Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.

Discussion of Problems due to Hardened Security

Postby mpack » 14. May 2015, 10:36

This topic is now closed. The conclusions have been boiled down to a short tutorial in the "Howtos and Tutorials" area: Howto: Diagnosing VirtualBox Hardening Issues. If you don't find a solution there then open a normal question topic in the "Windows Hosts" forum and remember to include a zipped attachment containing your VBoxHardening.log file.

----------------------------- Original Text ------------------------------------------

Continuation of https://forums.virtualbox.org/viewtopic.php?f=6&t=66639 for VirtualBox version 4.3.28 and later.

This topic is specifically for Windows users that may still have issues seen in version 4.3.28 and later caused by security being strengthened.

If you want to be taken seriously you need to post a few items as attachments (compressed is preferred)

    1) Host OS and version
    2) VBoxStartup.log (zipped) [from VBox 5.0.6 this file is now called "VBoxHardening.log"]
    3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.

As in the previous (4.3.14 through 4.3.26) discussions, the purpose of this topic is to gather diagnostic data needed to solve the hardening issues, and nothing else. Wibble posts, opinion posts, and posts that don't include necessary diagnostics will most likely be deleted. If a test build is created then you'll be expected to have tried it before you post.

Please be explicit about errors. Don't say "same as xxxxx". See list above for what's required.

Test builds (when available) can be found here: https://www.virtualbox.org/wiki/Testbuilds
mpack
Site Moderator
 
Posts: 30014
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Postby Gaetan » 14. May 2015, 11:32

Hi,

Windows 2008 R2 Standard SP1
Mc Afee Security As A Service 6.0.3.

Evrything was fine with VirtualBox 4.3.26.
I normally stop my Suse VM, hosted with my Windows 2008 R2 Standard.
I upgrade from 4.3.26 to 4.3.28, I saw, as I was installing from a terminal server, that I lost my session. Going to the screen of Win2008 physical host, reboot my Win 2008 Host as requested at the end of the virtualbox upgrade.

When starting my VM, I've got :

"VirtualBox - Error In supR3HardenedWinReSpawn".
Ntcreatefile(\device\VBoxDrvStub) failed : 0xc0000034
STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
Drivers is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about it's state. Rebooting may actually help. (rc=101).
Make sure the kernel module has been loaded successfully.


C:\Program Files\Oracle\VirtualBox>sc query vboxdrv

SERVICE_NAME: vboxdrv
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 2 (0x2)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

[EDIT] : Between update from 4.3.26 to 4.3.28, I applied Windows update with 12 importants updates.
Attachments
VBoxStartup.zip
(2.67 KiB) Downloaded 802 times
Last edited by Gaetan on 14. May 2015, 14:02, edited 1 time in total.
Gaetan
 
Posts: 2
Joined: 14. May 2015, 11:18

Re: Windows 4.3.28 Specifically for errors due to Security

Postby Gaetan » 14. May 2015, 13:23

Works fine now, when removing Windows Update KB3004394. Not necessary to reboot the host, just re-run VirtualBox.
Problem is solved, sorry.
Last edited by Gaetan on 14. May 2015, 14:01, edited 2 times in total.
Gaetan
 
Posts: 2
Joined: 14. May 2015, 11:18

Re: Windows 4.3.28 Specifically for errors due to Security

Postby loukingjr » 14. May 2015, 13:36

Gaetan wrote:Works fine now, when removing KB3004394.
Problem is solved, sorry.

FWIW, you had a problem, you found the solution and you fixed it on your own. You let others know who may have the same problem. You should be proud, not sorry. It would be great if more users did that.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
loukingjr
Volunteer
 
Posts: 8827
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Postby ikar.us » 14. May 2015, 20:55

Well, he found a workaround.
That's great, of course.
But removing a regular windows update is a workaround, not a solution.
ikar.us
 
Posts: 48
Joined: 26. Aug 2010, 01:40
Location: Baden
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: Debian u.a.

