Umbra

[How To] use Emsisoft OA /Emsisoft IS v9 with Virtual Box

Recommended Posts

hi, as you know Online Armor and the latest Emsisoft Internet security v9 can't be installed when Virtual box is present (it will generates a BSOD) ; so there is the procedure to to have them both.

If Virtual Box is not installed yet (and was never installed)

1- Install OA/ EIS
2- install Vbox

If Virtual Box was installed before but removed

2- open "Regedit" (via Run)
3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt
4- if it's still present, delete it
5- reboot (not necessary, but better if done)
6- install OA/EIS
7- install Vbox

If Virtual Box is already installed

1- uninstall Vbox
2- open "Regedit" (via Run)
3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt
4- if it's still present, delete it
5- reboot (not necessary, but better if done)
6- install OA/EIS
7- install Vbox



hope this will help you

 

note: i did this procedure since ages so it really works ^^

  • Upvote 2

Share this post


Link to post
Share on other sites
Guest Tempus

Thanks for sharing this nice workaround, will give it a go later this weekend. :)

Share this post


Link to post
Share on other sites

You can open a Command Prompt as administrator and use the command sc delete VBoxNetFlt to delete the Virtual Box network filter driver to make it easier. No need to directly edit the registry. ;)

Also, please note that if you have Virtual Box and Emsisoft Internet Security installed that there will more than likely be random BSoD issues. Depending on your circumstances, it might just be easier to use VMware Player (it does still come in a free version for personal use).

Share this post


Link to post
Share on other sites

You can open a Command Prompt as administrator and use the command sc delete VBoxNetFlt to delete the Virtual Box network filter driver to make it easier. No need to directly edit the registry. ;)

indeed it is simpler ! (i am used to navigate in the registry ^^)

Also, please note that if you have Virtual Box and Emsisoft Internet Security installed that there will more than likely be random BSoD issues.

i think it is mostly during the installation of OA/EIS drivers (if the reg key is present) that the BSOD occurs , i never got it when Vbox is installed after OA/EIS

Share this post


Link to post
Share on other sites
Guest Tempus

You can open a Command Prompt as administrator and use the command sc delete VBoxNetFlt to delete the Virtual Box network filter driver to make it easier. No need to directly edit the registry. ;)

Also, please note that if you have Virtual Box and Emsisoft Internet Security installed that there will more than likely be random BSoD issues. Depending on your circumstances, it might just be easier to use VMware Player (it does still come in a free version for personal use).

 

Thanks GT500. I do use Virtualbox for testing, because it has the possibility for creating a snapshot of your virtual machine. That is a useful feature that is missing Wm palyer free. Next time that VMWare is launching a campaign, then I might go for the full edition of workstation 10. We will see what time brings ^_^ 

Share this post


Link to post
Share on other sites

i think it is mostly during the installation of OA/EIS drivers (if the reg key is present) that the BSOD occurs , i never got it when Vbox is installed after OA/EIS

Some people seem to experience the BSoD frequently (and randomly) when both are installed.

Share this post


Link to post
Share on other sites

@GT500 : it is surely true, since i am tester for Emsisoft , i never encountered BSODs when OA was installed before Vbox; im lucky i guess ;)

 

on my forum i always warn people using both OA and Vbox to follow my procedure and i dont remember they had issue then, most BSODs were when the reg keys was present before.

 

but we all know that "No System are identical"  ;)

Share this post


Link to post
Share on other sites

So for clarification:

 

Oracle's VirtualBox is now running on same machine Emsisoft OA or Emsisoft Internet security 9 is installed?

 

Emsisoft install should be made before installation of VirtualBox as decribben above?

 

This issue is the only one that keeps me away from Emsisoft...

 

Thx...

Share this post


Link to post
Share on other sites

The VirtualBox Bridged Networking driver is causing a blue screen as soon as other NDIS filter drivers are installed. What makes matters worse is that the VirtualBox uninstaller doesn't remove the VirtualBox Bridged Networking driver properly. The best way to run VirtualBox and Online Armor or Emsisoft Internet Security on the same computer is to install VirtualBox without Bridged Networking support. If VirtualBox is already installed or was installed in the past, you will have to uninstall it and remove the VirtualBox Bridged Networking driver manually using the instructions Arthur posted above.

Share this post


Link to post
Share on other sites

Thanks for further explanation.

 

Which kind of connections uses "VirtualBox Bridged Networking driver" in VirtualBox?

 

Is is possible to access local lan *without* NAT and without "VirtualBox Bridged Networking driver"?

