When trying to start a Virtual Machine (VM) in VirtualBox with Symantec Endpoint Protection (SEP) Application and Device Control installed, the VM will not start and eventually times out. Additionally, when you try and restart the host machine, it hangs on shutting down.
VirtualBox pops up a window saying Starting VM: Creating process for virtual machine "VMname" (GUI/Qt)...(1/2) and will either hang on this window or may eventually throw a time out error after approximately 10 minutes.
Oracle has been hardening the security on the application VirtualBox. SEP Application and Device Control injects it's DLL into all running processes which in turn conflicts with the hardened security in VirtualBox. Oracle is working to address the compatibility issues with many AV products caused by the hardening of VirtualBox.
Create an Application Control folder exclusion in the Symantec Endpoint Protection Manager (SEPM) for the directory, and it's subfolders, where VirtualBox is installed to. By default this is: C:\Program Files\Oracle\VirtualBox\. This will cause Application and Device Control to not inject into the applications running out of that directory or it's subdirectories.
Steps to create the exclusion:
1) In the SEPM go to the Exclusions policy that is assigned to the group that the affected client is in and open that policy to edit it
2) Go to the Exceptions tab on the left
3) Click Add -> Windows Exceptions -> Folder
4) Change the type of scan drop down to “Application Control"
5) Set the path to the VirtualBox install path, by default it is C:\Program Files\Oracle\VirtualBox\ although this will vary depending upon the install location chosen
6) Check the box to include subdirectories
7) Hit OK to save the exception and OK again to close out of the policy
8) Update the policy on the client and verify it has the new policy
9) Reboot the client as the exception will not remove it’s injection from an already running process. A hard restart may be required.
10) Once it comes back up, verify that VirtualBox is now working
Symantec Endpoint Protection 12.1
Windows 7 host (may affect other hosts)
Any guest OS
VirtualBox 4.3.14-4.3.18 (some test builds may or may not exhibit the issue as this is being addressed)
Imported Document ID: TECH225620
Subscribing will provide email updates when this Article is updated. Login is required.