Solution to Hardening errors

[intersys]

I have an HP Elite notebook and from the first use, I had hardening issues with virtual box. Every their suite turns on a different bloatware that supposed to protect my laptop (HP sureclick, HP sure run, HP sure sense and yada yada yada).
My first solution to the

supR3HardenedWinReSpawn what: 5 VERR_INVALID_NAME (-104)

error was to turn off the threat protection in HP sure sense.

Now, apparentely, they have installed a new protection service, called

Deep Instinct Agent

. It contains three services, which you cannot disable. I believe they try to hookinto the virtual box's virtual machine and thus we have the hardening error.
I tried to disable the service with the regular administrative tools, unsuccessfuly. Then I tried to do that with sysinternal's autoruns. It didn't work either. Bottom line, I didn't want to waste anymore time on this bloatware so if you want to run virtualbox, just uninstall the Deep Instint Agent with Privileged cmd running: .\UninstallAgent /U

I have a question: I know that hooking into the virtual machine's process is allowed if the process that hooks has a legitimate certificate. As far as I know, Deep Instinct has a valid certificate. Why do we have a hardening error?

[fth0]

supR3HardenedWinReSpawn what: 5 VERR_INVALID_NAME (-104)

I know that hooking into the virtual machine's process is allowed if the process that hooks has a legitimate certificate. As far as I know, Deep Instinct has a valid certificate. Why do we have a hardening error?

I can answer your question only partially, because I do not want to spoil the inner workings of the VirtualBox hardening code:

The error message quoted above really means that a 3rd-party software prevented the VirtualBoxVM process from starting another process. This isn't any of the active checks, so it doesn't matter here if VirtualBox likes the 3rd-party software or not. This also is the reason why this error message doesn't give any clue about which 3rd-party software is the problem, if at all.

[mpack]

I know that hooking into the virtual machine's process is allowed if the process that hooks has a legitimate certificate.

That is an important requirement, but certainly not the only one. For example VirtualBox will not accept finding an unknown thread executing in the VirtualBox process, as that thread could be faking certificate test results.

If it was me and I really couldn't find a way to disable unwanted bloatware, I would be wiping the hard disk and starting again. If that didn't work I'd be returning the PC for a refund.