Windows 10 v1809 - Defender Core Isolation-Memory Integrity - Blocks VirtualBox 6.x VM load

[Weeble]

For anyone having the following problems on Windows 10 v1809 with VirtualBox 6.x (I have 6.04):
- Start any VM, you get a black screen with a blinking or solid white cursor at upper left of your VM display window
- You cannot close the "hung" VM gracefully, and have to hit the X at upper right several times or force terminate from task manager or command line (taskkill)
- When you force close the hung VM window, the VM ends up in an "Aborted" state
- No matter what settings you try to make from display, 3D/2D, VMSVGA, paravirtualization, network on/off, NOTHING helps

To Resolve this, open Windows Defender and View Security Dashboard > at left, choose Device Security > Core Isolation details > and turn Memory Integrity OFF (a computer reboot is REQUIRED to complete this action!)

The reason this feature causes problems is clearly due to an unfortunate conflict between this Defender feature and VirtualBox. Which one is at fault is not at all clear (at least not to me at this time). The stated purpose of this feature is to "Prevent attacks from inserting malicious code into high-security processes", but it does this by using "virtualization-based security" which to me means sandboxing. Such that maybe because of the way this feature works, it prevents vital internal VirtualBox components or already memory-resident (pre-loaded) parts of VirtualBox from talking to one another (such as not able to access parts of the program loaded in memory, preventing proper functionality during VM load) - again just my theory and not a deeply technical one at that. (You can read more about this feature by going to the "Learn more" link under Memory integrity, it will take you to a MS web page).

Now...all of that said about VirtualBox, I want to point out that I only recently enabled this defender memory integrity feature and I believe that this *may* have contributed to a total system failure I experienced as follows:
- Suddenly without any prior warning, errors, or log entries - Windows 10 v1809 will NOT boot, and you get a BSOD every time with "A critical service has failed" message
- I also saw a few BOOTCFG errors at boot time, mainly BOOTCFG file is "corrupt" error messages (during my attempts to troubleshoot)
- If you do a "system check" (I have an HP PC) you might get disk-related errors like "no bootable partition" or on an HP device, BIOSHD-3 errors (means "no bootable drive")
- No matter what you do to try and recover such as boot and go to advanced recovery options, even command line...sfc /scannow, bcdedit, dism, does NOT help
- All attempts to do a system "restore" or "reset" mysteriously fail, they will seem to be almost done, then fail
- Only solution is a complete disk wipe and reinstall of Windows 10 v1809

If anyone else has recently played with this defender memory integrity feature and suffered a catastrophic Windows system failure as described above (in addition to the VirtualBox VM load issues), please let me know. I am not sure whether to convey this Windows-related issue to Microsoft because I am not entirely certain it is caused by Defender's memory integrity feature.

[socratis]

If you've enabled any component that relies on Hyper-V, you should have a look at the VirtualBox 6.0 and Hyper-V thread, you'll quickly recognize that your VM is running slower than slow.

As for the rest of the symptoms, (bootcfg being corrupt, system check failing, etc), I think you might be having actual problems with your Win10 installation, maybe your HD starts failing?

Only solution is a complete disk wipe and reinstall of Windows 10 v1809

That could very well be the remedy for a corrupt Win10 installation.

But I don't think that the Core Isolation, Memory integrity did that, that was independent I believe...

[BillG]

I agree with most of the analysis. "Virtualization-based security" is going to kill VirtualBox, just as Hyper-V, credential guard or device guard do, and for the same reason. Anything in the OS which uses hardware virtualization will prevent VirtualBox from using it.

[PepsiCan]

I ran into this issue as well. I suggest we sticky this thread. For a lot of people it is not obvious that there are Windows functionalities that install and run Hyper-V. In my case, enabling VBS in the background triggered some of the Hyper-V services eventhough none of the Hyper-V components was installed as per Windows Features.