Re: Windows 4.3.28 Specifically for errors due to Security

Postby nickrobert » 14. May 2015, 20:59

I tried 4.3.28 with no luck. I believe the issue may be the BeyondTrust PowerBroker SW noted below, but I cannot remove it from my corporate laptop. Let me know if I can provide more info for troubleshooting. Details:

VBox version: 4.3.28r100309
Host OS: Win 7 Enterprise SP1
Host AV, etc.:
-- McAfee VirusScan Enterprise 8.8.04001
-- McAfee Agent 4.8.0.1500
-- BeyondTrust PowerBroker Desktops Client for Windows 6.5.1.23
-- OPNET Application Capture Agent 3.9
-- Cisco NAC Agent 4.9.0.33

Zipfile with startup log is attached
The VM is running RHEL5 64-bit. Error message below:

Failed to open a session for the virtual machine Kickstart_4.7.1.

The virtual machine 'Kickstart_4.7.1' has terminated unexpectedly during
startup with exit code -1073741819 (0xc0000005). More details may be
available in 'x:\xx\VirtualBox
VMs\Kickstart_4.7.1\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
Attachments
VBoxStartup.zip
(6.85 KiB) Downloaded 212 times
nickrobert
 
Posts: 2
Joined: 16. Apr 2015, 22:55

Re: Windows 4.3.28 Specifically for errors due to Security

Postby loukingjr » 14. May 2015, 21:17

ikar.us wrote:Well, he found a workaround.
That's great, of course.
But removing a regular windows update is a workaround, not a solution.

The solution has to come from Microsoft. Just as they fixed a number of bad updates in the past two months.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
loukingjr
Volunteer
 
Posts: 8827
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Postby DeepChange » 14. May 2015, 22:07

Not only the driver fails, but also the Oracle_VM_VirtualBox_Extension_Pack-4.2.28-97679.vbox-extpack is broken because it is marked as version 4.3 not the expected 4.2 :o; this is a frustrating waste of time :( because I'll have to kill 4.28 at work and at home, and reinstall 4.26 which does work.

From my viewpoint, the VirtualBox failures seem to be getting more frequent... may I suggest need better "resources" allocated to dev and QA to minimise :roll: and :evil:
DeepChange
 
Posts: 1
Joined: 14. May 2015, 21:53

Re: Windows 4.3.28 Specifically for errors due to Security

Postby loukingjr » 14. May 2015, 22:11

DeepChange wrote:Not only the driver fails, but also the Oracle_VM_VirtualBox_Extension_Pack-4.2.28-97679.vbox-extpack is broken because it is marked as version 4.3 not the expected 4.2 :o; this is a frustrating waste of time :( because I'll have to kill 4.28 at work and at home, and reinstall 4.26 which does work.

From my viewpoint, the VirtualBox failures seem to be getting more frequent... may I suggest need better "resources" allocated to dev and QA to minimise :roll: and :evil:

You seem very confused. The current version of VirtualBox is 4.3.28 as is the extension pack. Which btw, is what this thread covers.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
loukingjr
Volunteer
 
Posts: 8827
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Postby fsvl » 15. May 2015, 04:15

Oracle VirtualBox 4.3.28r100309 on
MS-Windows 7 Professional SP1 64-bit (updated yesterday - without the validation components in Windows Activation Technologies for Windows 7)
with:
- BeyondTrust PowerBroker Desktop Client
- McAfee Agent and VirusScan Enterprise
- Tumbleweed Desktop Validator
See f6_t67840.txt in attached Logs.zip archive for software version details and VBoxStartup.log for exact error messages.

Failed to open a session for the virtual machine guest.

The virtual machine 'guest' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in '...\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Get messages for manu DLLs in VM Guest Log file (see VBoxStartup.log in attached Logs.zip):
supR3HardenedScreenImage/Imports, supR3HardenedScreenImage/NtCreateSection and supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on ...dll [lacks WinVerifyTrust]
supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1977 ms, the end);
supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2599 ms, the end);

Failure occurs on first guest startup (after creating the first guest after a fresh first time installation of VirtualBox - no guest OS installed yet) and tried different guest configurations.

