Re: Discussion of Problems due to Hardened Security
Posted: 27. Feb 2016, 19:47
Ran sfc /scannow. It said it fixed some errors. Still the same problem with vbox. Attaching final log, will now wait on devs.
End user forums for VirtualBox
https://forums.virtualbox.org/
It might be poorly named but its really a decent tool; expands task manager functionality. I had it a while back and liked it, will be living without going forward.mpack wrote:"Process Hacker" sounds like exactly the sort of tool the hardening feature's bums rush was invented for.
In our company its working. Avira is installed as 14.0.15.97.dba_chicken wrote:Sorry, cannot verify - my VB-Client still doesn't start.
Furthermore: Avira AV has not patched to 15.0.16 respectively 16.0.16,
my installation (after latest patch) version of Avira is 15.0.15.141
Cheers,
Martinstefan.becker wrote:The Problem with Avira as AV seems to be solved. With the latest Update its working again.
Code: Select all
Failed to open a session for the virtual machine serverldap.
The virtual machine 'serverldap' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'V:\serverldap\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
92c.ee0: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000060 g_uNtVerCombined=0xa037bf00
92c.ee0: \SystemRoot\System32\ntdll.dll:
92c.ee0: CreationTime: 2016-02-19T13:40:44.373609400Z
92c.ee0: LastWriteTime: 2016-02-19T13:40:44.373609400Z
92c.ee0: ChangeTime: 2016-02-25T16:25:42.953818200Z
92c.ee0: FileAttributes: 0x20
92c.ee0: Size: 0x1c5138
92c.ee0: NT Headers: 0xd8
92c.ee0: Timestamp: 0x56c6e04c
92c.ee0: Machine: 0x8664 - amd64
92c.ee0: Timestamp: 0x56c6e04c
92c.ee0: Image Version: 10.0
92c.ee0: SizeOfImage: 0x1ca000 (1875968)
92c.ee0: Resource Dir: 0x162000 LB 0x66370
92c.ee0: ProductName: Microsoft® Windows® Operating System
92c.ee0: ProductVersion: 10.0.14271.1000
92c.ee0: FileVersion: 10.0.14271.1000 (rs1_release.160218-2310)
92c.ee0: FileDescription: NT Layer DLL
92c.ee0: \SystemRoot\System32\kernel32.dll:
92c.ee0: CreationTime: 2016-02-19T13:40:25.420520800Z
92c.ee0: LastWriteTime: 2016-02-19T13:40:25.420520800Z
92c.ee0: ChangeTime: 2016-02-25T16:25:42.235012100Z
92c.ee0: FileAttributes: 0x20
92c.ee0: Size: 0xa9990
92c.ee0: NT Headers: 0xf8
92c.ee0: Timestamp: 0x56c6e0cf
92c.ee0: Machine: 0x8664 - amd64
92c.ee0: Timestamp: 0x56c6e0cf
92c.ee0: Image Version: 10.0
92c.ee0: SizeOfImage: 0xab000 (700416)
92c.ee0: Resource Dir: 0xa9000 LB 0x528
92c.ee0: ProductName: Microsoft® Windows® Operating System
92c.ee0: ProductVersion: 10.0.14271.1000
92c.ee0: FileVersion: 10.0.14271.1000 (rs1_release.160218-2310)
92c.ee0: FileDescription: Windows NT BASE API Client DLL
92c.ee0: \SystemRoot\System32\KernelBase.dll:
92c.ee0: CreationTime: 2016-02-19T13:40:44.436109300Z
92c.ee0: LastWriteTime: 2016-02-19T13:40:44.451733600Z
92c.ee0: ChangeTime: 2016-02-25T16:25:42.250638100Z
92c.ee0: FileAttributes: 0x20
92c.ee0: Size: 0x1f1968
92c.ee0: NT Headers: 0x100
92c.ee0: Timestamp: 0x56c6e0cd
92c.ee0: Machine: 0x8664 - amd64
92c.ee0: Timestamp: 0x56c6e0cd
92c.ee0: Image Version: 10.0
92c.ee0: SizeOfImage: 0x1f4000 (2048000)
92c.ee0: Resource Dir: 0x1dc000 LB 0x540
92c.ee0: ProductName: Microsoft® Windows® Operating System
92c.ee0: ProductVersion: 10.0.14271.1000
92c.ee0: FileVersion: 10.0.14271.1000 (rs1_release.160218-2310)
92c.ee0: FileDescription: Windows NT BASE API Client DLL
92c.ee0: \SystemRoot\System32\apisetschema.dll:
92c.ee0: CreationTime: 2016-02-19T13:40:38.498620600Z
92c.ee0: LastWriteTime: 2016-02-19T13:40:38.498620600Z
92c.ee0: ChangeTime: 2016-02-25T16:25:41.281811800Z
92c.ee0: FileAttributes: 0x20
92c.ee0: Size: 0x16b10
92c.ee0: NT Headers: 0xc0
92c.ee0: Timestamp: 0x56c6e29c
92c.ee0: Machine: 0x8664 - amd64
92c.ee0: Timestamp: 0x56c6e29c
92c.ee0: Image Version: 10.0
92c.ee0: SizeOfImage: 0x18000 (98304)
92c.ee0: Resource Dir: 0x17000 LB 0x400
92c.ee0: ProductName: Microsoft® Windows® Operating System
92c.ee0: ProductVersion: 10.0.14271.1000
92c.ee0: FileVersion: 10.0.14271.1000 (rs1_release.160218-2310)
92c.ee0: FileDescription: ApiSet Schema DLL
92c.ee0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
92c.ee0: supR3HardenedWinFindAdversaries: 0x0
92c.ee0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
92c.ee0: Calling main()
92c.ee0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
92c.ee0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
92c.ee0: SUPR3HardenedMain: Respawn #1
92c.ee0: System32: \Device\HarddiskVolume4\Windows\System32
92c.ee0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
92c.ee0: KnownDllPath: C:\WINDOWS\system32
92c.ee0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
92c.ee0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
92c.ee0: supR3HardNtEnableThreadCreation:
92c.ee0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe4b8e2ce0 pvNtTerminateThread=00007ffe4b912310
92c.ee0: supR3HardenedWinDoReSpawn(1): New child 17c.3b8 [kernel32].
