 another approach was needed. The tech details were beyond my comprehension. http://www.pinvoke.net/default.aspx/win ... Trust.html
p060477
Posts: 111
Joined: 12. Jun 2015, 11:29

Re: Windows 4.3.28 Specifically for errors due to Security

Post by p060477 »

mpack wrote:Ok, so what happened when you typed 'sc.exe query vboxdrv' as the error message suggests?
first:
i've this same wunjo's experience too:
" it runs directly after a "fresh" install (uninstall and restart of the OS) and why not after a closing vBox and reopen it again? This behavior occurs since 4.3.16
Looks a mystery to me."

second :
apologize my not so good skill:

where have i to type:

"sc.exe query vboxdrv'"...?

should i have to do it in promt dos ..?

could you pls guide me...? i repeat that i'm not an expert at all..
thxs in adv for yr kind understanding

i need yr kind and patienceable helping

cheers!

:)
Locked