I apologize. Should have clearly included it. See attached. Good chance that this doesn't have everything, but it is the most recent. For what it's worth, I've gone through that FAQ many times.socratis wrote:Then take some pointers of what else might be wrong in the FAQ: Diagnosing VirtualBox Hardening Issues. We might get a hint if you post a ZIPPED VBoxHardening.log
Hardened error unable to start VM's
-
- Posts: 7
- Joined: 27. Sep 2017, 20:22
Re: Hardened error unable to start VM's
Last edited by christopher87 on 3. Oct 2017, 20:12, edited 1 time in total.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Hardened error unable to start VM's
The FAQ very specifically was talking about antivirus, firewalls and other 3rd party programs. Start uninstalling one by one all of them, see who's fault it is.29f4.292c: FileDescription: Symantec CMC Firewall SysPlant 29f4.292c: FileDescription: Symantec CMC Firewall sysfer 29f4.292c: FileDescription: Symantec Event Library 29f4.292c: FileDescription: ZoneAlarm Firewalling Driver 29f4.292c: FileDescription: PowerBroker for Windows 29f4.292c: FileDescription: BeyondTrust PowerBroker for Windows DLL
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 7
- Joined: 27. Sep 2017, 20:22
Re: Hardened error unable to start VM's
Symantec's controlled by group policy, so I can't touch that... -_-
But maybe one of the others. It's worth noting that on my Windows 7 machine, I have the same AV. So I'll continue to investigate. Thanks for the reply sir.
But maybe one of the others. It's worth noting that on my Windows 7 machine, I have the same AV. So I'll continue to investigate. Thanks for the reply sir.
-
- Posts: 7
- Joined: 27. Sep 2017, 20:22
Re: Hardened error unable to start VM's
One final follow-up here. Due to my corporate environment, I have no ability to disable or tamper with AV. What's so strange is how this worked before.
Are there any ways of adding application or dll exceptions to the hardening process? Symantec doesn't trust VirtualBox, but VirtualBox doesn't trust Symantec... So no VMs. There's gotta be more workarounds or alternatives than to simply move on.
Are there any ways of adding application or dll exceptions to the hardening process? Symantec doesn't trust VirtualBox, but VirtualBox doesn't trust Symantec... So no VMs. There's gotta be more workarounds or alternatives than to simply move on.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Hardened error unable to start VM's
No, there isn't. If exceptions could be configured then malware could circumvent the checks by adding an exception. The checks would be a complete waste of time.christopher87 wrote:Are there any ways of adding application or dll exceptions to the hardening process?
The only workaround is to get your IT guys to select better AV. At my place of work we use Defender, which is free (with Windows) and works just fine with VirtualBox (and Windows).christopher87 wrote:Symantec doesn't trust VirtualBox, but VirtualBox doesn't trust Symantec... So no VMs.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Hardened error unable to start VM's
mpack beat me to the second, I had the exact same answers
Just a small note. VirtualBox doesn't trust anyone that tries to inject a DLL into VirtualBox's processes without having a properly signed certificate. That's the problem, the certificate that Symantec has, is not properly signed. If it was, there would be absolutely no problem at all. There are plenty of people that run VirtualBox alongside all sorts of programs, including Symantec. Maybe there's something wrong with your version/setup/enterprise that triggers this. Have your IT people to call Symantec and report this issue.
Just a small note. VirtualBox doesn't trust anyone that tries to inject a DLL into VirtualBox's processes without having a properly signed certificate. That's the problem, the certificate that Symantec has, is not properly signed. If it was, there would be absolutely no problem at all. There are plenty of people that run VirtualBox alongside all sorts of programs, including Symantec. Maybe there's something wrong with your version/setup/enterprise that triggers this. Have your IT people to call Symantec and report this issue.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 7
- Joined: 27. Sep 2017, 20:22
Re: Hardened error unable to start VM's
Could be! Would you happen to know (and I understand this is outside the realm of virtualbox) if there is a way I can check certificate statuses?socratis wrote:the certificate that Symantec has, is not properly signed. If it was, there would be absolutely no problem at all.
Will do what I can.socratis wrote:Maybe there's something wrong with your version/setup/enterprise that triggers this. Have your IT people to call Symantec and report this issue.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Hardened error unable to start VM's
You can right click any executable (exe or dll), open the Propertes and look at the "Digital Signatures" tab. If you don't see a tab then the executable is unsigned. Otherwise you can follow the certification chain and see if its valid.
