Using VirtualBox in a corporate environment - hardening

[Jedis]

Hello,

How do we work with the hardening to allow modern versions of VirtualBox to play nice with enterprise environments, including Symantec and PowerBroker? These tools cannot be removed or bypassed and are governed by security.

Since they can't be turned off on the many machines that need them, we are in a pickle here. Suggestions?

[socratis]

These tools cannot be removed or bypassed and are governed by security.

That's the "misconception". Because they're security-based products they get free reign over everything and anything in the system. Including snooping around where they shouldn't and trying to inject themselves into 3rd party processes without asking.

And that would be just fine, as long as they were properly signed. But they're not! And that's the problem. VirtualBox does not kick out any process that tries to inject itself into the VirtualBox process, that would be insane! What is sane and it's the sanity check known as Hardening, is that:

• If something tries to inject itself in my process, it better have a valid certificate in the Windows certificate database.

So, to answer your original question, things could work. As far as I know, it's actually Oracle's policy to have one of the major antivirus installed on each and every computer. The developers have to work with such a pest tool every day, so, yeah, it's doable.

Talk to Symantec and PowerBroker. Tell them that when they update their ... stuff over the internet (cause it's so much easier these days) that they shouldn't neglect to update the Windows certificate database. That seems to be the biggest lapse in judgement these days. They update their engine, they forget to tell the "hotel owner".