Hardening Fix (workaround) For Error After Install and Restart

Discussions related to using VirtualBox on Windows hosts.

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby socratis » 22. Mar 2019, 02:38

I'm not even sure why this workaround works, and neither are the developers, that's why it's not included in the hardening FAQ. Still looking for a clear cut reason...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby SadSack963 » 15. Dec 2019, 03:41

VirtualBox - Error in supR3HardenedWinReSpawn

For completeness I have included a failed and successful log file - I believe they are irrelevant to where this post is going.

The errors this post concerns have been seen many times:

First Error Box
Error relaunching VirtualBox VM process: 5
Command line:
'60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment "Linux Mint 19" --startvm 053ed1c4-3fe2-40a2-8b25-42cf7a360707 --no-startvm-errormsgbox "--sup-hardening-log=E:\VirtualBox VMs\Linux Mint 19\Logs\VBoxHardening.log"' (rc=-104)

Please try reinstalling VirtualBox.

where: supR3HardenedWinReSpawn what: 5
VERR_INVALID_NAME (-104) - Invalid (malformed) file/path name.

Second Error Box
VirtualBox - Error
Failed to open a session for the virtual machine Linux Mint 19.

The virtual machine 'Linux Mint 19' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'E:\VirtualBox VMs\Linux Mint 19\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

Testing procedure:

Host:
  • OS: Windows 10 Pro, Version 10.0.18362 Build 18362
  • CPU: Intel Core i7-7700K
  • Using VirtualBox 5.2.30-130521.
I haven't run it in quite some time because of this recurrent error. I even reverted to version 4.0.36 at one time because of this issue. I hate to say that I have been using VMWare Player v12 for years because of work obligations, but I have the freedom to use what I like now that I have retired. I much prefer the VirtualBox interface and it's so easy to pause the VM, take snapshots and save the machine states at power down, etc. I also prefer to use Open Source whenever possible. I just don't have the ability to debug it!!

Created a new VM: Linux 64-bit (also 32-bit). VM won't start: Errors as above. Uninstalled Avast antivirus. Checked Hyper-V is disabled in "Windows Features".

WindowsFeatures.png
WindowsFeatures.png (88.44 KiB) Viewed 689 times

Tried "sfc /scannow": all OK. Checked "sc.exe query vboxdrv"
SERVICE_NAME: vboxdrv
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Tried starting headless: only got second error box. Log file contains this (does this indicate that it thinks ntdll.dll is a problem?):
3bf8.35ac: '\Device\HarddiskVolume8\Windows\System32\ntdll.dll' has no imports
3bf8.35ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Windows\System32\ntdll.dll)
3bf8.35ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Windows\System32\ntdll.dll
3bf8.35ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3bf8.35ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff1b9e0000 'C:\WINDOWS\System32\ntdll.dll'
3bf8.35ac: Error -104 in supR3HardenedWinReSpawn! (enmWhat=5)
3bf8.35ac: Error relaunching VirtualBox VM process: 5
Command line: '60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment "Linux Mint 19" --startvm 053ed1c4-3fe2-40a2-8b25-42cf7a360707 --no-startvm-errormsgbox "--sup-hardening-log=E:\VirtualBox VMs\Linux Mint 19\Logs\VBoxHardening.log"

also:
1458.ab4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll' (C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll): rcNt=0xc0000190
1458.ab4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll'
1458.ab4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume8\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll [lacks WinVerifyTrust]
179c.2e14: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2576 ms, the end);

So I stopped Riva Tuner Statistics Server: It still exits with the same error.

Uninstalled VirtualBox 5.2.30. (Note: Even using IOBit Uninstaller, the procedure does not remove any extra registry keys that the VBox uninstaller may leave behind, e.g. file associations, AppIDs, etc.)

Reboot.

Installed VirtualBox-6.1.0-135406-Win.exe as administrator with all defaults. Interestingly it still remembered all my old VMs. Although they have been physically removed from the disk, the locations are still stored somewhere. The <user>\.VirtualBox folder is retained, though the VM location is not stored there! Where is this info saved?

Started the previously created Linux VM. No issues - it started just fine. It forced me to choose an ISO, so I ran a live Linux Mint ISO without installing.

Shut down the VM.

