Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

@seanvree: what zip tool was used to create that "zip" file? WinZip can't open it.

Never mind: I worked out that it was 7zip. Please don't give archives the .zip extension unless they are .zip files.

As to the error, I know that Oracle have switched to a fresh set of certificates in 5.1.12, as the old ones were about to expire. I assume this is a result. Perhaps for some reason you are still relying on the old certs. I don't really know anything about this, but if I had the problem I'd confirm that I still have the old certs on the host, and Google for some way to refresh them.
seanvree
Posts: 15
Joined: 21. Dec 2016, 18:50

Re: Discussion of Problems due to Hardened Security

Post by seanvree »

Humm, okay, I'll look into this.

Update: I rebooted the host a couple times and it's working now?? Weird.
Last edited by socratis on 22. Dec 2016, 08:46, edited 1 time in total.
Reason: Removed unnecessary verbatim quote of the whole previous message.
mhou
Posts: 3
Joined: 3. Dec 2014, 18:30

Re: Discussion of Problems due to Hardened Security

Post by mhou »

I am on the new corporate machine of Windows 7 with McAfee VirusScan Enterprise 8.8 with latest VirtualBox 5.1.12. I am still seeing the hardened issue when running my VM. Logs files and screen shots are attached. Is there a way that VirtualBox can build a package which doesn't check for the windows hardened and skip the problem so we can use newer version of VirtualBox beside 4.3.12?
Attachments
Error message 2
Error message 2
2016-12-22 09_37_21-VirtualBox - Error.png (25.23 KiB) Viewed 10519 times
Error message 1
Error message 1
2016-12-22 09_31_36-VirtualBox - Error In supR3HardenedWinReSpawn.png (19.07 KiB) Viewed 10519 times
VBoxHardening.zip
VBoxHardening.log
(11.03 KiB) Downloaded 36 times
Wattle_Huan
Posts: 1
Joined: 1. Jan 2017, 19:28

Re: Discussion of Problems due to Hardened Security

Post by Wattle_Huan »

Two years ago, I met this problem in 4.3.14 and downgrade to 4.3.12.
Now, I guess this problem maybe fixed and upgrade vbox to 5.1.12...
Er... I meet this problem again...
:(
20170102014342.png
20170102014342.png (50.41 KiB) Viewed 10426 times
I'm using:
Win7 SP1 x86 with patches before September 12th 2016
Avast Free 12.3.2280
Vbox5.1.12

[Mod edit: Deleted corrupted file VBoxHardening.zip]
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Discussion of Problems due to Hardened Security

Post by socratis »

You VBoxHardening.zip was corrupt and I deleted it. Please post a new one.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
apim
Posts: 1
Joined: 3. Jan 2017, 19:03

Re: Discussion of Problems due to Hardened Security

Post by apim »

I am getting the following error for any/all VMs on VBox 5.1.12. Older versions down to 4.3.12 do not work either. 4.3.12 does work which makes me think this is related to hardening, however the guest additions are too old to work with our projects. It is not possible for me to remove/disable DDP as this is a corporate laptop. I ran a sfc /scannow as indicated in some posts and it found no errors.
The virtual machine 'Test1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\apopescu\VirtualBox VMs\Test1\Logs\VBoxHardening.log'.


Result Code: 
E_FAIL (0x80004005)
Component: 
MachineWrap
Interface: 
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

1) Host OS and version
Windows 10 Pro
Version 1607
OS Build 14393.5

2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
Attached

3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.
Dell Data Protect | Endpoint Security Suite Enterprise v1.1.0, Build 8.10.0.27, 2016-07-13T14:24:00
Attachments
VBoxHardening.zip
(2.82 KiB) Downloaded 39 times
Torchwood
Posts: 18
Joined: 27. Apr 2015, 21:03
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows XP, Xubuntu, Mint

Re: Discussion of Problems due to Hardened Security

Post by Torchwood »

Well I may have found a clue to a specific case of VM's failing to launch due to VBox hardening. Using Windows 10 Pro 1511 x64, build 10586.713 and VirtualBox 5.1.12.

Here's my situation. If I reboot Windows and launch Virtualbox right away, the VM fails with the typical VBox Hardening error. I see hundreds of "WinVerifyTrust" hits in the log. This is reproducible EVERY time I reboot.

But if I wait until Windows post-boot disk activity idles down for a little while, then Virtualbox VMs execute fine.

Weird?
VBoxHardening.zip
(24.83 KiB) Downloaded 46 times
"Everything should be made as simple as possible, but not simpler." — Albert Einstein
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

Does it still do that when you don't have MalwareBytes installed?
Torchwood
Posts: 18
Joined: 27. Apr 2015, 21:03
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows XP, Xubuntu, Mint

Re: Discussion of Problems due to Hardened Security

Post by Torchwood »

mpack wrote:Does it still do that when you don't have MalwareBytes installed?
Yes it does. In fact I needed to update my sig, which I just did. I have replaced MBAE with HitmanPro.Alert for real-time exploit protection. The only MalwareBytes that I still keep on this machine is the free MBAM on-demand malware scanner, which does not load any resident drivers or services.

But to be sure, I removed all AV and security software when testing these VirtualBox errors. Because I do recall when Avira caused some related issues for me in the past. But the only thing running this time was VirtualBox.

Have not yet tried a clean boot. There are some other resident drivers and services besides Microsoft's that may need to be ruled out.

