Windows – Symantec Endpoint Protection Prevents VirtualBox Guest From Starting

64-bitsepvirtualboxwindows 7

We were running VirtualBox 4.3.16 on a Windows 7 Enterprise SP1 x64 host. A couple of days ago, our Corporate IT decided they were going to silently install a newer version Symantec Endpoint Protection, 12.1.5337.5000. Previously running v12.1.4013.4013. Since then, when trying to start a VirtualBox guest (doesn't matter what guest), nothing happens. You can see the VirtualBox.exe instance running in the task manager, but if you try and kill it refuses to go away.

I've tried every trick I know to kill the process including: Windows Task Manager -> Processes -> Right click and select Terminate; Process Explorer; pskill; taskkill /f /pid. The worst part, is you cannot even shutdown the PC. When you attempt to initiate a shutdown/reboot, Windows does nothing. If you try to launch any programs after that, nothing will come up. The only option left is to do a 3-second hold on the power button.

I can uninstall Symantec and VirtualBox becomes functional again, but unfortunately, changes to Symantec are not much of an option in fixing this. We're stuck with the version Corporate IT has dished out. I've tried upgrading to VirtualBox 4.3.18 but that has not made a difference. Temporarily disabling Symantec Endpoint also has no affect.

This is what I see in the VBoxStartup.log

ac8.159c: Error (rc=258):
ac8.159c: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
ac8.159c: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
ac8.159c: Timed out after 60001 ms waiting for child request #1 (CloseEvents).

Searches online have yielded a few forums talking about the same or similar issues, but as far as I could tell, no real solutions. At this point any help, even it's just a sure fire to kill the process so I don't have kill power to the PC would be much appreciated.

Proactive Threat Protection Settings in Symantec:

  • SONAR
    • Enable SONAR = Checked
    • High risk detection = Quarantine
    • Low risk detection = Log
    • Enable Aggressive Mode = Unchecked
    • Show alert upon detection = Checked
    • Prompt before terminating a process = Unchecked
    • Prompt before stopping a service = Unchecked
  • Suspicious Behavior Detection
    • High risk detection = Block
    • Low risk detection = Ignore
  • System Change Detection
    • DNS change detection = Ignore
    • Host file change detected = Ignore
    • Exceptions = Tried adding VirtualBox directory, makes no difference.

Best Answer

Hope this thread helps.

https://forums.virtualbox.org/viewtopic.php?t=64111&f=6

I had a similar problem. There seems to be some regression from 4.3.12 onwards. Possible reason seems to be "hardened" security features that does not work well with SEP latest release.

I have reverted to 4.2.x VB release, which solved my problem.

Related Question