NOTE:
  • Riva Tuner Statistics Service is running normally.
  • Trusteer Endpoint Protection Console is installed but not running.
  • RapportInjService_x64 and RapportMgmtService are both running.
  • Avast antivirus is still uninstalled at this stage.
Reboot. Try to start my VM. Same errors as before. WTF? Uninstalled VirtualBox 6.1.0. Reboot. Installed VirtualBox 6.1.0 as administrator again. Did not start it once installed.

Tried the VBoxDrv "delayed" start (see Start values below):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VBoxDrv\Start changed from 1 to 3 as in viewtopic.php?f=6&t=82277&hilit=delay+start+vboxdrv

Reboot.
sc query vboxdrv
SERVICE_NAME: vboxdrv
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Try to start VM. New error:
NtCreateFile(\Device\VBoxDrvStub) failed: 0x0000034
STATUS_OBJECT_NAME_NOT_FOUND (0 retries) (rc=-101)
Make sure the kernel module has been loaded successfully.
where: supR3HardenedWinReSpawn what: 3
VERR_OPEN_FAILED (-101) - File/Device open failed. Driver is probably stuck stopping/starting...

"sc query vboxdrv" still says it is STOPPED. There obviously isn't any demand from the VirtualBox app.
sc start vboxdrv
SERVICE_NAME: vboxdrv
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

Try to start VM. Got two User Account Control pop-ups to allow VirtualBox to make system changes. (?) VM is running! Of course it doesn't have a system installed and the ISO is not mounted, but otherwise looks OK.

Reboot just to check. Try to start VM. Same -101 error.

Manually start VBoxDrv
sc start vboxdrv
No UAC pop-ups this time.

Try to start VM. Success. Again, WTF?

Conclusion:
  1. Try the registry edit:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VBoxDrv
    Change the "Start" value from 1 to 3 as in viewtopic.php?f=6&t=82277&hilit=delay+start+vboxdrv
  2. Any time you boot your computer (and want to use VirtualBox) open a command prompt by typing "cmd" at the start menu, then click on "Run as administrator" or use Ctrl-Shift-Enter.
    (You need elevated priviledges to alter the service state - an administrator account is not enough.)
  3. Type "sc start vboxdrv" at the command line and hit Enter.
  4. Start your VM as normal.
Works for me. YMMV. Now we just need to find out why...

I found this ticket https://www.virtualbox.org/ticket/13187 which is quite old but still relevant. Is it worth adding to that discussion? Are there other tickets you guys are already adding to?

Useful info follows: https://docs.microsoft.com/en-gb/window ... -directive

Start can have values as follows:
    VALUE               LOADER  MEANING
    0x0 (Boot) Kernel Part of the driver stack and must be loaded by the Boot Loader
    0x1 (System) I/O Driver to be loaded at Kernal initialization
    0x2 (Automatic) SCM Loaded or started automatically for all startups
    0x3 (Demand) SCM Available, but will not be started until called upon
    0x4 (Disabled) SCM Not to be started under any conditions

A Start value of 2 does not work because the service is Type 1 and is not controlled by SCM (services.msc), similarly inserting a registry value for delayed start does nothing (AutoStartDelay). So for us the only option is a Start value of 3 and a manual request.

StartType=start-code
Specifies when to start the driver as one of the following numeric values, expressed either in decimal or, as shown in the following list, in hexadecimal notation.
0x0 (SERVICE_BOOT_START)
Indicates a driver started by the operating system loader.
This value must be used for drivers of devices required for loading the operating system.
0x1 (SERVICE_SYSTEM_START)
Indicates a driver started during operating system initialization.
This value should be used by PnP drivers that do device detection during initialization but are not required to load the system.
For example, a PnP driver that can also detect a legacy device should specify this value in its INF so that its DriverEntry routine is called to find the legacy device, even if that device cannot be enumerated by the PnP manager.
0x2 (SERVICE_AUTO_START)
Indicates a driver started by the service control manager during system startup.
This value should never be used in the INF files for WDM or PnP device drivers.
0x3 (SERVICE_DEMAND_START)
Indicates a driver started on demand, either by the PnP manager when the corresponding device is enumerated or possibly by the service control manager in response to an explicit user demand for a non-PnP device.
This value should be used in the INF files for all WDM drivers of devices that are not required to load the system and for all PnP device drivers that are neither required to load the system nor engaged in device detection.
0x4 (SERVICE_DISABLED)
Indicates a driver that cannot be started.
This value can be used to temporarily disable the driver services for a device. However, a device/driver cannot be installed if this value is specified in the service-install section of its INF file.