Thanks
Attachments
Logs.zip
See VBoxStartup.log for Logs and f6_t67840.txt for more SW version details.
(8.22 KiB) Downloaded 108 times
fsvl
 
Posts: 1
Joined: 15. May 2015, 04:02

Re: Windows 4.3.28 Specifically for errors due to Security

Postby rnewman » 15. May 2015, 15:00

Hello,
No go with the latest build, yet again...

OS - Win7 Professional 64bit - SP1
Trendmicro Office Scan - 11.0.1454
Virtualbox - 4.3.28

Screen shot and startup log attached.

I am happy to assist with debugging. Are there any switches or process that would provide additional diagnostic information?

Thanks,
Richard
Attachments
VirtualBox-4.3.28.zip
(222.25 KiB) Downloaded 217 times
rnewman
 
Posts: 37
Joined: 11. Sep 2014, 19:58

Re: Windows 4.3.28 Specifically for errors due to Security

Postby mpack » 15. May 2015, 15:02

Perhaps you should try installing different AV software?
mpack
Site Moderator
 
Posts: 30014
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Postby rnewman » 15. May 2015, 17:08

Sorry, I'd love to install different AV, but that's not possible on this machine.
I'd like to assist and get this working with Trend as it is one of the prominent vendors in the market.

Having now followed this issue for over a year, and with still so many posts with similar issues, maybe the methodology for the new hardening feature needs to be revisited.
We in the security field applaud this effort and are glad that it is important. However, there are different ways to accomplish the same goal.

-Richard
rnewman
 
Posts: 37
Joined: 11. Sep 2014, 19:58

Re: Windows 4.3.28 Specifically for errors due to Security

Postby slovenec » 18. May 2015, 10:22

Hi,

I'm also having problems with VirtualBox 4.3.28 for Windows hosts. After I install VB and create virtual machine I can't start it and I get error:

VB_error.PNG
VB_error.PNG (26.66 KiB) Viewed 64571 times

VB_error2.PNG
VB_error2.PNG (40.49 KiB) Viewed 64571 times


Host machine is on Win7 Pro SP1 with all updates etc. (work laptop). As antivirus I use Sophos and ofc I can't change that, company policy. Log is in attach.

If someone could help me with this problem I would appreciate it.

LOG:

VBoxStartup.zip
(1.85 KiB) Downloaded 233 times
slovenec
 
Posts: 1
Joined: 18. May 2015, 09:35

Re: Windows 4.3.28 Specifically for errors due to Security

Postby Tyco_Phil » 18. May 2015, 17:09

A while ago I had virtualbox running fine, with a number of different guests, except for usb flash drive in guests. I installed a newer version of virtualbox to see if that would fix it and instead my VMs would not start. I uninstalled the newer version and went back to the previous version. Same problem exists! I have uninstalled and removed all VMs and nothing has worked. My IT department had made some Group Policy changes in the meantime.

After looking on the forums I checked for KB3004394, found it, uninstalled it, no difference, reinstalled VirtualBox, no difference, still getting same error.

First error message:
Failed to create the VirtualBox COM object.
The application will now terminate.
Details:
Callee RC: E_INVALIDARG(0x80070057)

Follow up error message:
Failed to open a session for the virtual machine test.
The virtual machine 'test' has terminated unexpectedly during startup with exit code 1(0x1).
Details
Result Code:E_FAIL( 0x8000405)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

I am running on a company Win 7 SP1 PC with Administrator rights running McAfee Agent, McAfee DLP Endpoint, McAfee SiteAdvisor Enterprise Plus, McAfee VirsuScan Enterprise + AntiSpyware Enterprise.

VirtualBox is running in Compatibility Mode (Vista SP2).
Attachments
VBoxStartup.zip
(27.09 KiB) Downloaded 165 times
VBoxSVC.log
(2.3 KiB) Downloaded 123 times
Tyco_Phil
 
Posts: 1
Joined: 18. May 2015, 16:52

Next

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: socratis and 17 guests