Page 30 of 33

Re: Discussion of Problems due to Hardened Security

Posted: 21. Dec 2016, 20:51
by mpack
@seanvree: what zip tool was used to create that "zip" file? WinZip can't open it.

Never mind: I worked out that it was 7zip. Please don't give archives the .zip extension unless they are .zip files.

As to the error, I know that Oracle have switched to a fresh set of certificates in 5.1.12, as the old ones were about to expire. I assume this is a result. Perhaps for some reason you are still relying on the old certs. I don't really know anything about this, but if I had the problem I'd confirm that I still have the old certs on the host, and Google for some way to refresh them.

Re: Discussion of Problems due to Hardened Security

Posted: 22. Dec 2016, 08:22
by seanvree
Humm, okay, I'll look into this.

Update: I rebooted the host a couple times and it's working now?? Weird.

Re: Discussion of Problems due to Hardened Security

Posted: 22. Dec 2016, 19:44
by mhou
I am on the new corporate machine of Windows 7 with McAfee VirusScan Enterprise 8.8 with latest VirtualBox 5.1.12. I am still seeing the hardened issue when running my VM. Logs files and screen shots are attached. Is there a way that VirtualBox can build a package which doesn't check for the windows hardened and skip the problem so we can use newer version of VirtualBox beside 4.3.12?

Re: Discussion of Problems due to Hardened Security

Posted: 1. Jan 2017, 19:53
by Wattle_Huan
Two years ago, I met this problem in 4.3.14 and downgrade to 4.3.12.
Now, I guess this problem maybe fixed and upgrade vbox to 5.1.12...
Er... I meet this problem again...
:(
20170102014342.png
20170102014342.png (50.41 KiB) Viewed 10524 times
I'm using:
Win7 SP1 x86 with patches before September 12th 2016
Avast Free 12.3.2280
Vbox5.1.12

[Mod edit: Deleted corrupted file VBoxHardening.zip]

Re: Discussion of Problems due to Hardened Security

Posted: 2. Jan 2017, 18:48
by socratis
You VBoxHardening.zip was corrupt and I deleted it. Please post a new one.

Re: Discussion of Problems due to Hardened Security

Posted: 3. Jan 2017, 19:16
by apim
I am getting the following error for any/all VMs on VBox 5.1.12. Older versions down to 4.3.12 do not work either. 4.3.12 does work which makes me think this is related to hardening, however the guest additions are too old to work with our projects. It is not possible for me to remove/disable DDP as this is a corporate laptop. I ran a sfc /scannow as indicated in some posts and it found no errors.
The virtual machine 'Test1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\apopescu\VirtualBox VMs\Test1\Logs\VBoxHardening.log'.


Result Code: 
E_FAIL (0x80004005)
Component: 
MachineWrap
Interface: 
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

1) Host OS and version
Windows 10 Pro
Version 1607
OS Build 14393.5

2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
Attached

3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.
Dell Data Protect | Endpoint Security Suite Enterprise v1.1.0, Build 8.10.0.27, 2016-07-13T14:24:00

Re: Discussion of Problems due to Hardened Security

Posted: 3. Jan 2017, 21:02
by Torchwood
Well I may have found a clue to a specific case of VM's failing to launch due to VBox hardening. Using Windows 10 Pro 1511 x64, build 10586.713 and VirtualBox 5.1.12.

Here's my situation. If I reboot Windows and launch Virtualbox right away, the VM fails with the typical VBox Hardening error. I see hundreds of "WinVerifyTrust" hits in the log. This is reproducible EVERY time I reboot.

But if I wait until Windows post-boot disk activity idles down for a little while, then Virtualbox VMs execute fine.

Weird?
VBoxHardening.zip
(24.83 KiB) Downloaded 62 times

Re: Discussion of Problems due to Hardened Security

Posted: 4. Jan 2017, 11:33
by mpack
Does it still do that when you don't have MalwareBytes installed?

Re: Discussion of Problems due to Hardened Security

Posted: 5. Jan 2017, 00:58
by Torchwood
mpack wrote:Does it still do that when you don't have MalwareBytes installed?
Yes it does. In fact I needed to update my sig, which I just did. I have replaced MBAE with HitmanPro.Alert for real-time exploit protection. The only MalwareBytes that I still keep on this machine is the free MBAM on-demand malware scanner, which does not load any resident drivers or services.

But to be sure, I removed all AV and security software when testing these VirtualBox errors. Because I do recall when Avira caused some related issues for me in the past. But the only thing running this time was VirtualBox.

Have not yet tried a clean boot. There are some other resident drivers and services besides Microsoft's that may need to be ruled out.

