The virtual machine 'Windows 7 - Siemens TIA15 V2.2' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\thomast\Documents\Virtuelle maskiner\Elkons\Windows 7 - Siemens TIA15 V2.2\Logs\VBoxHardening.log'.
Resultats kode:
E_FAIL (0x80004005)
Komponent:
MachineWrap
Grænseflade:
IMachine {5047460a-265d-4538-b23e-ddba5fb84976} I have tested this with:

Windows 7 Professional SP1 (64 bit) that we have previously used without problems up to 5.2.22 (I did not update past this on 5.x branch)

Linux Ubuntu 18.04 (64 bit) created in Virtualbox 6.0.2 with mounted ISO file

Findings:

Normal start (or normal resume state) without any changes to the environment gives the above hardening.

Terminating Trend Micro Security Agent (TMSA) resolves the issue, but is required to run due to company IT policy.

The virtual machine continues to work fine if TMSA is restarted after the virtual machine has started.

According to the exit code 0xc0000005 in the official thread "Diagnosing Virtualbox Hardening Issues" this should be a graphics driver issue.

Starting/resuming the virtual machine in headless mode works fine, and I can almost immediately choose Show and see the screen.

Preview when using headless mode works fine as well, so it seems strange to me that it should be a graphics driver issue?

Downgrading to 5.2.22 makes the VM work fine again.

To make the Windows 7 guest work in Virtualbox 6, we did have to change the following line in our SLIC setup file:

Code: Select all

"%VBOX_MSI_INSTALL_PATH%\VBoxManage.exe" setextradata "%CurrDirName%" "VBoxInternal/Devices/acpi/0/Config/[b]SLICTable[/b]" "%CD%\SLIC.BIN"

... to ...

Code: Select all

"%VBOX_MSI_INSTALL_PATH%\VBoxManage.exe" setextradata "%CurrDirName%" "VBoxInternal/Devices/acpi/0/Config/[b]CustomTable[/b]" "%CD%\SLIC.BIN"

What I have attempted so far:

Terminating TMSA, uninstalling Virtualbox with admin rights, rebooting, terminating TMSA, reinstalling Virtualbox with admin rights - I could start the Windows 7 guest in normal mode regardless of TMSA started/not running, until I rebooted host.

Following another thread, reinstalling Virtualbox with admin rights and removing %USERPROFILE%\.Virtualbox folder contents, then adding in the virtual machines after.

Updating drivers for both graphics adapters in my computer; Intel HD Graphics 630 and NVIDIA Quadro M1200 (both via Windows Device Manager driver update tool)

The fact that I cannot even boot a completely clean Ubuntu (OS not even installed, just a VM created and ISO file mounted) eliminates, in my mind, the possibility that our company VM is to blame.
To make matters more complex, I have a colleague who is able to run a similar Windows 7 guest (another branch of our VM but from a clone of the same base VM originally) with only the modification to the SLIC setup file (which we have always used).
I appreciate any constructive input that can provide a solution, answers, ideas or even just clarify the problem. Feel free to ask questions. And let me know if I have not formatted this post according to forum guidelines, then I'll be happy to change it to fit.
VBoxHardening logs (zipped) are attached for both Windows 7 and Ubuntu 18.04 guests.
Thanks in advance,
Thomas T.

FAQ: Diagnosing VirtualBox Hardening Issues (see the fifth post).

The fact that I cannot even boot a completely clean Ubuntu (OS not even installed, just a VM created and ISO file mounted) eliminates, in my mind, the possibility that our company VM is to blame. See the FAQ. Hardening problems are problems with the host . The guest OS is not relevant thought it can affect the timing of specific crashes.

Thanks for your answer.
I'm on board with that. Just wanted to be sure there was no effect from the VM itself.
However, this excerpt from the post you mention makes little sense to me:

If you find that the VM will not start in normal mode, but will start when run in headless mode, then that makes it pretty much certain that your problem is the graphics drivers.

If that is so, what is then the difference between running in normal mode (guest screen shown as window) and headless mode (guest screen shown as miniature/preview)? I can understand that maybe Trend Micro is preventing some dll injection from happening, but I can leave it running if I just start the VM in headless mode. Shouldn't it cause the same issue there? Or do I fail to understand why this only happens at boot/resume and not any other time while the VM is running?

I also have a VboxHardening issue. It surprisingly happened with no warning---I was workign fine one day, and the next day, the same VM failed to start.
It does work in headless mode (thanks for the tip!). I've attached the log, but I don't understand them at all. I can't figure out from the log which components are successful and which are not.
I am in a large corporate managed environment and so can't turn off the nannyware installed.
Any suggestions?

mbkennel wrote: I am in a large corporate managed environment and so can't turn off the nannyware installed.

2a04.8cc:     FileDescription: Cylance Protect Driver
2a04.8cc:     FileDescription: PowerBroker for Windows
2a04.8cc:     FileDescription: BeyondTrust PowerBroker for Windows DLL

If you can't completely uninstall them and/or update them to a version that they've addressed the problem, find a way to add an exception for VirtualBox. There's no other option.

Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the " POST REPLY ", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.

socratis wrote: If you can't completely uninstall them and/or update them to a version that they've addressed the problem, find a way to add an exception for VirtualBox. There's no other option.

I did that in Trend Micro Security Agent for:

The entire Virtualbox program folder

The entire folder that contains our virtual machines

File types VDI, VHD, VMDK and VBOX

Am I missing an exclusion?

The entire folder containing said executables is added as an exception, as stated in my previous comment:

stmtjt wrote: I <added exceptions> in Trend Micro Security Agent for:

• The entire Virtualbox program folder

(etc.)

If excluding an entire folder is not sufficient to exclude any executable file contained therein, or if excluding a file by itself or the folder that contains it does not have the same effect, please enlighten me.

Sorry, I can't tell you how your choice of AV does exclusions, you would have to ask the AV provider. If you want to confirm that VirtualBox has been excluded then look at the VBoxHardening.log for the VM. Scroll down until you find the ": supR3HardenedWinFindAdversaries: nnn" line. If nnn is anything other than 0x0 then your AV is still interfering. The lines following should make it clear what AV is responsible.
Also search for the "more than one thread" error as discussed in the FAQ. If you see that then again your AV is still there.

Display: All posts 1 day 7 days 2 weeks 1 month 3 months 6 months 1 year Sort by: Author Post time Subject Direction: Ascending Descending

↳   Using VirtualBox

↳   VirtualBox on Windows Hosts

↳   VirtualBox on Windows pre-releases

↳   VirtualBox on Linux Hosts

↳   VirtualBox on Mac OS X Hosts

↳   VirtualBox on Mac OS X pre-releases

↳   VirtualBox on Solaris Hosts

↳   VirtualBox on Other Hosts

↳   Suggestions

↳   Third Party Applications

Guest systems

↳   Windows Guests

↳   Linux Guests

↳   Solaris Guests

↳   Mac OS X Guests

↳   Other Guests

Deutschsprachige Anwender

↳   Allgemeine Diskussionen

VirtualBox Programming

↳   The VirtualBox API

↳   VirtualBox OSE

Special Purpose

↳   VirtualBox Beta / Release Candidate Feedback

↳   Old Beta Postings