4.3.14 conflicts with anti-virus packages.

Discussions related to using VirtualBox on Windows hosts.
Locked
Liquor
Posts: 2
Joined: 29. Jul 2014, 15:24

Re: 4.3.14 conflicts with anti-virus packages.

Post by Liquor »

bird wrote:
Liquor wrote:Keep getting the following error when trying to start up my vm:

VirtualBox - Error In supR3HardenedWinReSpawn

Error relaunching VirtualBoxVM process:5
Command line: '81954AF5-4D2F-31EB-A142-B7AF187A1C41-suplib-2ndchild
--comment "Windows 2008 Server" -- startvm 85d80462-
fee4-4258-840e-52719bfc8120--no-start-vm-errormsgbox' (rc=-104)
<snip><snip>
I would recommend trying the test build I posted earlier today:

Kind Regards,
bird.

You sir, are a true gentleman, a scholar, a freakin paragon of the interwebs. Thank you. Thank you. If I sent out Christmas cards, you would be at the top of the list. Thank you.
PennyPincher
Posts: 1
Joined: 30. Jul 2014, 02:53

Re: 4.3.14 conflicts with anti-virus packages.

Post by PennyPincher »

Ongoing issues launching a test VM on a fresh install of Virtualbox

Host OS: Win 7 Pro x64
Virtualbox build: 4.3.15-95286-Win
Using Appsense & Symantec endpoint protection
virtualbox error message
virtualbox error message
2014-07-30 10_59_11-VirtualBox - Error.jpg (28.93 KiB) Viewed 8947 times
VBoxStartup Logfile attached.

Hope this helps, cheers.
Attachments
VBoxStartup.log
VBoxStartup log file
(26.67 KiB) Downloaded 79 times
poncho524
Posts: 50
Joined: 5. Mar 2008, 17:38

Re: 4.3.14 conflicts with anti-virus packages.

Post by poncho524 »

jefke wrote:
BMN233 wrote:
bird wrote:I would recommend trying the test build I posted earlier today: https://www.virtualbox.org/download/tes ... 86-Win.exe

Kind Regards,
bird.
Any chance someone can give us a change-log and explain exactly what is VB doing to the AV/FW protection modules and it's effect system-wide?

P.S. Is it disabling them just for itself or for the system? Also what are the chances another program can use them to hide itself from the installed AV/FW?

P.P.S. Still not ruining with 95286. On clean W7 x64 (SP1 + all updates), ESET, Outpost, Switchable Intel/NVIDIA GPU.
I don't think their will be a statement by Oracle coworkers regarding this "AV-disabling". According to what I learned, they can't see a difference between a malicious and valid DLL-injection, since both malware and AV-packages use the same techniques.
Therefore, I think you can already guess for yourself what they will do to handle this...
If you know that both the good and the bad guys use the same techniques, but you can't make a distinction software-wise if you're dealing with a good guy or a bad guy, what would you do? So I guess you have your answer.
Luckily for all of us, VBox is Open Source. So have a look and see what they're changing...

https://www.virtualbox.org/browser/vbox ... ss-win.cpp
poncho524
Posts: 50
Joined: 5. Mar 2008, 17:38

Re: 4.3.14 conflicts with anti-virus packages.

Post by poncho524 »

poncho524 wrote:
BMN233 wrote:Any chance someone can give us a change-log and explain exactly what is VB doing to the AV/FW protection modules and it's effect system-wide?

P.S. Is it disabling them just for itself or for the system? Also what are the chances another program can use them to hide itself from the installed AV/FW?

P.P.S. Still not ruining with 95286. On clean W7 x64 (SP1 + all updates), ESET, Outpost, Switchable Intel/NVIDIA GPU.
Luckily for all of us, VBox is Open Source. So have a look and see what they're changing...

https://www.virtualbox.org/browser/vbox ... ss-win.cpp
Looks like they're doing a white-list based on names/paths and signatures. If anything doesn't match, it throws a fit.
trekkie0
Posts: 14
Joined: 3. Jan 2014, 08:23

Re: 4.3.14 conflicts with anti-virus packages.

Post by trekkie0 »

I suppose I should add what it spit out at me:

Error in supR3HardenedWinInstalHooks
Failed to install NtCreateSection monitor: ff 25 90 4e 2a 0 0 0 f 5 c3 f 1f 44 0 0
(rc=-8)

I suspect Comodo Antivirus might be blocking this one, since I know it looks at DLL injections and other things.

Update: I should point out that this is the version 14 build, I haven't tried 15.

Update Update: Version 15 spits out no errors on start up. I've started a Linux Mint guest and I have no errors yet.
~Love Life and Prosper~
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: 4.3.14 conflicts with anti-virus packages.

Post by MikeDiack »

Build 4.3.15 bld 95286 (3rd test build) now works for me on Symantec Endpoint 12.1 and Comodo Interenet Security 7.0 on Windows 7 SP1 x64

AND

I do not get the Windows 7 SP1 x86 Guest machine (with Guest additions 4.3.15 95286) hanging on shutdown IF I have the guest additions installed and full aero level Direct 3D support installed.

WITH ONE EXCEPTION:
Although the guest machine DOES hang if I use Teamviewer from a remote PC to connect to the host machine and run the guest machine that way - presumably due to DLL injection by Teamviewer? - This was not the case in 4.3.12

So, good progress!

