virtualbox.org

[Bill Hunsicker]

Hi Everyone,

I have been having an issue starting up a Red Hat RHEL7 Linux VM on a Win7 Citrix VDI. We tracked down the first problem and removed the virus protection that was conflicting. I have run through all the items listed on the Diagnosing Hardening Issues and nothing pops out as a problem. The RHEL image works on our Mac, and Win10 systems without a problem. We also recreated a brand new Win7VDI system and the RHEL VM starts up there. It is only on a system we have fully loaded for our developers where this seems to be a problem.

Getting this error (pretty generic):
The virtual machine 'Red_Hat_Dev' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\{USERNAME}\VirtualBox VMs\Red_Hat_Dev\Logs\VBoxHardening.log'.
Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

Any assistance on getting this running would be appreciated. Let me know if I missed any information needed to help debug and I will provide it.

[mpack]

The FAQ which I assume you're referring to is FAQ: Diagnosing VirtualBox Hardening Issues.

According to the provided log you still have "Cylance Protect" installed, which has become a bit of red flag around here. I suggest that you Google for ""Cylance Protect" site:forums.virtualbox.org".

[Bill Hunsicker]

Hi MPack,

Thanks for the reply. I had our CyLance admins remove Cylance from my system and we tested VBox starting the Red Hat VM. We got the same problem, but with out CyLance PROTECT listed in the log file. Any other suggestions I can try?

[Bill Hunsicker]

Ok, here is an update.

It turns out the Beyond Trust's Power Broker Client for Windows is the culprit. There are two system DLL files that PB seems to overwrite with PB versions. Once I unloaded PB, everything seems to work as expected.

Is there a way to exclude the files from the Hardening check?
Thanks
Bill

[mpack]

Is there a way to exclude the files from the Hardening check?

No. That would create obvious openings for malware. If "Beyond Trust" hacks a system DLL then they must re-sign the hacked version, that is the only allowed option.