Service Type:
Interestingly, vboxdrv.sys does not appear in services.msc nor Task Manager nor in SysInternals PsService because it is set to Type = 1 (SERVICE_KERNEL_DRIVER).
The services that are controlled by the Service Manager (services.msc) are listed as Type 16 (0x10), Type 32 (0x20) (can share a process with other services), Type 272 (0x110) or Type 288 (0x120) (usually third party services).

ServiceType=type-code
The type-code for a kernel-mode device driver must be set to 0x00000001 (SERVICE_KERNEL_DRIVER).
The type-code for a Microsoft Win32 service that is installed for a device should be set to 0x00000010 (SERVICE_WIN32_OWN_PROCESS) or 0x00000020 (SERVICE_WIN32_SHARE_PROCESS). If the Win32 service can interact with the desktop, the type-code value should be combined with 0x00000100 (SERVICE_INTERACTIVE_PROCESS).
Attachments
VBoxHardening - Reinstall - Success.zip
(46.61 KiB) Downloaded 9 times
VBoxHardening-NoAvast.zip
(11.99 KiB) Downloaded 9 times
SadSack963
 
Posts: 7
Joined: 21. Sep 2018, 18:26

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby scottgus1 » 15. Dec 2019, 04:06

Long post there, SadSack963... From what I see in the first hardening log, the problem is with:
2f30.21a8: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume8\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume8\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll

Also:
Riva Tuner Statistics Service is running normally.
Trusteer Endpoint Protection Console is installed but not running.
RapportInjService_x64 and RapportMgmtService are both running.
Avast antivirus is still uninstalled at this stage.

Trusteer has been known to interfere with Virtualbox. Google "Trusteer Rapport site:forums.virtualbox.org" to see if anyone got around having this program and Virtualbox running at the same time. Or run Trusteer in a guest, not on the host, and do your important financial stuff in the guest only.

Presence or absence of Hyper-V-supported services will not cause hardening errors. (They cause another sort of errors & troubles instead, what a relief, huh? :lol: )

Try completely uninstalling Riva, Trusteer, and run with native Windows Defender AV, and try Virtualbox again.
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
Volunteer
 
Posts: 7522
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby socratis » 15. Dec 2019, 12:05

@SadSack963
As a rule of thumb, if your post exceeds one page in your browser, it's too long. Nobody here wants to read "War and Peace", they're just going to say: TL;DR... ;)
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby SadSack963 » 15. Dec 2019, 15:28

Hi guys,

Jeeze, there's no pleasing you lot is there? You complain all the time about people not giving you information about their system, not telling you what they've tried, have they read the FAQ, etc. Then I get told off for too much info! ;)

No, I'm not trying to start a flame war, just a tongue-in-cheek response. I really do appreciate all the time and effort you guys put into the forums.

I'm trying to add as much information to the discussion as possible so that it gets picked up by Google and may help other users who come across the same or similar issues. As a programmer myself (not Windows unfortunately) I like to gather as much information about an issue as I can to help me solve it. Hopefully there will be a few people who do take the trouble to read through this thread and glean some useful knowledge.

@scottgus1
scottgus1 wrote:Trusteer has been known to interfere with Virtualbox.

I am aware of this which is why I pointed it out - the VirtualBox VM started perfectly after a fresh install prior to reboot with both Riva Tuner Statistics Service and Trusteer/Rapport working normally (and no doubt Avast too if it was installed). The problem only occurred after the PC had been rebooted.

And again, once VBoxDrv.sys is set to Demand start and started manually after boot, the VM works perfectly with all of this software (including Avast which I reinstalled) running alongside it on the host.

--

This collection of problems (for users) has been around since hardening was first introduced in July 2014, and we (as users) are still struggling with it with very little real knowledge and a log file that few can interpret. 5 years later we still don't have a comprehensive solution. I see no contribution from the devs in the forum (maybe I haven't searched enough so this could be a libel on my part). Looking through the strings in VBoxDrv.sys reveals a multitude of errors intended to go into a log file, and yet there is no related log file. It would appear that the facility is disabled or maybe only used by the devs.

