Hello,
How do we work with the hardening to allow modern versions of VirtualBox to play nice with enterprise environments, including Symantec and PowerBroker? These tools cannot be removed or bypassed and are governed by security.
Since they can't be turned off on the many machines that need them, we are in a pickle here. Suggestions?
Using VirtualBox in a corporate environment - hardening
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: Using VirtualBox in a corporate environment - hardening
That's the "misconception". Because they're security-based products they get free reign over everything and anything in the system. Including snooping around where they shouldn't and trying to inject themselves into 3rd party processes without asking.Jedis wrote:These tools cannot be removed or bypassed and are governed by security.
And that would be just fine, as long as they were properly signed. But they're not! And that's the problem. VirtualBox does not kick out any process that tries to inject itself into the VirtualBox process, that would be insane! What is sane and it's the sanity check known as Hardening, is that:
- If something tries to inject itself in my process, it better have a valid certificate in the Windows certificate database.
Talk to Symantec and PowerBroker. Tell them that when they update their ... stuff over the internet (cause it's so much easier these days) that they shouldn't neglect to update the Windows certificate database. That seems to be the biggest lapse in judgement these days. They update their engine, they forget to tell the "hotel owner".
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.