However I must disagree with my esteemed colleague. An unsigned DLL in the AV suite itself is not the only reason for conflict. Another one I've seen is when the AV is deliberately blocking VirtualBox from examining other executables, which is how VirtualBox checks the signatures.
Step 1 in diagnosing this condition: disable the AV suite and see if VirtualBox VMs work. Yes, some people need help from IT people in order to do this test, that does not make the test less important.
Step 2: Check the executables in the AV suite folder. Make sure they all have valid signatures.
Step 3: See if VirtualBox can be added as an exception to whatever blocking the AV suite does.
However I must disagree with my esteemed colleague. An unsigned DLL in the AV suite itself is not the only reason for conflict. Another one I've seen is when the AV is deliberately blocking VirtualBox from examining other executables, which is how VirtualBox checks the signatures.
Step 1 in diagnosing this condition: disable the AV suite and see if VirtualBox VMs work. Yes, some people need help from IT people in order to do this test, that does not make the test less important.
Step 2: Check the executables in the AV suite folder. Make sure they all have valid signatures.
Step 3: See if VirtualBox can be added as an exception to whatever blocking the AV suite does.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Hardened error unable to start VM's
Don, you got to stop doing this man, I was about to hit the "Submit" button (damn, I'm a slow typist )
Step 4: The Windows certificate database was corrupt (or something along those lines). Check the interwebs for "corrupt windows certificate database".
Step 5: a program can update its DLLs (via an online update), but forget to update the Windows certificate database. That could trigger the problem as well.
Step 6: something else.
Step 4: The Windows certificate database was corrupt (or something along those lines). Check the interwebs for "corrupt windows certificate database".
Step 5: a program can update its DLLs (via an online update), but forget to update the Windows certificate database. That could trigger the problem as well.
Step 6: something else.
Really??? Why would they do that? Interesting to know...mpack wrote:AV is deliberately blocking VirtualBox from examining other executables
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: Hardened error unable to start VM's
@ christopher87
If you do identify that it is the Symantec software that is 'blocking' VirtualBox, then start from the Guidance Note here: https://support.symantec.com/en_US/arti ... 83201.html
If you do identify that it is the Symantec software that is 'blocking' VirtualBox, then start from the Guidance Note here: https://support.symantec.com/en_US/arti ... 83201.html
-
- Posts: 7
- Joined: 27. Sep 2017, 20:22
Re: Hardened error unable to start VM's
Quick update here. I've moved onto a different solution. Out of respect for the forum and this community I won't go into detail, but if you're curious feel free to PM me.
TLDR I have no control over my corporate AV. Above my pay grade, and after two weeks of troubleshooting I had to move on.
Cheers everybody. If anyone figures this out, I'd be happy to hear.
TLDR I have no control over my corporate AV. Above my pay grade, and after two weeks of troubleshooting I had to move on.
Cheers everybody. If anyone figures this out, I'd be happy to hear.
-
- Posts: 1
- Joined: 14. Nov 2017, 14:51
Re: Hardened error unable to start VM's
In my case the issue were resolved after removing BeyondTrust PowerBroker for Windows.
Re: Hardened error unable to start VM's
Hello,
in my case the issue was resolved by starting VirtualBox with "Run as Administrator".
My HOST runs Win7SP1. VirtualBox version is 5.1.26 and was installed in July 2017. I only created 1 VM with Win7SP1 as guestOS.
Until today I had no problem with this VM. Today I tried to start it and got the famous error described in this post.
in my case the issue was resolved by starting VirtualBox with "Run as Administrator".
My HOST runs Win7SP1. VirtualBox version is 5.1.26 and was installed in July 2017. I only created 1 VM with Win7SP1 as guestOS.
Until today I had no problem with this VM. Today I tried to start it and got the famous error described in this post.