There's not one mention of the problems in the help files, nor on the VirtualBox website. There's a dozen or so mentions of hardening and instructions on how to build a non-hardened version for the various platforms (not recommended). And yet there's 646 tickets from users related to hardening issues!

I'm not slagging off the devs either. I think they have done a wonderful job over the years and I appreciate their hard work. But this is a real problem and a show stopper for end users. Most do not even have the ability to investigate the problems they are having let alone fix it on their systems. They probably just say "F*** this" and go use VMWare instead which works without flaw. Which is a real shame because VirtualBox is a wonderful piece of software... when it works!

It reminds me of the early days of Linux, when the attitude of many was if you weren't clever enough to RTFM and overcome the problems it threw at you then you weren't clever enough to use it. Thankfully that has changed and Linux is now becoming mainstream. I want the same for VirtualBox.

Best Regards.
SadSack963
 
Posts: 7
Joined: 21. Sep 2018, 18:26

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby scottgus1 » 15. Dec 2019, 15:47

SadSack963 wrote:once VBoxDrv.sys is set to Demand start and started manually after boot, the VM works perfectly with all of this software (including Avast which I reinstalled) running alongside it on the host.

Interesting. I didn't read back through the whole thread from page 1, but I do recall this now that you mention it again. There have been some reports of folks reinstalling their security software after taking it off and getting Virtualbox running, and having everything now coexist peacefully. The mind-boggling wonder of computers, huh?

SadSack963 wrote:once VBoxDrv.sys is set to Demand start and started manually after boot,

Sounds like the sort of thing I'd put in a startup script started by the Task Scheduler.
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
Volunteer
 
Posts: 7522
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby SadSack963 » 15. Dec 2019, 15:54

scottgus1 wrote:Sounds like the sort of thing I'd put in a startup script started by the Task Scheduler.

Absolutely... once I find out how to get an elevated command working from there :)
SadSack963
 
Posts: 7
Joined: 21. Sep 2018, 18:26

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby SadSack963 » 15. Dec 2019, 16:54

Cool. It works!

Here are instructions for anyone who needs this and isn't familiar with it:

  • Open Task Scheduler (Start Menu, type "sched" and you should see the app)
  • In the left hand pane navigate to Task Scheduler Library -> My Tasks
  • Under Actions in the right hand pane click Create Task...
  • On the General tab, type a Name e.g. Start_VBoxDrv and a description if you want
  • In Security options click Change User or Group
  • Type "System" (without the quotes) and click Check Names. It should then appear in underlined capitals. Click OK.
  • Back on the General tab, Tick "Run with highest priviledges"
  • On the Triggers tab, click New...
  • Click the dropdown box next to "Begin the task:". I selected "At log on".
  • Select a specific user if you require.
  • Tick "Delay task for:" I used 1 minute.
  • Make sure Enabled is ticked.
  • Click OK
  • On the Actions tab, click New...
  • Select Action "Start a program"
  • In Program/script type "sc" (without the quotes)
  • In Add arguments (optional): type "start vboxdrv" (without the quotes)
  • Click OK
  • Click OK
That's it. You're done. Just start VirtualBox as normal from now on. :)

ScheduledTask.png
ScheduledTask.png (94.3 KiB) Viewed 675 times
SadSack963
 
Posts: 7
Joined: 21. Sep 2018, 18:26

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby scottgus1 » 15. Dec 2019, 20:37

Nice! That Task Scheduler is pretty useful I use it to start UAC-requesting programs that I want the UAC to be automatically answered 'Yes'.

Glad you're up and running. And thanks for the tutorial & screenshot as well.
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
Volunteer
 
Posts: 7522
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby socratis » 16. Dec 2019, 02:30

SadSack963 wrote:and we (as users) are still struggling with it with very little real knowledge and a log file that few can interpret.
Few? Try "fewer"... way, way fewer! :)

SadSack963 wrote:5 years later we still don't have a comprehensive solution.
Yes we do. Since day 1 actually. And it's quite a simple rule:
If a process wants to get into the memory space of VirtualBox, it shall be 1) properly, and 2) verifiably signed.
That's it actually, that's the whole hardening check in one sentence...

