Hardening Problem

Discussions related to using VirtualBox on Windows hosts.
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Hardening Problem

Post by Mikey13-6 »

Hi

Im unable to start any VMs on my Windows 10 64bit Host. I have logged through the logs and removed any failed DLLs but still not able to get the VMs to load. I have attached 2 logs. I've followed the diagnostics and uninstalled, removed all folders and reg keys, rebooted and reinstalled. Removed AV.

Mike
Attachments
vm1 VBoxHardening.zip
(10.17 KiB) Downloaded 10 times
vm2 VBoxHardening.zip
(10.17 KiB) Downloaded 6 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening Problem

Post by mpack »

VBoxHardening.log wrote: 2280.d88: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume6\Users\MAshley\AppData\Roaming\DisplayFusion\AppHookWIN6064_ef3e6dac-e160-46c7-a2f6-56e821dad128.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume6\Users\MAshley\AppData\Roaming\DisplayFusion\AppHookWIN6064_ef3e6dac-e160-46c7-a2f6-56e821dad128.dll'.
DisplayFusion?
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

sorry thought i had removed that already. Here is the next log file.
Attachments
VBoxHardening.zip
(9.87 KiB) Downloaded 8 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Hardening Problem

Post by socratis »

Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

I've carried out the sfc and dism commands but still getting an error.
Attachments
VBoxHardening.zip
(10.08 KiB) Downloaded 8 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening Problem

Post by mpack »

I deleted your last post containing a new log, since it was essentially identical to the previous one. The important element remaining in your new logs is probably:
VBoxHardening.log wrote: 3710.1938: More than one thread in process
That means that an unidentifed process is still injecting itself into the VirtualBox process space, but the culprit is not one of the common problem apps (not one of the known "adversaries"). Last time I saw this it was a "safe browsing" app installed on the host to filter web pages. In general, look at the list of installed non-MS apps on your host and think about what they do: does this non-Microsoft app need to spy on other apps?

MS standard apps should be safe otherwise lots of people would have your problem. Consider anything bundled by the PC vendor and anything you installed yourself.
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

I think I've found the cause of the issue. Websense, more importantly Forcepoint Triton AP-Endpoint - Direct Connect
The problem is I dont know how to prevent the issue. Websense is required on all machines.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening Problem

Post by mpack »

Well, you'd have to look at how to add an exclusion to WebSense for VirtualBox. If policy prevents you doing that then I'm afraid that'd be a matter between you and the people who set the policy.

I have to say however that, assuming this is a company policy, IMHO it's an odd policy to have. Normally IME this kind of thing is used by parents to protect kids from porn, not by businesses to protect adults from malware (your host AV already does that).
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

we use it to prevent staff accessing social media, personal storage and email those sorts of things. Ive added virtualbox.exe vboxsvc.exe and virtualbox.dll in to the bypass list but still getting the error.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening Problem

Post by mpack »

How did you decide that this application was a likely cause? Did you for example try disabling it entirely and found that VirtualBox then ran?
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

I had to completely uninstall it and remove its reg keys before virtualbox worked. I started with the most common outlined in the FAQs then started on any possibilities I could think of.

Its strange that last week all was working fine, no updates to virtualbox and no updates to websense. Only updates I've done are the usual WSUS ones.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening Problem

Post by mpack »

Mikey13-6 wrote:Its strange that last week all was working fine, no updates to virtualbox and no updates to websense.
Well something changed. Software doesn't behave randomly.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Hardening Problem

Post by socratis »

Mikey13-6 wrote:Only updates I've done are the usual WSUS ones.
That means updates to the system. I would really hate it if this is Microsoft's doing, directly or indirectly...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Mikey13-6
Posts: 8
Joined: 19. Feb 2018, 15:20

Re: Hardening Problem

Post by Mikey13-6 »

mpack wrote: Well something changed. Software doesn't behave randomly.
I know but cant seem to pin down what that could be. I'm running Windows 10 version 1709. I've been through the update notes but nothing is standing out.

I have raised a case with Websense but they are not quick to reply.
BTa
Posts: 1
Joined: 9. Apr 2018, 13:13

Re: Hardening Problem

Post by BTa »

have you got any response from Websense ? did they provided any new client ?

BT
Post Reply