Update: I tried a diagnostic startup using msconfig, System Configuration. Loaded basic devices and services only. Plus I disabled everything in Task Manager startup. Same results. I have screen captures of the running services, as well as processes.
"Everything should be made as simple as possible, but not simpler." — Albert Einstein
pal1000
Posts: 20
Joined: 20. Oct 2014, 10:40

Re: Discussion of Problems due to Hardened Security

Post by pal1000 »

As I mentioned before in viewtopic.php?f=6&t=79654&start=15 and viewtopic.php?f=6&t=79820 the true cause for which Intel HD 3000 and older iGPUs are unable to provide Direct3D on guest is because Intel OpenGL ICD ig4icd64.dll instantly exits if the Host OS is Windows 10 and is detected as such by the application which loads it. In our case it's obviously Virtualbox.
So I decided to workaround.
The obvious choice for Windows Embedded PosReady 2009 which is XP based is Swiftshader 3.0, but I don't like the watermark being in the way. So I was down to 2 options:
-llvmpipe 32-bit + wineD3D 1.7.52 both on guest. For a weird reason only this llvmpipe build works, albeit is a bit slow (certificate error ahead, most likely an unmaintained website);
-digitally signed llvmpipe 64-bit installed as an ICD replacement for the ancient OpenGL software renderer built into Windows on host + Guest Additions with Direct3D support and 3D acceleration enabled in VM settings as usual.
The last option should be slightly faster than the previous one due 2 reasons:
-it is a 64 bit DLL;
-it is the latest version at the moment of writing this.
Confirmed: CPU usage on host is at 69-75% when SopCast is running in fullscreen with minimum audio stutter (Intel Core i3-2375M 1.5 Ghz). Even further performance boost is hopped with Mesa 17. I/O APIC causes significant performance penalty, it definitely must be avoided.
The challenge was to get acceptance from hardened security.
I found this certificate authority called Ascertia that provides free 30 days code signing certificates. I got one and signed the 64-bit llvmpipe DLL. One potential issue that made me feel uneasy right away is the fact the certificate has the aging SHA1 signature. I used this command to sign it in Visual Studio Developer Command Prompt:

Code: Select all

signtool sign /a /t http://timestamp.digicert.com opengl32sw.dll
But it didn't work. Although Windows says the signature is OK, Virtualbox only shows a cryptic error in hardened security log. Something about an empty string that mustn't be empty. The only thing I can understand is that opengl32sw has been rejected. VM works just fine but no Direct3D.
Update: figured out the real cause. There are no special requirements for signature hash and digest algorithms yet, instead it appears you are not allowed to leave any certificate fields empty. These are in order along with their meaning:
-CN=Full Name;
OU=Organizational unit
O=Organization;
L=Locality
S=State
E=e-mail;
C=country.
Based on these findings I'll write a tutorial for those interested in exempting 1 file at a time from hardened security block. I did not bypassed any security put in place so this cannot be considered a vulnerability in Virtualbox. Only works for user-mode drivers (DLLs)
ant
Posts: 334
Joined: 9. Jul 2007, 20:02
Primary OS: MS Windows other
VBox Version: OSE other
Guest OSses: Windows and macOSes
Location: An Ant Farm
Contact:

Re: Discussion of Problems due to Hardened Security

Post by ant »

Question for those with hardened security: Does it happen right after installation without rebooting? My 64-bit W7 HPE SP1 seems to happen only after installing and then doing a manual reboot (not required).

Thank you in advance. :)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

The question is misplaced. Hardening is a feature of the VirtualBox software, not a feature of the host. If you install the software then the feature is present, and active whenever the VM software module runs.
ant
Posts: 334
Joined: 9. Jul 2007, 20:02
Primary OS: MS Windows other
VBox Version: OSE other
Guest OSses: Windows and macOSes
Location: An Ant Farm
Contact:

Re: Discussion of Problems due to Hardened Security

Post by ant »

mpack wrote:The question is misplaced. Hardening is a feature of the VirtualBox software, not a feature of the host. If you install the software then the feature is present, and active whenever the VM software module runs.
OK and thanks.
Torchwood
Posts: 18
Joined: 27. Apr 2015, 21:03
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows XP, Xubuntu, Mint

Re: Discussion of Problems due to Hardened Security

Post by Torchwood »

Torchwood wrote:
Here's my situation. If I reboot Windows and launch Virtualbox right away, the VM fails with the typical VBox Hardening error. I see hundreds of "WinVerifyTrust" hits in the log. This is reproducible EVERY time I reboot.

But if I wait until Windows post-boot disk activity idles down for a little while, then Virtualbox VMs execute fine.
Since i recently upgraded from Windows 10 version 1511 to version 1607 (Anniversary Update), this problem no longer occurs.
"Everything should be made as simple as possible, but not simpler." — Albert Einstein
TCH87
Posts: 3
Joined: 16. Feb 2017, 01:33

Re: Discussion of Problems due to Hardened Security

Post by TCH87 »

Windows 7 Enterprise, Service pack 1 64 bit
Symantec Endpoint protection

What happens to me is that after reinstalling it works (I have to erase additional files located at users\username\.VirtualBox and VirtualBox VMs)

If I make it work, it will stop working after a reboot.
Attachments
VboxHardening.zip
(11.88 KiB) Downloaded 49 times
Locked