Opened 5 years ago
Closed 5 years ago
#18791 closed defect (invalid)
VM starting failed with "Lacks WinVerifyTrust" at Windows 7 64bit with VB 5.2.18/20/32/33 and 6.0.10
| Reported by: | tkang007 | Owned by: | |
|---|---|---|---|
| Component: | host support | Version: | VirtualBox 5.2.32 |
| Keywords: | WinVerifyTrust | Cc: | |
| Guest type: | Linux | Host type: | Windows |
Description
I cannot start VM after upgrading VB to 5.2.32 from 5.2.18 with below partial log at VBoxHardening.log. Full log file attached.
Even though revert to 5.2.18, it was failed with same log, lacks winverifytrust. Uninstall & reinstall 5.2.18/20/32/33 and 6.1.10, the log was same. So, I cannot use VB anymore.
One thing, Symantec Endpoint Protection 14.2.3335.1000 was installed before I upgrade VB to 5.2.32 and rebooted. Is this related with Symantec Endpoint Protection? I cannot uninstall and disable as I don't know the required password.
I found similar case on this tracker, but I cannot resolve my case.
Many thanks for your any hint !!!
1a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1a78.eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] 1a78.eac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1a78.eac: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1a78.eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1a78.eac: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1a78.eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\Windows\system32\kernel32.dll' 2238.26b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 68 ms, CloseEvents);
Attachments (2)
Change History (7)
by , 5 years ago
| Attachment: | VBoxHardening.log added |
|---|
by , 5 years ago
| Attachment: | VBoxHardening.2.log added |
|---|
comment:1 by , 5 years ago
comment:2 by , 5 years ago
This case was resolved after clean uninstalling Symatec Endpoint Protection. Thanks for helpful information.
comment:3 by , 5 years ago
Hello, I don't know how to close this case. Could you help me to close this caes ? Thanks.
comment:4 by , 5 years ago
I will try to get in contact with the developers. Thank you for the feedback! ;)
comment:5 by , 5 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
It's usually better and faster, if issues get first addressed in the VirtualBox forums, a lot more eyes there. More than 95% of the issues are resolved in the forums, which keeps the developers focusing on the bug fixes and enhancements, and there is no need for another ticket to keep track of. For example, yours is most probably not a bug and someone from the developers has to deal with it and close it as "Invalid".
Plus a discussion and analysis on the bug tracker is going to help me, you, and potentially a future drive-by user or two. Not so in the forums, many more tend to benefit...
You do have a Hardening problem. Please read really carefully the following FAQ: Diagnosing VirtualBox Hardening Issues for some generic guidelines/ideas. Those are guidelines, you have to use your judgement as to which program might be responsible...
I would start by completely uninstalling the following, or adding an exception for all-things VirtualBox: