Windows 10 v1809 - Defender Core Isolation-Memory Integrity - Blocks VirtualBox 6.x VM load
Posted: 13. Apr 2019, 16:47
For anyone having the following problems on Windows 10 v1809 with VirtualBox 6.x (I have 6.04):
- Start any VM, you get a black screen with a blinking or solid white cursor at upper left of your VM display window
- You cannot close the "hung" VM gracefully, and have to hit the X at upper right several times or force terminate from task manager or command line (taskkill)
- When you force close the hung VM window, the VM ends up in an "Aborted" state
- No matter what settings you try to make from display, 3D/2D, VMSVGA, paravirtualization, network on/off, NOTHING helps
To Resolve this, open Windows Defender and View Security Dashboard > at left, choose Device Security > Core Isolation details > and turn Memory Integrity OFF (a computer reboot is REQUIRED to complete this action!)
The reason this feature causes problems is clearly due to an unfortunate conflict between this Defender feature and VirtualBox. Which one is at fault is not at all clear (at least not to me at this time). The stated purpose of this feature is to "Prevent attacks from inserting malicious code into high-security processes", but it does this by using "virtualization-based security" which to me means sandboxing. Such that maybe because of the way this feature works, it prevents vital internal VirtualBox components or already memory-resident (pre-loaded) parts of VirtualBox from talking to one another (such as not able to access parts of the program loaded in memory, preventing proper functionality during VM load) - again just my theory and not a deeply technical one at that. (You can read more about this feature by going to the "Learn more" link under Memory integrity, it will take you to a MS web page).
Now...all of that said about VirtualBox, I want to point out that I only recently enabled this defender memory integrity feature and I believe that this *may* have contributed to a total system failure I experienced as follows:
- Suddenly without any prior warning, errors, or log entries - Windows 10 v1809 will NOT boot, and you get a BSOD every time with "A critical service has failed" message
- I also saw a few BOOTCFG errors at boot time, mainly BOOTCFG file is "corrupt" error messages (during my attempts to troubleshoot)
- If you do a "system check" (I have an HP PC) you might get disk-related errors like "no bootable partition" or on an HP device, BIOSHD-3 errors (means "no bootable drive")
- No matter what you do to try and recover such as boot and go to advanced recovery options, even command line...sfc /scannow, bcdedit, dism, does NOT help
- All attempts to do a system "restore" or "reset" mysteriously fail, they will seem to be almost done, then fail
- Only solution is a complete disk wipe and reinstall of Windows 10 v1809
If anyone else has recently played with this defender memory integrity feature and suffered a catastrophic Windows system failure as described above (in addition to the VirtualBox VM load issues), please let me know. I am not sure whether to convey this Windows-related issue to Microsoft because I am not entirely certain it is caused by Defender's memory integrity feature.
- Start any VM, you get a black screen with a blinking or solid white cursor at upper left of your VM display window
- You cannot close the "hung" VM gracefully, and have to hit the X at upper right several times or force terminate from task manager or command line (taskkill)
- When you force close the hung VM window, the VM ends up in an "Aborted" state
- No matter what settings you try to make from display, 3D/2D, VMSVGA, paravirtualization, network on/off, NOTHING helps
To Resolve this, open Windows Defender and View Security Dashboard > at left, choose Device Security > Core Isolation details > and turn Memory Integrity OFF (a computer reboot is REQUIRED to complete this action!)
The reason this feature causes problems is clearly due to an unfortunate conflict between this Defender feature and VirtualBox. Which one is at fault is not at all clear (at least not to me at this time). The stated purpose of this feature is to "Prevent attacks from inserting malicious code into high-security processes", but it does this by using "virtualization-based security" which to me means sandboxing. Such that maybe because of the way this feature works, it prevents vital internal VirtualBox components or already memory-resident (pre-loaded) parts of VirtualBox from talking to one another (such as not able to access parts of the program loaded in memory, preventing proper functionality during VM load) - again just my theory and not a deeply technical one at that. (You can read more about this feature by going to the "Learn more" link under Memory integrity, it will take you to a MS web page).
Now...all of that said about VirtualBox, I want to point out that I only recently enabled this defender memory integrity feature and I believe that this *may* have contributed to a total system failure I experienced as follows:
- Suddenly without any prior warning, errors, or log entries - Windows 10 v1809 will NOT boot, and you get a BSOD every time with "A critical service has failed" message
- I also saw a few BOOTCFG errors at boot time, mainly BOOTCFG file is "corrupt" error messages (during my attempts to troubleshoot)
- If you do a "system check" (I have an HP PC) you might get disk-related errors like "no bootable partition" or on an HP device, BIOSHD-3 errors (means "no bootable drive")
- No matter what you do to try and recover such as boot and go to advanced recovery options, even command line...sfc /scannow, bcdedit, dism, does NOT help
- All attempts to do a system "restore" or "reset" mysteriously fail, they will seem to be almost done, then fail
- Only solution is a complete disk wipe and reinstall of Windows 10 v1809
If anyone else has recently played with this defender memory integrity feature and suffered a catastrophic Windows system failure as described above (in addition to the VirtualBox VM load issues), please let me know. I am not sure whether to convey this Windows-related issue to Microsoft because I am not entirely certain it is caused by Defender's memory integrity feature.