Update: I tried a diagnostic startup using msconfig, System Configuration. Loaded basic devices and services only. Plus I disabled everything in Task Manager startup. Same results. I have screen captures of the running services, as well as processes.

Re: Discussion of Problems due to Hardened Security

Posted: 20. Jan 2017, 23:33
by pal1000
As I mentioned before in viewtopic.php?f=6&t=79654&start=15 and viewtopic.php?f=6&t=79820 the true cause for which Intel HD 3000 and older iGPUs are unable to provide Direct3D on guest is because Intel OpenGL ICD ig4icd64.dll instantly exits if the Host OS is Windows 10 and is detected as such by the application which loads it. In our case it's obviously Virtualbox.
So I decided to workaround.
The obvious choice for Windows Embedded PosReady 2009 which is XP based is Swiftshader 3.0, but I don't like the watermark being in the way. So I was down to 2 options:
-llvmpipe 32-bit + wineD3D 1.7.52 both on guest. For a weird reason only this llvmpipe build works, albeit is a bit slow (certificate error ahead, most likely an unmaintained website);
-digitally signed llvmpipe 64-bit installed as an ICD replacement for the ancient OpenGL software renderer built into Windows on host + Guest Additions with Direct3D support and 3D acceleration enabled in VM settings as usual.
The last option should be slightly faster than the previous one due 2 reasons:
-it is a 64 bit DLL;
-it is the latest version at the moment of writing this.
Confirmed: CPU usage on host is at 69-75% when SopCast is running in fullscreen with minimum audio stutter (Intel Core i3-2375M 1.5 Ghz). Even further performance boost is hopped with Mesa 17. I/O APIC causes significant performance penalty, it definitely must be avoided.
The challenge was to get acceptance from hardened security.
I found this certificate authority called Ascertia that provides free 30 days code signing certificates. I got one and signed the 64-bit llvmpipe DLL. One potential issue that made me feel uneasy right away is the fact the certificate has the aging SHA1 signature. I used this command to sign it in Visual Studio Developer Command Prompt:

Code: Select all

signtool sign /a /t http://timestamp.digicert.com opengl32sw.dll
But it didn't work. Although Windows says the signature is OK, Virtualbox only shows a cryptic error in hardened security log. Something about an empty string that mustn't be empty. The only thing I can understand is that opengl32sw has been rejected. VM works just fine but no Direct3D.
Update: figured out the real cause. There are no special requirements for signature hash and digest algorithms yet, instead it appears you are not allowed to leave any certificate fields empty. These are in order along with their meaning:
-CN=Full Name;
OU=Organizational unit
O=Organization;
L=Locality
S=State
E=e-mail;
C=country.
Based on these findings I'll write a tutorial for those interested in exempting 1 file at a time from hardened security block. I did not bypassed any security put in place so this cannot be considered a vulnerability in Virtualbox. Only works for user-mode drivers (DLLs)

Re: Discussion of Problems due to Hardened Security

Posted: 11. Feb 2017, 22:09
by ant
Question for those with hardened security: Does it happen right after installation without rebooting? My 64-bit W7 HPE SP1 seems to happen only after installing and then doing a manual reboot (not required).

Thank you in advance. :)

Re: Discussion of Problems due to Hardened Security

Posted: 12. Feb 2017, 11:06
by mpack
The question is misplaced. Hardening is a feature of the VirtualBox software, not a feature of the host. If you install the software then the feature is present, and active whenever the VM software module runs.

Re: Discussion of Problems due to Hardened Security

Posted: 12. Feb 2017, 14:26
by ant
mpack wrote:The question is misplaced. Hardening is a feature of the VirtualBox software, not a feature of the host. If you install the software then the feature is present, and active whenever the VM software module runs.
OK and thanks.

Re: Discussion of Problems due to Hardened Security

Posted: 13. Feb 2017, 20:29
by Torchwood
Torchwood wrote:
Here's my situation. If I reboot Windows and launch Virtualbox right away, the VM fails with the typical VBox Hardening error. I see hundreds of "WinVerifyTrust" hits in the log. This is reproducible EVERY time I reboot.

But if I wait until Windows post-boot disk activity idles down for a little while, then Virtualbox VMs execute fine.
Since i recently upgraded from Windows 10 version 1511 to version 1607 (Anniversary Update), this problem no longer occurs.

Re: Discussion of Problems due to Hardened Security

Posted: 16. Feb 2017, 02:25
by TCH87
Windows 7 Enterprise, Service pack 1 64 bit
Symantec Endpoint protection

What happens to me is that after reinstalling it works (I have to erase additional files located at users\username\.VirtualBox and VirtualBox VMs)

If I make it work, it will stop working after a reboot.