SadSack963 wrote:I see no contribution from the devs in the forum
There is some when required, but I doubt that you will see too much of it. And contribution towards what goal exactly? Identifying what might be possibly installed on each user's computer? 99% is handled by volunteers here in the forums.

SadSack963 wrote:And yet there's 646 tickets from users related to hardening issues!
Most of them are [Invalid] and need someone to go through each and every one of them and close them. There might be a couple that are actually valid ones (due to an overzealous hardening check), but most of them are noise.

SadSack963 wrote:But this is a real problem and a show stopper for end users. Most do not even have the ability to investigate the problems they are having let alone fix it on their systems.
I couldn't agree more with you. Any ideas on how to improve the situation?

SadSack963 wrote:It reminds me of the early days of Linux, when the attitude of many was if you weren't clever enough to RTFM and overcome the problems it threw at you then you weren't clever enough to use it.
Not quite the same. The problem here is that some security researcher found out a security hole. VirtualBox had to address the issue, otherwise Oracle would be really (lawsuit) slapped in the face if they didn't take any action. Which leaves us where we are today.

FWIW, a lot of people have never seen a hardening problem. Actually, given the report rate, I'd say 90+% of the people never do. And yes, I'm pulling that number out of thin air, but it's my guesstimate.

As far as your Scheduled Task, doesn't that interfere with the built-in service? Shouldn't you Disable the service, or at a minimum make it Manual? And the recipe didn't work for me, I'm not an Administrator, can't even create the Task, which means it's limited in scope as to who can actually use it.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby SadSack963 » 16. Dec 2019, 03:54

socratis wrote:
If a process wants to get into the memory space of VirtualBox, it shall be 1) properly, and 2) verifiably signed.
That's it actually, that's the whole hardening check in one sentence...

Well, I have to agree. But the particular issue in this thread at least is nothing to do with a process trying to get in - the log file is actually generating misleading information for the user. The log file is telling us it's a hardening problem when it's actually a kernel driver issue. Or maybe it's our interpretaion of the log that's wrong, which is why the recommendation to uninstall antivirus, trusteer and any other random program the log file doesn't appear to like is so common. We really could do with some clarity on how the read the damn thing properly.
The particular issue in this thread appears to be a failure of the driver service VBoxDrv.sys to do it's job properly at system initialisation. From what I can decipher of the file it looks like it detects and/or registers system and/or virtual devices ready for use by the VirtualBox program. Maybe it's trying to do this before things are ready for it? I have no idea. But delaying this process seems to cure the problem we are having here. I guess the only way to find out is to download the source files and trawl through that! Anyone game?

socratis wrote:And contribution towards what goal exactly? Identifying what might be possibly installed on each user's computer? 99% is handled by volunteers here in the forums.

No I agree, they couldn't possibly spend the time doing that, and we all appreciate what the volunteers are trying to do to help us. But it's like the blind leading the blind to some extent. You are limited by the lack of knowledge. Oracle should at the very least have some sort of generalised troubleshooting document for hardening issues, but it's not mentioned anywhere in their documentation. After all, they are the only ones who really know how it works. We may know what a hardening fault is and may be able to guess at possible causes, but the common everyday user has no clue. They will just give up and use something else. I imagine Oracle is losing users in droves - those people will not even attempt to post here because they have no idea what to look for and probably wouldn't understand the suggested solutions anyway. Advising people to uninstall their paid-for and trusted antivirus that they've used for years won't go down well.

socratis wrote:
SadSack963 wrote:But this is a real problem and a show stopper for end users. Most do not even have the ability to investigate the problems they are having let alone fix it on their systems.
I couldn't agree more with you. Any ideas on how to improve the situation?

Gosh no! But why is it that VMWare and Azure and Hyper-V and XenServer et al are not having these hardening issues? I have no clue but there must be something wrong here. Just Google "virtual machine hardening problem" and you'll see that the majority of (if not all) results are for VirtualBox.

socratis wrote:As far as your Scheduled Task, doesn't that interfere with the built-in service? Shouldn't you Disable the service, or at a minimum make it Manual? And the recipe didn't work for me, I'm not an Administrator, can't even create the Task, which means it's limited in scope as to who can actually use it.

