Windows 4.3.20 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.
Cerberus
Posts: 2
Joined: 11. Feb 2015, 18:38

Re: Windows 4.3.20 specifically for errors due to security

Post by Cerberus »

Hi,

I've inherited a new machine and I'm unable to get a VM to start. The symptoms I'm seeing are similar to others in this thread, but if this isn't a security issue, please let me know which thread can help me.

Windows 7 Enterprise Serpvice Pack 1
Symantec Enpoint Protection 12.1.5337.5000
VirtualBox 4.3.20 r96997

Log is attached. Please let me know if you need other info.

Thanks!
Attachments
VBoxStartup.zip
(3.83 KiB) Downloaded 39 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

Hmm. Win7 32bit host. Three guesses what the problem is.
cerberus.startup.log wrote: 1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
Cerberus
Posts: 2
Joined: 11. Feb 2015, 18:38

Re: Windows 4.3.20 specifically for errors due to security

Post by Cerberus »

It's a 64 bit host. Looking at past posts on this error is conflicting. Some say it's Symantec (I did add an exception), others say it's various windows updates (Windows shows up-to-date).
mpack wrote:Hmm. Win7 32bit host. Three guesses what the problem is.
cerberus.startup.log wrote: 1b10.858: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: Windows 4.3.20 specifically for errors due to security

Post by MikeDiack »

To Cerberus:
I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes. Try uninstalling SEP and see if the problem goes away - I'm certain it will - if so, please report your findings here. Adding an exclusion For Virtual Box, may or may not help, the posts haven't been 100% clear that way.
Petr Vones
Posts: 89
Joined: 27. Dec 2012, 01:20
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 10 64-bit
Location: Czech Republic

Re: Windows 4.3.20 specifically for errors due to security

Post by Petr Vones »

MikeDiack wrote:I'm not a technical expert, but I'd be 99% certain it's due to Symantec Endpoint Protection - as many of the posts show - this is incompatible with the current and many recent Virtual Box builds (most of the builds since July 2014), typically due to SEP's injection of sysfer.dll in all processes.
Have you tried this: How to create an Application Control exception or stop sysfer.dll injection into a process with SEP http://www.symantec.com/business/suppor ... HOWTO95454 ?
rnewman
Posts: 37
Joined: 11. Sep 2014, 19:58

Re: Windows 4.3.20 specifically for errors due to security

Post by rnewman »

Hello,
No go with the latest build.

OS - Win7 Professional 64bit - SP1
Trendmicro Office Scan - 11.0.1454
Virtualbox - 4.3.21-98193

Screen shot and startup log attached.

-Richard
Attachments
VirtualBox-4.3.21-98193.zip
(191.42 KiB) Downloaded 55 times
mongorian
Posts: 15
Joined: 27. Aug 2012, 18:51

Re: Windows 4.3.20 specifically for errors due to security

Post by mongorian »

Hi All -

I have posted previously on this issue and I have the problem with SEP where the process is never able to launch (instead you get the "progress" window that never leaves 0%). I saw the Symantec post earlier on (and referenced recently above) about how to correct this problem, but this being an enterprise owned and controlled system I do not seem to have access to any of these exception options.

Does anyone have any idea of any other way to workaround this issue, within the confines of an enterprise managed SEP installation? I do have Adminstrator privileges, but SEP is still locked down for me.
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: Windows 4.3.20 specifically for errors due to security

Post by MikeDiack »

Hi mongorian

In short, currently SEP is pretty much incompatible with VBox (versions 4.3.14 and later up to the current build 4.3.20)

In more detail:
Sadly no. For those of us in SEP systems in managed environments, where we cannot control the the locked downness of SEP with application controls, then current (and most builds going back to 4.3.14) of Virtual Box simply don't work with SEP 12.1.
It's really frustrating. I've contacted Symantec support to point this out, as well as posting here, as have many others. I have had a thought about an experiment I may try soon that may help though. I will let you know of the results.

Mike
Jacob Klein
Posts: 696
Joined: 20. Nov 2013, 01:07

Re: Windows 4.3.20 specifically for errors due to security

Post by Jacob Klein »

Note: Oracle VirtualBox v4.3.22 Build 98236 ... was publicly released yesterday.
You should test against this, as the new baseline.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.20 specifically for errors due to security

Post by mpack »

Per the previous post, the new 4.2.22 security discussion topic is here.

Locking this one.
Locked