Re: Hardened error unable to start VM's
I had this problem and it was fixed by uninstalling citrix
Re: Hardened error unable to start VM's
Hi,
I am using corporate laptop with 8 GB RAm and windows 8 . System has symantec AV. I am receiving below error can anyone please help
I am using corporate laptop with 8 GB RAm and windows 8 . System has symantec AV. I am receiving below error can anyone please help
Code: Select all
788.1a6c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
788.1a6c: supR3HardenedWinFindAdversaries: 0x1003
788.1a6c: \SystemRoot\System32\drivers\SysPlant.sys:
788.1a6c: CreationTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: LastWriteTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: ChangeTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: FileAttributes: 0x20
788.1a6c: Size: 0x2f798
788.1a6c: NT Headers: 0xf8
788.1a6c: Timestamp: 0x57e42455
788.1a6c: Machine: 0x8664 - amd64
788.1a6c: Timestamp: 0x57e42455
788.1a6c: Image Version: 5.0
788.1a6c: SizeOfImage: 0x2f000 (192512)
788.1a6c: Resource Dir: 0x2d000 LB 0x49c
788.1a6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
788.1a6c: [Raw version resource data: 0x2d0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
788.1a6c: ProductName: Symantec CMC Firewall
788.1a6c: ProductVersion: 14.0.1849.0000
788.1a6c: FileVersion: 14.0.1849.0000
788.1a6c: FileDescription: Symantec CMC Firewall SysPlant
788.1a6c: \SystemRoot\System32\sysfer.dll:
788.1a6c: CreationTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: LastWriteTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: ChangeTime: 2018-01-03T08:50:53.777535700Z
788.1a6c: FileAttributes: 0x20
788.1a6c: Size: 0x7a728
788.1a6c: NT Headers: 0x100
788.1a6c: Timestamp: 0x57e42469
788.1a6c: Machine: 0x8664 - amd64
788.1a6c: Timestamp: 0x57e42469
788.1a6c: Image Version: 0.0
788.1a6c: SizeOfImage: 0x8e000 (581632)
788.1a6c: Resource Dir: 0x8a000 LB 0x658
788.1a6c: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
788.1a6c: [Raw version resource data: 0x8a100 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
788.1a6c: ProductName: Symantec CMC Firewall
788.1a6c: ProductVersion: 14.0.1849.0000
788.1a6c: FileVersion: 14.0.1849.0000
788.1a6c: FileDescription: Symantec CMC Firewall sysfer
788.1a6c: \SystemRoot\System32\drivers\symevent64x86.sys:
788.1a6c: CreationTime: 2018-01-03T08:51:58.496519400Z
788.1a6c: LastWriteTime: 2018-01-03T08:51:58.480894200Z
788.1a6c: ChangeTime: 2018-01-03T08:51:58.480894200Z
788.1a6c: FileAttributes: 0x20
788.1a6c: Size: 0x18af0
788.1a6c: NT Headers: 0xe0
788.1a6c: Timestamp: 0x576875ca
788.1a6c: Machine: 0x8664 - amd64
788.1a6c: Timestamp: 0x576875ca
788.1a6c: Image Version: 6.2
788.1a6c: SizeOfImage: 0x21000 (135168)
788.1a6c: Resource Dir: 0x1f000 LB 0x3c8
788.1a6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
788.1a6c: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
788.1a6c: ProductName: SYMEVENT
788.1a6c: ProductVersion: 14.0.3.1
788.1a6c: FileVersion: 14.0.3.1
788.1a6c: FileDescription: Symantec Event Library
788.1a6c: \SystemRoot\System32\drivers\vsdatant.sys:
788.1a6c: CreationTime: 2015-11-18T04:18:36.000000000Z
788.1a6c: LastWriteTime: 2015-11-18T04:18:36.000000000Z
788.1a6c: ChangeTime: 2018-01-03T08:56:36.164480500Z
788.1a6c: FileAttributes: 0x20
788.1a6c: Size: 0x72968
788.1a6c: NT Headers: 0xe8
788.1a6c: Timestamp: 0x55c9afa1
788.1a6c: Machine: 0x8664 - amd64
788.1a6c: Timestamp: 0x55c9afa1
788.1a6c: Image Version: 6.1
788.1a6c: SizeOfImage: 0x96000 (614400)
788.1a6c: Resource Dir: 0x94000 LB 0x3d0
788.1a6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
788.1a6c: [Raw version resource data: 0x94060 LB 0x36c, codepage 0x0 (reserved 0x0)]
788.1a6c: ProductName: End Point Security
788.1a6c: ProductVersion: R80
788.1a6c: FileVersion: 926000604
788.1a6c: FileDescription: ZoneAlarm Firewalling Driver
...
788.1a6c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 94 ms, the end);
Last edited by socratis on 26. Feb 2019, 07:33, edited 1 time in total.
Reason: Removed partial log.
Reason: Removed partial log.