Yes. Right back at the OP, and also in my admittedly rather long-winded diagnostic post, it states that the service needs to be set to Start = 3 (Demand) in the registry. Then the scheduled task simply generates the start demand via sc.exe after giving the system time to stabilise after boot.

As for you not being an Administrator, I assume you can actually get the Task Scheduler app showing in the Start menu? If so, then click on Run as administrator or hit Ctrl+Shift+Enter. This should work, yes??

Best Regards.
SadSack963
 
Posts: 7
Joined: 21. Sep 2018, 18:26

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby scottgus1 » 16. Dec 2019, 22:41

SadSack963 wrote:We really could do with some clarity on how the read the damn thing properly.

You're preaching to the choir, there, brother. Been asked and answered. The devs keep those cards extremely close to the chest, even among themselves. Trade-secret-style, I-could-tell-you but-then... (almost) levels of security. Can't have the bad guys really know how to use this security hole.

From the Trusteer website:
IBM Trusteer Rapport is an advanced endpoint protection solution designed to protect users from financial malware and phishing attacks.

For Trusteer to stop some of these bad guys, they may dig deep into the PC, in ways similar to Virtualbox.

appears to be a failure of the driver service VBoxDrv.sys to do it's job properly at system initialisation.

Not necessarily. It looks like the combination of Trusteer and Virtualbox requires the delayed-start workaround. I don't have any Virtualbox service or driver issues on any hosts I've run for years, but I don't have Trusteer either. If Trusteer also starts services and drivers, then conflict may exist and workarounds be necessary.

SadSack963 wrote:why is it that VMWare and Azure and Hyper-V and XenServer et al are not having these hardening issues?

Googling each of these leads me to believe they are all type-1 hypervisors. Meaning they sit on the bare metal before the main and guest OS's. So they get to run before malware can find security holes. Virtualbox is a type-2 hypervisor, and needs an already running OS to then run guests. Apples to oranges. Additionally, though VMware also provides a type-2 version (I think) they may have different ways of doing things that are licensed/copyrighted/illegal-to-borrow, and Virtualbox isn't allowed to do things that way, If so, apples to cucumbers. Further, these other hypervisors no doubt have their own share of security holes they have to plug and users have to work around. We are somewhat Virtualbox-centric around here, for some strange reason, so we're not conversant in what VMware or Hyper-V makes their users jump through. :twisted:

SadSack963 wrote:the recommendation to uninstall antivirus, trusteer and any other random program the log file doesn't appear to like is so common.

Yes. Folks come to us and say "Get my Virtualbox running!" We respond, "XYZ program seems to stop Virtualbox, try taking it off." Folks come back, mostly "Thanks that was it!" occasionally "I can't get rid of that, I need it, guess Virtualbox is out for me."
Human government is like that crazy uncle who hides a quarter in his fist behind his back, then asks you to guess which fist the quarter is in...
No matter which side you choose, Left or Right, both Sides are empty.
scottgus1
Volunteer
 
Posts: 7522
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby JAFONE » 15. May 2020, 03:59

Some third party software (In particular remote access security software) will write code and produce "Hardening Error". IBM Trusteer Rapport will create a conflict, and if uninstalled, will permit VBox to run.
JAFONE
 
Posts: 1
Joined: 15. May 2020, 01:23

Re: Hardening Fix (workaround) For Error After Install and Restart

Postby tex81 » 2. Jul 2020, 11:41

Thank you for the workaround that works perfectly on my Windows 10 OS with the VirtualBox 6.1.0.
I have lost plenty of time before finding this post that solves the annoying issue. I cannot understand this is not added to the hardening diagnostic "official" post.
Just an addendum.
In my case the vboxdrv service does not start automatically with VirtualBox. I need to start it manually through cmd with admin privilegies.
I prepared a .bat file to do that automatically (see below).
Help yourself!




@echo off
:: On execute les commandes en administateur

:-------------------------------------
REM --> Verification des permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
REM --> Erreur vous ne possedez pas les droits admin
if '%errorlevel%' NEQ '0' (
echo Verification des privileges administrateur
goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"="
echo UAC.ShellExecute "%~s0", "%params%", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B

:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
:--------------------------------------

sc start vboxdrv
tex81
 
Posts: 1
Joined: 2. Jul 2020, 11:35

Previous

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: Baidu [Spider], mpack and 29 guests