Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

Tyco_Phil wrote:After looking on the forums I checked for KB3004394, found it, uninstalled it, no difference, reinstalled VirtualBox, no difference, still getting same error.
Unfortunately, uninstalling it does not fix the damage already done. You should Google for the correct course of action.
Willthrom
Posts: 1
Joined: 19. May 2015, 13:27

Re: Windows 4.3.28 Specifically for errors due to Security

Post by Willthrom »

Long time ago my VB used to work but not anymore. I installed the latest version today from scratch.

Anytime I tried to start a machine (no matter if it a linux/windows/etc) the following message pops up:

Result Code:
E_FAIL (0x80004005)
Component:
Machine
Interface:
IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}


supHardenedWinVerifyProcess failed with Unknown Status -5663 (0xffffe9e1)


Anti-virus: McAfee
Proxy: BlueCoat.
(Non of these can be disabled/removed)


EDIT: 4.3.12 works although I have problems in this version importing a 5GB appliance file (not memory error, 4GB computer).

Thanks.
Attachments
VBoxStartup.zip
(4.24 KiB) Downloaded 48 times
Last edited by Willthrom on 20. May 2015, 16:00, edited 2 times in total.
ErikDaRed
Posts: 4
Joined: 23. Apr 2015, 19:28

Re: Windows 4.3.28 Specifically for errors due to Security

Post by ErikDaRed »

I'm still having the same

Code: Select all

kernel32.dll [lacks WinVerifyTrust]
issue as with other versions since 4.3.12.

Is there a manual fix to remedy this issue? I've tried removing various KBs which have been mentioned, but I was never able to get anything after 4.3.12 working.

System:
Win 7 Enterprise 64-bit (Fully patched)
Symantec Endpoint Protection 12.1.3001.162
Attachments
VBoxStartup.zip
(3.26 KiB) Downloaded 59 times
ydaluo
Posts: 3
Joined: 1. May 2015, 00:39

Re: Windows 4.3.28 Specifically for errors due to Security

Post by ydaluo »

http://imgur.com/BuTW7Bu

Error:
Failed to open a session for the virtual machine vSRX.

The virtual machine 'vSRX' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\tdobr\VirtualBox VMs\vSRX\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}



same problem with 5.0.0 beta 4

System:
Win10 x64 (fully patched)
Windows defender
Attachments
VBoxStartup.zip
(12.87 KiB) Downloaded 43 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

@ydaluo: Win10 is not a supported host.
MikeSchwartz
Posts: 11
Joined: 27. Mar 2015, 18:02

Re: Windows 4.3.28 Specifically for errors due to Security

Post by MikeSchwartz »

Hi,

I’ve been having this problem since 4.3.14. I was able to reproduce the issue on a completely clean machine running nothing other than VirtualBox 4.3.28 and BeyondTrust PowerBroker Desktops client 5.0 (privman64.dll). No other security software, or in fact any other software of any kind is installed. When I uninstall BeyondTrust, the problem goes away.

Host OS: Windows 7 Enterprise x64 SP1 with no patches
VirtualBox: v4.3.28
Security software: BeyondTrust PowerBroker Desktops client 5.0.0.311
Error:
Failed to open a session for the virtual machine Win 8.1 x64.

The virtual machine 'Win 8.1 x64' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\mike\VirtualBox VMs\Win 8.1 x64\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}


Screenshot and logfile are attached.
Attachments
VBoxStartup.zip
(116.83 KiB) Downloaded 47 times
nick1234
Posts: 1
Joined: 21. May 2015, 21:18

Re: Windows 4.3.28 Specifically for errors due to Security

Post by nick1234 »

I think I can't start VMs anymore since the April 2015 Windows Patchday. I had V4.3.26 on my computer and it worked very well until that day. Neither V4.3.28 nor V5.0 Beta fixed it.
My host is Windows 7 SP1 32 Bit. I've tried different guests but can't start any of them. The attached log is (as well) for a Windows 7 SP1 32 Bit guest.
I have Avira Free Antivirus 15.0.10.434 (product version), 8.03.30.36 (search engine version).
I only use the standard Windows firewall. Visual Studio 2010 is installed but not started.

I had to go back to V4.3.12, which is still working.

Do you need more information?
Attachments
VBoxSVC.log
(4.84 KiB) Downloaded 42 times
VBoxStartup.log
(93.36 KiB) Downloaded 43 times
Error.png
Error.png (21.36 KiB) Viewed 13199 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

@MikeSchwartz: The VBoxStartup.log file you posted does not seem to match your error report. The log doesn't have the error you mention, but does have the windows update certificates corruption effects discussed previously.