Mike
Last edited by MikeDiack on 30. Jul 2014, 15:24, edited 1 time in total.
cwahlgren
Posts: 17
Joined: 10. Jul 2014, 17:24
Primary OS: Linux other
VBox Version: PUEL
Guest OSses: CentOS 5,6,7
Location: Stockholm, Sweden

Re: 4.3.14 conflicts with anti-virus packages.

Post by cwahlgren »

Today I got my first BSOD "PFN_LIST_CORRUPT" on my Windows 7 when I clicked Start on a Saved VM with VB 4.3.15-95286. The Restoring progress bar had just started to move and then I got BSOD.
VB-4.3.15-95286_VM_start_BSOD.png
VB-4.3.15-95286_VM_start_BSOD.png (24.9 KiB) Viewed 8881 times
After the reboot I could start the VMs without a problem. I've had about the same usage scenarios everyday for the last year with VB as I had from yesterday and today: save my VMs, put my laptop to Sleep over night, wake the laptop up from sleep and then start my VMs.

Yesterday I did a couple of manual reboots after the re-installation of VB 4.3.15-95286 and had thereafter no problem starting the VMs - until today.
jefke
Posts: 21
Joined: 15. Aug 2012, 16:17

Re: 4.3.14 conflicts with anti-virus packages.

Post by jefke »

Am I the only one still having the issue of slow VM starting with the latest test build? (since I see no one else mentioning it)
Or is this indeed because it's still full of debug code?
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: 4.3.14 conflicts with anti-virus packages.

Post by MikeDiack »

Hi jefke,

No you're not the only one with a 10ish seconds delay when starting a VM with the 4.3.15 builds - myself and others have commented on this also.

Mike
virtualsean
Posts: 2
Joined: 30. Jul 2014, 16:05

Re: 4.3.14 conflicts with anti-virus packages.

Post by virtualsean »

I am currently trying to run a Virtualbox 4.3.15-95286 x64 host with a Mint Linux 17 x64 guest. This is causing Virtualbox 4.3.14+ to fail launching any of my existing VMs with the same E-FAIL (0x800040005) error posted earlier. I am assuming this is another application that performs dll injection?
Attachments
VBoxStartup - Mint 17.log
(36.76 KiB) Downloaded 40 times
pillainp
Posts: 16
Joined: 24. Jul 2014, 07:45

Re: 4.3.14 conflicts with anti-virus packages.

Post by pillainp »

Installed the latest test build - 4.3.15 r95286.

Now I am only getting 32-bit versions of guest OS'es in the OS list, whether I choose Windows or Linux as the host.

I tried installing the extension pack from 4.3.14, but no go.

VBox will not allow me to select a 64-bit OS as guest.
Yikes2000
Posts: 4
Joined: 21. Jun 2014, 00:37

Re: 4.3.14 conflicts with anti-virus packages.

Post by Yikes2000 »

virtualsean wrote:I am currently trying to run a Virtualbox 4.3.15-95286 x64 host with a Mint Linux 17 x64 guest. This is causing Virtualbox 4.3.14+ to fail launching any of my existing VMs with the same E-FAIL (0x800040005) error posted earlier. I am assuming this is another application that performs dll injection?
Do you have Extension Pack 4.3.14 installed? I got that error until I installed 4.3.14 Extension Pack.
Anunes
Posts: 71
Joined: 17. Jul 2014, 18:49

Re: 4.3.14 conflicts with anti-virus packages.

Post by Anunes »

BMN233 wrote:
Any chance someone can give us a change-log and explain exactly what is VB doing to the AV/FW protection modules and it's effect system-wide?

P.S. Is it disabling them just for itself or for the system? Also what are the chances another program can use them to hide itself from the installed AV/FW?

P.P.S. Still not ruining with 95286. On clean W7 x64 (SP1 + all updates), ESET, Outpost, Switchable Intel/NVIDIA GPU.
I am, I think most of users are, very interested on some explanation about the this questions.
Until I have made clear my self about this questions, I will not upgrade to newer versions.
So please make a statment in clear text about this.
Thank you.
StenlyTvidl
Posts: 2
Joined: 28. Jul 2014, 14:13

Re: 4.3.14 conflicts with anti-virus packages.

Post by StenlyTvidl »

Another LOG file from another computer (Win7 + Microsft Security Essentials)
Using version 4.3.15-95226

The error window:
Failed to create a new session.
Error code of the method: REGDB_E_CLASSNOTREG (0x80040154)

Then this:
Failed to open a session for the virtual machine Mageia41.
The virtual machine 'Mageia41' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C: \ Users \ HOME \ VirtualBox VMs \ Mageia41 \ Logs \ VBoxStartup.log'.
Error code: E_FAIL (0x80004005)
component: Machine
interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.zip
(14.37 KiB) Downloaded 43 times
virtualsean
Posts: 2
Joined: 30. Jul 2014, 16:05

Re: 4.3.14 conflicts with anti-virus packages.

Post by virtualsean »

Yikes2000 wrote:Do you have Extension Pack 4.3.14 installed? I got that error until I installed 4.3.14 Extension Pack.
Yes, I have installed Extension Pack 4.3.14. The error in the log file is "Not a trusted location," so it looks like VB doesn't like some of the software running on my machine.

Thanks for the suggestion. I know this will get worked out in due time.
Locked