Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
Hyroko
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Post by Hyroko »

No sign of MBAM that I could find:
Attachments
VBoxHardening.zip
(2.82 KiB) Downloaded 31 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).
Hyroko
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Post by Hyroko »

mpack wrote:Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).
About Windows I'm not sure, it came pre-installed with the PC and I just updated it.

And no, neither 4.x versions nor 5.0 normal version was working.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

4.x doesn't support Win10 hosts, so that would be a dead end regardless.
Hyroko
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Post by Hyroko »

mpack wrote:4.x doesn't support Win10 hosts, so that would be a dead end regardless.
So any idea about what's going on?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

I see nothing obvious. The problem with using prerelease software is that we know nothing about it. Unless I'm mistaking versions, it looks to me as if you are using preview / test builds of both the host OS and VirtualBox. In which case we just have to wait and see what the other pioneers eventually report back.
Hyroko
Posts: 7
Joined: 11. Jun 2016, 12:51

Re: Discussion of Problems due to Hardened Security

Post by Hyroko »

mpack wrote:Windows 10.0.10586.306. Is this a preview release of Windows 10?

Were you having this problem before you switched to a test build of VirtuaBox? (5.0.21?).
I was checking Microsoft site and it says that the lastest normal release (not preview) is 1511 (10.0.10586.318) which seems to be above the one that I have, so I guess my release is not a preview?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

The trouble is that I'm not finding your version listed at all on this Wikipedia site:
https://en.wikipedia.org/wiki/Windows_1 ... on_history

Whereas my own Win10 host build (10.0.10586.318), which is incidentally the most recently public release, is listed, and runs VirtualBox quite happily.

This makes me wonder if .306 was a intermediate beta release.
Scott Scott Scott Scott
Posts: 2
Joined: 17. Jun 2016, 15:38

Re: Discussion of Problems due to Hardened Security

Post by Scott Scott Scott Scott »

Downloaded and installed 5.0.22 as administrator. I have been unable to use any version of Virtualbox on this PC after 4.3.12.

I have tried VMs created with 4.3.12, exported from 4.3.12 and imported 5.0.22 and creating new VMs under 5.0.22 . All return the lacks WinVerify Trust in the log and only the VBoxHardening log is ever written to. No VBoxStartup log is produced.


Installed software that cannot be removed:
Windows 7
BeyondTrust PowerBroker Desktops Client for Windows, Active Defense Agent, McAfee Agent are installed on this desktop.
Attachments
VBoxHardening.log
latest VBoxHardening log
(73.96 KiB) Downloaded 44 times
Scott Scott Scott Scott
Posts: 2
Joined: 17. Jun 2016, 15:38

Re: Discussion of Problems due to Hardened Security

Post by Scott Scott Scott Scott »

See previous post. Is there a process/procedure to determine which product is causing conflict with the signed DLL's, so that I can hopefully get product update that will work better with DLL's
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Discussion of Problems due to Hardened Security

Post by scottgus1 »

Scottx4, I usually look for the word "error" or "reject" when searching the log. I'm definitely no guru on these logs, which seem to be cryptically written. But I have seen logs where the word "error" or occasionally "reject" often shows what dll is failing the security checks.

You log does not contain the word "error" or "reject". So you have no unsigned DLLs lying about. However you have a plethora of "Lacks WinVerifyTrust" lines, on Windows DLL's, possibly* indicating that you have the offending Windows updates that have destroyed the Windows Security database Virtualbox uses to test the Windows files. Look for these updates: KB3004394, KB3045999, and KB3081320. If you can take them off, try that. If you can't take them off because of an uncooperative IT admin, you may not be able to use this PC or you may have to make a case with management.

*I was told once by one of the gurus that "Lacks WinVerifyTrust" might not necessarily indicate a Windows security database corruption, but I'm not familiar with what else it could be. Just hunt out those updates, as a first indication.


And, disregard what I said about the Lacks WinVerifyTrust... I find that I have tons of those in the hardening log in a working Windows 10 VB5 host that boots guest just fine. I see that I really don't know anything about these logs, listen to Mpack...
Last edited by scottgus1 on 17. Jun 2016, 18:44, edited 3 times in total.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

0xC0000005 is an invalid memory access. Probably there are two DLLs. #1 got the bums rush, #2 didn't: but crashes when it tries to call or access data in #1.

I'm seeing "BeyondTrust Powerbroker" in the adversaries section. Sounds eminently ditchable.
puri
Posts: 1
Joined: 18. Jun 2016, 15:45

Re: Discussion of Problems due to Hardened Security

Post by puri »

From the current logs last line before freezing immediately after start "Watcher ERROR [COM]: aRC=E_ACCESSDENIED (0x80070005) aIID={0169423f-46b4-cde9-91af-1e9d5b6cd945} aComponent={VirtualBoxWrap} aText={The object is not ready}, preserve=false aResultDetail=0"

I run a Win10 10.0.10586 and since several month VBox - sometimes updated mostly without trouble.
All other software run fine ... very less trouble.

Since approximately 3...4 weeks I have observed a mysterious behavior of VBox but unfortunately I can't say at which Win10 release or which Vbox release it starts.
After few minutes VBox works and a virtual machine was started I could not enter into the machine window seems to be blocked.
But I found in task manager of Win10 that there was started always a second VBox&machine ... like a shadow but frozen so that I could not enter into first machines window. After shooting down this second in task manager all works fine again until 2 weeks ago. All VBox machines and Vbox crashes.

I have cleaned the system and tried the install the latest Vbox 5.x but nothing works .

Mostly it freezes after starting whatever I do admin or not.
The latest Win 10 update I had approximately 1 week ago.

If it sometimes starts and I try to create a new machine, in most cases I have no really choice for a machine type and if had luck it crashes at formatting a disk. I have not counted how often I have tried this with all tricks.

But one crazy thing I tried today to see what is happens and which failure message occurs.

I have Sandboxie installed and so I tried to start Vbox within Sandboxie which is quite simple.

If there is a problem, Sandboxie should create a different message.

Perhaps the message gives a idea what is going wrong.
Attachments
Sandboxie-VBox-init.jpg
Sandboxie-VBox-init.jpg (32.68 KiB) Viewed 8207 times
Sundar N
Posts: 1
Joined: 21. Jun 2016, 01:23

Re: Discussion of Problems due to Hardened Security

Post by Sundar N »

I am running Virtual Box 5.0.22 r108108 on Windows 7 Professional SP 1. When I try to run a Windows 8.1 VM, I get:
The virtual machine 'Windows-8.1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\UserData\Intel-VM-Sundar\Logs\VBoxHardening.log'.
From above posts, I gather that 0xc0000005 is an invalid memory access. But it is not clear from the VBoxHardening.log as to what is going wrong. The last two entries from the log are:
258c.6a0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 121 ms, the end);
274c.10f0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 772 ms, the end);
There are no occurrences of 'error' or 'reject' in this log.

I do not see errors in the McAfee Access protection log when I try to run the VM. So, what could be going wrong?
Robert Fernando
Posts: 2
Joined: 6. Jul 2016, 17:08

Re: Discussion of Problems due to Hardened Security

Post by Robert Fernando »

Failed to open a session for the virtual machine Win 7 Ent sp1.
The virtual machine 'Win 7 Ent sp1' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\kulkarni.s\VirtualBox VMs\Win 7 Ent sp1\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

win 7 enterprise x64 sp1 16gb of ram
samsung laptop i7 cpu
Attachments
VBoxHardening.log
(23.6 KiB) Downloaded 30 times
Locked