Possible conflict with SentinalOne

[terry2016]

Our IT people pushed SentinelOne and a batch of recent microsoft patches to our PCs this weekend. After rebooting windows 7, virtualBox starts but I cannot run my Fedora VM. It hangs at the "Creating process for virtual machine" message box.

Virtual box itself is completely hung at this point. The starting process cannot be killed. If I kill virtual box with task manager I cannot try to restart the VM until I reboot - although this is probably just a lock cleanup.

I am using the most recent VirtualBox version 5.1.26r117224. I even deleted VirtualBox and reinstalled it hoping it might register some new permissions. That didn't seem likely and it in fact didn't help. Any thoughts would be helpful.

[scottgus1]

Please see Minimum info needed, and also Diagnosing VirtualBox Hardening Issues

[terry2016]

The PC "support" (a misnomer if ever there was one) people have replaced the anti-virus software with this sentinalOne stuff. Thus I don't have an anti-virus product to disable.

I do not have Hyper-v. I reinstalled virtualbox again using run as administrator

Info:
VirtualBox: 5.1.26r117224

Host HW: Dell E6540 i7-4810Q 16GB RAM
Host OS: Windows 7 Enterprise SP1 64 bit

Guest OS: Fedora 25 64bit. Was working as recently as this morning. I DO have the Guest Additions installed.

Changes installed today:
Cumulative Service Update for IE 11: KB4034733
2017-08 System updates: KB4034679
Adobe Flash Player: 26.0.0.151
MS Endpoint Protection: KB2461484 (1.248.1294.0, 1.211.303.0, 1.199.3104.0, 1.249.1294.0, 1.199.3104.0)

-------

After the reinstall as administrator the VM still fails to come up. Stuck at 0% complete with:

"Creating process for virtual machine "Fedora 25" (GUI/QT) (1/2)"

[scottgus1]

There probably isn't much we will be able to do about this. The linked 'Diagnosing' tutorial shows the reasons why programs and dll's fail to allow Virtualbox to run. If you can set an exception in whatever security software you have on your employer's PC to allow Virtualbox to run, you may be able to proceed. If your IT department has things locked down, Virtualbox won't run. If you can't work because of this, talk to your manager/boss and the IT dept. Maybe they can let things ease up on your workstation.

[terry2016]

So this means you saw the problem in the logs? I saw the part about apphelp.dll not loading, but I have no idea what that is or if it was actually important. Can you give me any information to pass along? Without VERY specific instructions on EXACTLY what I want they will just say it isn't part of the standard build. The standard build being windows 7 and ms office and... well nope... that's all actually.

[BillG]

I was surprised to see an MS endpoint protection update when you say that your firm is also running SentinelOne. Surely your firm is not running both (which it looks like they are). They are both antimalware products, one by Microsoft and one third party software.

[socratis]

Surely your firm is not running both (which it looks like they are).

Don't forget that Trend Micro is also running. They should definitely consider installing Kaspersky, McAfee and Symantec. At a minimum!


PS. Here's a quick lesson in Greek (sorry, I can't restrain myself) :

• para-noia: From "para" which means close but not in a normal way (think paramilitary, paradox) and "nous" which means logic, reason (think metanoia, dianoia^[1]).

So, paranoia = might seem, but it's against any reasoning. I simply love the mathematical relationships between words...

[1]: Yes, dianetics is derived from that...

[terry2016]

I have observed that their pushes as often as not don't work. I am not surprised virus scanner before last: Trend Micro is still laying around. They replaced MS Lync with the slightly worse Skype for business. Not more than 2/3 of the PCs were successfully migrated. This is fairly typical.

But they probably won't remove MS endpoint. It seems to me the universal view of IT security people is "If I LOCK OUT EVERYTHING I can't lose my job". And I'm sure doing care and feeding on thousands of people that can't remember their email password is pretty much the definition of a terrible job. So we have an uneasy truce. I mostly ignore them and they ignore me.

After all their hardware their rules. But since 99% of everything I do is in virtualBox this is roughly equivalent to having a hard drive failure. Which BTW "I" have backed up: the VM, not windows.

All that said, I got responses on here in an hour or so. My official support ticket with IT hasn't even gotten assigned yet. <Sigh>

If anyone has words I could use other than "I need to run VirtualBox" I would appreciate. I don't know if I just need someone with REAL admin privileges to install virtualBox, or if there is a list of DLLs that need to be authorized, or if I should just abandon all hope now.

[scottgus1]

I wouldn't abandon hope yet. There is no black/white-list for dll's for Virtualbox. If you don't have privileges to set exceptions in the multitude of security products IT has installed, then you will need to make the case to your boss that work can't proceed unless you have Virtualbox. What your boss will say depends on the strength of your case, and his ability to persuade IT.