Our IT people pushed SentinelOne and a batch of recent microsoft patches to our PCs this weekend. After rebooting windows 7, virtualBox starts but I cannot run my Fedora VM. It hangs at the "Creating process for virtual machine" message box.
Virtual box itself is completely hung at this point. The starting process cannot be killed. If I kill virtual box with task manager I cannot try to restart the VM until I reboot - although this is probably just a lock cleanup.
I am using the most recent VirtualBox version 5.1.26r117224. I even deleted VirtualBox and reinstalled it hoping it might register some new permissions. That didn't seem likely and it in fact didn't help. Any thoughts would be helpful.
Possible conflict with SentinalOne
Re: Possible conflict with SentinalOne
The PC "support" (a misnomer if ever there was one) people have replaced the anti-virus software with this sentinalOne stuff. Thus I don't have an anti-virus product to disable.
I do not have Hyper-v. I reinstalled virtualbox again using run as administrator
Info:
VirtualBox: 5.1.26r117224
Host HW: Dell E6540 i7-4810Q 16GB RAM
Host OS: Windows 7 Enterprise SP1 64 bit
Guest OS: Fedora 25 64bit. Was working as recently as this morning. I DO have the Guest Additions installed.
Changes installed today:
Cumulative Service Update for IE 11: KB4034733
2017-08 System updates: KB4034679
Adobe Flash Player: 26.0.0.151
MS Endpoint Protection: KB2461484 (1.248.1294.0, 1.211.303.0, 1.199.3104.0, 1.249.1294.0, 1.199.3104.0)
-------
After the reinstall as administrator the VM still fails to come up. Stuck at 0% complete with:
"Creating process for virtual machine "Fedora 25" (GUI/QT) (1/2)"
I do not have Hyper-v. I reinstalled virtualbox again using run as administrator
Info:
VirtualBox: 5.1.26r117224
Host HW: Dell E6540 i7-4810Q 16GB RAM
Host OS: Windows 7 Enterprise SP1 64 bit
Guest OS: Fedora 25 64bit. Was working as recently as this morning. I DO have the Guest Additions installed.
Changes installed today:
Cumulative Service Update for IE 11: KB4034733
2017-08 System updates: KB4034679
Adobe Flash Player: 26.0.0.151
MS Endpoint Protection: KB2461484 (1.248.1294.0, 1.211.303.0, 1.199.3104.0, 1.249.1294.0, 1.199.3104.0)
-------
After the reinstall as administrator the VM still fails to come up. Stuck at 0% complete with:
"Creating process for virtual machine "Fedora 25" (GUI/QT) (1/2)"
- Attachments
-
- VBoxHardeningLog.log
- (24.61 KiB) Downloaded 14 times
-
- VBox.log
- (126.3 KiB) Downloaded 7 times
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Possible conflict with SentinalOne
There probably isn't much we will be able to do about this. The linked 'Diagnosing' tutorial shows the reasons why programs and dll's fail to allow Virtualbox to run. If you can set an exception in whatever security software you have on your employer's PC to allow Virtualbox to run, you may be able to proceed. If your IT department has things locked down, Virtualbox won't run. If you can't work because of this, talk to your manager/boss and the IT dept. Maybe they can let things ease up on your workstation.
Re: Possible conflict with SentinalOne
So this means you saw the problem in the logs? I saw the part about apphelp.dll not loading, but I have no idea what that is or if it was actually important. Can you give me any information to pass along? Without VERY specific instructions on EXACTLY what I want they will just say it isn't part of the standard build. The standard build being windows 7 and ms office and... well nope... that's all actually.
Last edited by terry2016 on 22. Aug 2017, 17:00, edited 1 time in total.
-
- Volunteer
- Posts: 5105
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: Possible conflict with SentinalOne
I was surprised to see an MS endpoint protection update when you say that your firm is also running SentinelOne. Surely your firm is not running both (which it looks like they are). They are both antimalware products, one by Microsoft and one third party software.
Bill
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Possible conflict with SentinalOne
Don't forget that Trend Micro is also running. They should definitely consider installing Kaspersky, McAfee and Symantec. At a minimum!BillG wrote:Surely your firm is not running both (which it looks like they are).
PS. Here's a quick lesson in Greek (sorry, I can't restrain myself) :
- para-noia: From "para" which means close but not in a normal way (think paramilitary, paradox) and "nous" which means logic, reason (think metanoia, dianoia[1]).
[1]: Yes, dianetics is derived from that...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: Possible conflict with SentinalOne
I have observed that their pushes as often as not don't work. I am not surprised virus scanner before last: Trend Micro is still laying around. They replaced MS Lync with the slightly worse Skype for business. Not more than 2/3 of the PCs were successfully migrated. This is fairly typical.
But they probably won't remove MS endpoint. It seems to me the universal view of IT security people is "If I LOCK OUT EVERYTHING I can't lose my job". And I'm sure doing care and feeding on thousands of people that can't remember their email password is pretty much the definition of a terrible job. So we have an uneasy truce. I mostly ignore them and they ignore me.
After all their hardware their rules. But since 99% of everything I do is in virtualBox this is roughly equivalent to having a hard drive failure. Which BTW "I" have backed up: the VM, not windows.
All that said, I got responses on here in an hour or so. My official support ticket with IT hasn't even gotten assigned yet. <Sigh>
If anyone has words I could use other than "I need to run VirtualBox" I would appreciate. I don't know if I just need someone with REAL admin privileges to install virtualBox, or if there is a list of DLLs that need to be authorized, or if I should just abandon all hope now.
But they probably won't remove MS endpoint. It seems to me the universal view of IT security people is "If I LOCK OUT EVERYTHING I can't lose my job". And I'm sure doing care and feeding on thousands of people that can't remember their email password is pretty much the definition of a terrible job. So we have an uneasy truce. I mostly ignore them and they ignore me.
After all their hardware their rules. But since 99% of everything I do is in virtualBox this is roughly equivalent to having a hard drive failure. Which BTW "I" have backed up: the VM, not windows.
All that said, I got responses on here in an hour or so. My official support ticket with IT hasn't even gotten assigned yet. <Sigh>
If anyone has words I could use other than "I need to run VirtualBox" I would appreciate. I don't know if I just need someone with REAL admin privileges to install virtualBox, or if there is a list of DLLs that need to be authorized, or if I should just abandon all hope now.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Possible conflict with SentinalOne
I wouldn't abandon hope yet. There is no black/white-list for dll's for Virtualbox. If you don't have privileges to set exceptions in the multitude of security products IT has installed, then you will need to make the case to your boss that work can't proceed unless you have Virtualbox. What your boss will say depends on the strength of your case, and his ability to persuade IT.