(VirtualBox and VB-host in same subnet, e.g. 192.168.1.x)

 

Is is possible to access wan/internet with NAT and without "VirtualBox Bridged Networking driver"?

 

Thanks once more, hoping, that EAM will meet my requirements...

Share this post


Link to post
Share on other sites

First of all: Emsisoft Anti-Malware will work perfectly fine alongside VirtualBox, no matter what you have installed. Only Online Armor and Emsisoft Internet Security have trouble with the VirtualBox driver. So if you only want to run Emsisoft Anti-Malware, just go ahead and install it. There won't be any problems.

 

Other than that there is only one question you need to ask yourself: Does any of your VMs use the Bridged Adapter? You can check the Network settings of each VM to find out. If one of it does, you need the Bridged Networking driver. If all your VMs only use the NAT, Internal Network or Host-only Adapter, you don't need the Bridged Networking driver.

Share this post


Link to post
Share on other sites

Does any of your VMs use the Bridged Adapter? You can check the Network settings of each VM to find out. If one of it does, you need the Bridged Networking driver. If all your VMs only use the NAT, Internal Network or Host-only Adapter, you don't need the Bridged Networking driver.

 

Bridged network: Yes one is using it:

It is a virtualized terminalserver, access from RDP clients is tested by local network connection in same lan mask (e.g. 192.168.1.x)

It meens: host and guest (=terminalserver in VB) are in same subnet 192.168.1.x.

 

And guest (=terminalserver in VB) needs access to wan/internet for updating...

 

Other mode instead of "Bridged networking" possible for this purpose, which doesn't interact with OA?

Share this post


Link to post
Share on other sites

If you want the VM to be part of the real local network, no.

 

Another half a year has gone...

Any news about this issue?

Still no coexisting of VirtualBox ("VirtualBox Bridged Networking driver") and OnlineArmor?

 

From v4.3.14 on VirtualBox has intoduced new software architecture with 'hardened' security layer, so perhaps there is a new chance of getting it running!?

Share this post


Link to post
Share on other sites

Next attempt... :unsure:

 

I do need VirtualBox for occupational purpose AND want to use Emsisoft Anti-Malware. So this is no problem. But Online Armor isn't working with VirtualBox.

 

Which alternative software firewall are recommended to work in combination with EAM and includes content-/ web-filter with regexpr for urls like *server.tld ?

 

Thx...

Share this post


Link to post
Share on other sites

Which alternative software firewall are recommended to work in combination with EAM and includes content-/ web-filter with regexpr for urls like *server.tld ?

Windows firewall will work just fine.

Share this post


Link to post
Share on other sites

^_^

I do not need a recommendation but a list of personal software firewalls knowns as fully compatible with EAM on Win7/win8.1.

 

Regards.

 

 

It is extremely unlikely you will experience compatibility issues between EAM and whatever firewall you choose.

 

Just a suggestion ... these are worth a look:

 

  • BiniSoft Windows Firewall Control (provides notifications for outbound connections using Windows firewall, $10 lifetime license with unlimited installations. W7/8).
  • GlassWire  (W7/8).
  • Windows 7 Firewall with Advanced Security (W7, obviously).

 

Just perform Google search for each.

 

I use BiniSoft's WFC with EAM and it is more than enough.  If I am not mistaken all Emsi staff use EAM + Windows firewall...so what does that say?

 

However, if your primary goal is to filter web content using unlimited wildcards and regular expressions then, unfortunately, I know of no home firewall solutions for W7/8 with those capabilities.  That does not mean there isn't one out there somewhere.

 

I've only seen the ability to exclude TLDs using regexp in enterprise endpoint solutions such as FortiClient, WebSense and Kerio...among others.

Share this post


Link to post
Share on other sites

Comodo Firewall?

 

Hello Siketa,

 

I do not recall, but I would not be surprised considering the built-in configurability.

Share this post


Link to post
Share on other sites

  • BiniSoft Windows Firewall Control (provides notifications for outbound connections using Windows firewall, $10 lifetime license with unlimited installations. W7/8).
  • GlassWire  (W7/8).
  • Windows 7 Firewall with Advanced Security (W7, obviously).

 

Thanks, did check these tools:

I am sorry but all of them do not allow requested content-/ web-filter with regexpr for urls like *server.tld ...

 

In my opinion it is possible to block ip addresses 123.123.123.1 only, but not by server names like server.tld or www.server.tld , isn't it?