92c.ee0: supR3HardNtChildGatherData: PebBaseAddress=0000000000341000 cbPeb=0x388
92c.ee0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe4b870000 uNtDllChildAddr=00007ffe4b870000
92c.ee0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe4b8e2ce0
92c.ee0: supR3HardenedWinSetupChildInit: Start child.
92c.ee0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
92c.ee0: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 31 sleeps
92c.ee0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92c.ee0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
92c.ee0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
92c.ee0: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
92c.ee0: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
92c.ee0: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
92c.ee0: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
92c.ee0: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
92c.ee0: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
92c.ee0: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
92c.ee0: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
92c.ee0: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
92c.ee0: *0000000000200000-00000000000befff 0x0000/0x0004 0x0020000
92c.ee0: 0000000000341000-000000000033dfff 0x0004/0x0004 0x0020000
92c.ee0: 0000000000344000-0000000000287fff 0x0000/0x0004 0x0020000
92c.ee0: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
92c.ee0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
92c.ee0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
92c.ee0: 000000007fff0000-ffff8009fb79ffff 0x0001/0x0000 0x0000000
92c.ee0: *00007ff704840000-00007ff70481cfff 0x0002/0x0002 0x0040000
92c.ee0: 00007ff704863000-00007ff703f85fff 0x0001/0x0000 0x0000000
92c.ee0: *00007ff705140000-00007ff705140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff705141000-00007ff7051c7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff7051c8000-00007ff7051c8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff7051c9000-00007ff705213fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff705214000-00007ff705214fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff705215000-00007ff705215fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff705216000-00007ff70521afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff70521b000-00007ff70521bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff70521c000-00007ff70521cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff70521d000-00007ff705220fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff705221000-00007ff70526bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
92c.ee0: 00007ff70526c000-00007fefbec67fff 0x0001/0x0000 0x0000000
92c.ee0: *00007ffe4b870000-00007ffe4b870fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b871000-00007ffe4b974fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b975000-00007ffe4b9b6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b9b7000-00007ffe4b9bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b9c0000-00007ffe4b9cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b9ce000-00007ffe4b9cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b9cf000-00007ffe4b9d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4b9d2000-00007ffe4ba39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
92c.ee0: 00007ffe4ba3a000-00007ffc97493fff 0x0001/0x0000 0x0000000
92c.ee0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
92c.ee0: VirtualBox.exe: timestamp 0x569e6712 (rc=VINF_SUCCESS)
92c.ee0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
92c.ee0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
92c.ee0: supR3HardNtChildPurify: Done after 323 ms and 0 fixes (loop #0).
17c.3b8: Log file opened: 5.0.14r105127 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa037bf00
17c.3b8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe4b870000
17c.3b8: ntdll.dll: timestamp 0x56c6e04c (rc=VINF_SUCCESS)
17c.3b8: New simple heap: #1 0000000000500000 LB 0x400000 (for 1875968 allocation)
92c.ee0: supR3HardNtEnableThreadCreation:
17c.3b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
17c.3b8: System32: \Device\HarddiskVolume4\Windows\System32
17c.3b8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
17c.3b8: KnownDllPath: C:\WINDOWS\system32
17c.3b8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
17c.3b8: supR3HardenedWinReadErrorInfoDevice: 'ntdll.dll: 4 differences between 0x14adac and 0x14adaf in #4 (.da'
17c.3b8: Error -5600 in supR3HardenedWinReSpawn! (enmWhat=3)
17c.3b8: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
VBoxDrvStub error: ntdll.dll: 4 differences between 0x14adac and 0x14adaf in #4 (.da
92c.ee0: supR3HardenedWinCheckChild: enmRequest=2 rc=-5600 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
VBoxDrvStub error: ntdll.dll: 4 differences between 0x14adac and 0x14adaf in #4 (.da
92c.ee0: Error -5600 in supR3HardenedWinReSpawn! (enmWhat=3)
92c.ee0: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5600 (0xffffea20) (rcNt=0xe986ea20)
VBoxDrvStub error: ntdll.dll: 4 differences between 0x14adac and 0x14adaf in #4 (.da
Thanks. Didn't think so but had to ask. This is really frustrating, been using Vbox for years with zero problems, now suddenly .....mpack wrote:And still run on a Windows 10 host? No.
At least I've got a different error message. It's almost like in Groundhog Day,stefan.becker wrote:The Problem with Avira as AV seems to be solved. With the latest Update its working again.
In our company its working. Avira is installed as 14.0.15.97.
Code: Select all
Für die virtuelle Maschine ubuntu-server-64_1404 konnte keine neue Sitzung eröffnet werden.
Failed to load unit 'lsilogicscsi' (VERR_SSM_LOADED_TOO_MUCH).
Fehlercode:E_FAIL (0x80004005)
Komponente:ConsoleWrap
Interface:IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
15.0.15.141