Likewise with Nick1234. If you have a corrupted certificates database on the host then you need to be asking on a Microsoft site about it, rather than here. Reinstalling irrelevant software (VirtualBox) will not fix a host OS problem. As a workaround you can revert to 4.3.12, which is the last version not to implement the hardening features, and hence doesn't require the host to have a working certificates database.
ikar.us
Posts: 48
Joined: 26. Aug 2010, 01:40
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: Debian u.a.
Location: Baden
Contact:

Re: Windows 4.3.28 Specifically for errors due to Security

Post by ikar.us »

Might the bold message at the beginning of
viewtopic.php?f=6&t=64777
help?
Points to http://support.microsoft.com/kb/3024777 .
MikeSchwartz
Posts: 11
Joined: 27. Mar 2015, 18:02

Re: Windows 4.3.28 Specifically for errors due to Security

Post by MikeSchwartz »

mpack wrote:@MikeSchwartz: The VBoxStartup.log file you posted does not seem to match your error report. The log doesn't have the error you mention, but does have the windows update certificates corruption effects discussed previously.
I'm at a loss to explain why the log wouldn't match the error report. I've double-checked to make sure the log I uploaded matches the one from my test machine. The last line of the log says "Quitting: ExitCode=0xc0000005" which at least matches the first part of the error message. Can you tell me what specifically you would expect to see in the log that you're not seeing?

I'm also confused about the possibility of corrupted certs. After I captured that log I was able to uninstall BeyondTrust and as soon as I did that, my VirtualBox VM was able to start up without error. I wouldn't think that uninstalling BeyondTrust would repair any corrupted certs. Also, this test machine has a freshly-installed copy of Windows straight from the Microsoft installation media, and has never had Windows Updates run on it.

Thanks,
Mike.
SimplyViewer
Posts: 2
Joined: 22. May 2015, 15:13

Re: Windows 4.3.28 Specifically for errors due to Security

Post by SimplyViewer »

After reading all of these comments, I can assume this is something broken on Microsoft's end, right? It's something they'll have to fix in a future update? Because I'm having the same problem too.

Host: Windows 7
Antivirus: Windows Security Essentials
Debugging programs etc... does Visual Studio 2013 count?

My Windows 7 host had updates over the weekend. After restarting, I decided to fire up Virtualbox the other day and play around with my W10 VM. But I was graciously (or more accurately, "gracelessly") met with the errors attached below. Here is the text of the second one:

Code: Select all

E_FAIL (0x80004005)
Machine
IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}
I've tried uninstalling and reinstalling VB (I'm running 4.3.28), to no avail. Turning off my Antivirus doesn't help, nor does uninstalling it. I don't have the following key in my registry (some people say to delete it):

Code: Select all

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] "C:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"="DISABLEUSERCALLBACKEXCEPTION"
It's not just the Windows 10 Guest either I tried to create an Ubuntu Guest, and it provided the same message before the guest even started up.
Attachments
VBoxStartup.zip
Startup Log
(11.97 KiB) Downloaded 38 times
Picture of the two VirtualBox errors I get
Picture of the two VirtualBox errors I get
VirtualBoxError.png (36.38 KiB) Viewed 13140 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

MikeSchwartz wrote: I'm at a loss to explain why the log wouldn't match the error report. I've double-checked to make sure the log I uploaded matches the one from my test machine. The last line of the log says "Quitting: ExitCode=0xc0000005" which at least matches the first part of the error message. Can you tell me what specifically you would expect to see in the log that you're not seeing?
Hmm. It looks like we're both right. I don't know why I thought before that your error was not present. It is, but so are the symptoms of certs corruption.
MikeSchwartz wrote: I'm also confused about the possibility of corrupted certs. ... BeyondTrust would repair any corrupted certs. Also, this test machine has a freshly-installed copy of Windows straight from the Microsoft installation media, and has never had Windows Updates run on it.
Well, you can presumably see the symptoms in the log as well as I (lots of OS DLLs untrusted). If your certs are not corrupted then I can only guess that BeyondTrust was somehow blocking access to the certs database by other applications. That in itself is interesting, as it isn't a failure mode I was previously aware of.
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

I am not a "Windows person" but is it possible in the effort to harden VB for Windows VirtualBox itself is reading or reporting false trust errors itself? There does seem to be a rash of recent corrupted certificate databases.

Just curious.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.28 Specifically for errors due to Security

Post by mpack »

I'm not sure what a "false trust error" would consist of. VirtualBox examines the certificate embedded in a DLL, and looks up that certificate in a database. It will issue an error if the certificate is missing, invalid, or isn't present in the database. If there was a problem with the logic then it would presumably fail every time, not just with some users (nearly all of which use Win7). I.e. after this many iterations of the code since 4.3.12, I would expect the basic logic to be correct.
loukingjr
Volunteer
Posts: 8851
Joined: 30. Apr 2009, 09:45
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: just about all that run

Re: Windows 4.3.28 Specifically for errors due to Security

Post by loukingjr »

well as false error, I was thinking along the lines you mentioned about them being blocked by an app.

But I understand what you are saying.
OSX, Linux and Windows Hosts & Guests
There are three groups of people. Those that can count and those that can't.
Locked