Virtual box 5.2.6 Windows 10 Enterprise 16299 build not working

[sony.thumm]

Hi,

I have a Windows 10 Enterprise edition 64 bit laptop [16299]. Trying to launch an existing image with the latest VirtualBox [5.2.6] gives the following error. I have tried reinstalling Virtual box multiple times. Any help appreciated.

VERR_SUP_VP_THREAD_NOT_ALONE (-5640) - Process Verification Failure: The process has more than one thread.

Failed to open a session for the virtual machine dev....

The virtual machine 'dev' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\su\VirtualBox VMs\d\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {85cd948e}

VBoxHardeningLog:

2264.1e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [lacks WinVerifyTrust]
2264.1e5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2264.1e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa6d090000 'C:\WINDOWS\system32\ole32.dll'
2264.1e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [lacks WinVerifyTrust]
2264.1e5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2264.1e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4e400000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
2774.2ca0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 796494 ms, the end);

[mpack]

Launching VirtualBox or launching a VM? That error message looks like the latter.

Partial logs are not acceptable. Zip the entire VBoxHardening.log and attach the zip here.

[sony.thumm]

Thanks, I have attached the complete log file. The issue is seen when the VM is launched (I've updated the original msg). VirtualBox itself comes up fine. I am unable to open existing images and also see the same error when creating a brand new image with the latest Lubuntu 17.10.1 Desktop ISO and opening it.

Things I have already tried without success:
- ensure virtualization is enabled in BIOS
- hyper-v feature disabled
- uninstalled malwarebytes (but didn't seem to make a difference)
- reinstalled VirtualBox (using Run as Administrator) after shutdown (and waiting) several times (deleted ~/.virtualbox and extension /Program Files/Oracle completely before installing fresh)

[socratis]

- uninstalled malwarebytes (but didn't seem to make a difference)

No, you didn't:

Code: Select all

32e0.a70: NtOpenDirectoryObject failed on \Driver: 0xc0000022
32e0.a70: supR3HardenedWinFindAdversaries: 0x20080
32e0.a70: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
32e0.a70:     CreationTime:    2018-02-17T00:07:24.554433100Z
32e0.a70:     LastWriteTime:   2018-02-17T02:13:37.725810600Z
32e0.a70:     ChangeTime:      2018-02-17T02:13:37.725810600Z
32e0.a70:     FileAttributes:  0x20
32e0.a70:     Size:            0x2eed8
32e0.a70:     NT Headers:      0xe0
32e0.a70:     Timestamp:       0x55b855d9
32e0.a70:     Machine:         0x8664 - amd64
32e0.a70:     Timestamp:       0x55b855d9
32e0.a70:     Image Version:   6.1
32e0.a70:     SizeOfImage:     0x33000 (208896)
32e0.a70:     Resource Dir:    0x31000 LB 0x3b8
32e0.a70:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
32e0.a70:     [Raw version resource data: 0x31060 LB 0x354, codepage 0x0 (reserved 0x0)]
32e0.a70:     ProductName:     Malwarebytes Anti-Malware
32e0.a70:     ProductVersion:  0.3.0.0
32e0.a70:     FileVersion:     0.3.0.0
32e0.a70:     FileDescription: Malwarebytes Anti-Malware
32e0.a70: \SystemRoot\System32\drivers\PGDriver.sys:
32e0.a70:     CreationTime:    2018-02-06T19:23:01.209398300Z
32e0.a70:     LastWriteTime:   2017-06-22T18:50:20.000000000Z
32e0.a70:     ChangeTime:      2018-02-17T12:15:33.808110700Z
32e0.a70:     FileAttributes:  0x20
32e0.a70:     Size:            0x8490
32e0.a70:     NT Headers:      0xf8
32e0.a70:     Timestamp:       0x59394114
32e0.a70:     Machine:         0x8664 - amd64
32e0.a70:     Timestamp:       0x59394114
32e0.a70:     Image Version:   6.3
32e0.a70:     SizeOfImage:     0xb000 (45056)
32e0.a70:     Resource Dir:    0x9000 LB 0x430
32e0.a70:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
32e0.a70:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
32e0.a70:     ProductName:     Avecto Defendpoint
32e0.a70:     ProductVersion:  2017.06.08.1
32e0.a70:     FileVersion:     2017.06.08.1
32e0.a70:     SpecialBuild:    D
32e0.a70:     FileDescription: Defendpoint Driver

Clean up your system please...

[mpack]

I still see MalwareBytes in the log, and something called Avecto DefendPoint. A foreign thread executing in the VirtualBox process space is IMHO going to be either AV or a debugger, and I assume you're not running a debugger.

As a test you could also disable 3D acceleration.

[sony.thumm]

Thanks. I did uninstall Malwarebytes but it seems to have gotten re-installed again. Avecto Defendpoint is probably the culprit as you mentioned. I am seeing other threads related to this here. But since this is not a personal laptop I don't have much control over disabling/uninstalling certain software. I'll see if the corporate sys admins can do anything about this.

[socratis]

I'll see if the corporate sys admins can do anything about this.

If they (or you) want to understand why this is happening and that it's not VirtualBox's fault, point them to "Diagnosing VirtualBox Hardening Issues".