 

In case of load balancing server farms (for example google, microsoft, facebook ...) it is not possibleto enter all necessary ip addresses, too much.

 

Any experience about this?

Share this post


Link to post
Share on other sites

Sorry, but a firewall is the wrong tool for that. What about SSL protected connections for example? A firewall won't be able to act on that traffic at all. What you want is better suited for a proxy (like Privoxy) or if you only want it within your browser for a browser plugin (like uMatrix).

Share this post


Link to post
Share on other sites
 

You can open a Command Prompt as administrator and use the command sc delete VBoxNetFlt to delete the Virtual Box network filter driver to make it easier. No need to directly edit the registry.  ;)

 

 

I gave that a shot in Windows 10 but it seem that this service is running any more. It looks like the Registry method is the only one,

Share this post


Link to post
Share on other sites

hi, as you know Online Armor and the latest Emsisoft Internet security v9 can't be installed when Virtual box is present (it will generates a BSOD) ; so there is the procedure to to have them both.

If Virtual Box is not installed yet (and was never installed)

1- Install OA/ EIS

2- install Vbox

If Virtual Box was installed before but removed

2- open "Regedit" (via Run)

3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt

4- if it's still present, delete it

5- reboot (not necessary, but better if done)

6- install OA/EIS

7- install Vbox

If Virtual Box is already installed

1- uninstall Vbox

2- open "Regedit" (via Run)

3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt

4- if it's still present, delete it

5- reboot (not necessary, but better if done)

6- install OA/EIS

7- install Vbox

hope this will help you

 

note: i did this procedure since ages so it really works ^^

 

 

Thanks for that Umbra!!! I've actually taken your method and simplified it a bit.

 

 

EDIT: my VBox and OA were able to coaxist with no blue screens on my Windows 10 rig because I suspect OA is just not working well on 10. When I tried it on Windows 7 with VBox installed, it did indeed give me blue screens. 

 

If you go to:

 

 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\

 

Export: VBoxUSBMon, VBoxNetFlt, VBoxNetAdp and VBoxDrv as individual .reg files (make sure to export selected registry key and not the whole registry).

 

Once you've made sure that you have a backup of the listed registry keys, you can delete those 4 vbox related keys and run the Online Armor Installation without uninstalling VBox. Don't reboot at the end of the installation.

 

Once OA is installed, merge the backed up .reg files and both VB and OA should work on reboot. 

Share this post


Link to post
Share on other sites

As mentioned in your other thread already, Online Armor does not support Windows 10. As a result its driver won't load properly so naturally there won't be a blue screen.

Share this post


Link to post
Share on other sites

hi, as you know Online Armor and the latest Emsisoft Internet security v9 can't be installed when Virtual box is present (it will generates a BSOD) ; so there is the procedure to to have them both.

 

Any progress about that issue?

 

Can Emsisoft Internet security coexist with VirtualBox 5.x, working and without bluescreens?

 

Thx and regards.

Share this post


Link to post
Share on other sites

I think this procedure is outdated and doesn't apply anymore. I've reinstalled Emsisoft Internet Security many, many times when VirtualBox was already installed, and not once did I get a BSOD. So I would try to install EIS, and if you get a BSOD, then try to follow the instructions in this guide. However, I doubt these are necessary now.

Share this post


Link to post
Share on other sites

Any progress about that issue?

No, and there more than likely never will be. This is not an issue that we can fix. It's a bug in a VirtualBox driver, and only their development team can fix it. If you'd like to see this get changed, then you will have to ask the VirtualBox team to fix the issues with their driver. Just be aware that their developers have a history of ignoring such requests. Here's an example.

 

Can Emsisoft Internet security coexist with VirtualBox 5.x, working and without bluescreens?

Yes, all you have to do is install VirtualBox without bridged networking support, or manually delete their network filter driver after installing VirtualBox and before installing a firewall such as Emsisoft Internet Security.

Here's instructions on how to delete the driver manually on Windows 7:

  • Click on the Start button.
  • Go to All Programs.
  • Go to Accessories.
  • Right-click on Command Prompt and select Run as administrator.
  • Type in (or copy and paste) the following command, and then press Enter to run it:

    sc delete VBoxNetFlt

And here's instructions for Windows 8, Windows 8.1, and Windows 10:
  • Right-click on the Start button to open the Power User Menu.
  • Select Command Prompt (Admin) from the list.
  • Type in (or copy and paste) the following command, and then press Enter to run it:

    sc delete VBoxNetFlt

I recommend restarting your computer after doing this.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.