Open xsmolasses opened 3 days ago
Black-Seraph
commented
3 days ago Please do not mess with the installed features manually, Duo installs them directly via .mum package files to ensure Home Edition operating systems can access the sandbox API as well.
Also mind telling me which edition you chose on the Windows install setup? Home, Pro, etc.
xsmolasses
commented
3 days ago Pro. Activated with a digital license (triggered via command line).
This script was used during install. https://www.patreon.com/posts/skipoobe-cmd-104354406 https://raw.githubusercontent.com/DavidXanatos/SysPrep/main/Scripts/SkipOOBE.cmd (Once at the Desktop, created and am running under a new User in Administrators group just the same as in Duo local user account specification, using same two lines as in Duo wiki Troubleshooting.)
Yea nah, I haven't fiddled with the Windows Features GUI checkboxes myself this clean install - I was just giving the overview of what it looks like now - although at a later date I may need WSL2...
I have added options through bcdedit, and since before Duo v1.4.9 setup, Windows was NOT running in a hypervisor, I’m pretty sure.
(I know “Windows Firewall Control” software is interfering with created rules by monitoring for & disabling them, but disabling firewalling completely didn't help. I know Windows Sandbox needs DHCP. And not being able to firewall ICS anyway is a bummer. Suppose I can just add any rules in customise.ps1 et cetera.)
Black-Seraph
commented
3 days ago If you manually kill the hypervisor via bcdedit then virtualization, and by dependency the Sandbox feature, will of course not work.
Duo will never ever overwrite your bcd settings, that would be way too invasive and risky IMO.
Double check your current hypervisor settings, and if disabled and you wish to make use of the Sandbox feature, re-enable it via bcdedit, undoing your prior manual changes.
xsmolasses
commented
3 days ago Yeah but standard Windows Sandbox is running just fine, Duo-launched Windows Sandbox is not - I never tested prior to Duo v1.4.9, presuming the Windows Sandbox wasn't installed by default.
Anyway I have a boot menu, where the changes were made to a duplicate of the original options, selecting the original to boot into has made no difference to described Duo Sandbox behaviour.
Kernel DMA Protection Off
Virtualization-based security Running
Virtualization-based security Required Security Properties
Virtualization-based security Available Security Properties Base Virtualization Support, DMA Protection, Secure Memory Overwrite, SMM Security Mitigations 1.0, Mode Based Execution Control, APIC Virtualization
Virtualization-based security Services Configured
Virtualization-based security Services Running
Windows Defender Application Control policy Enforced
Windows Defender Application Control user mode policy Audit
Device Encryption Support Reasons for failed automatic device encryption: PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected
A hypervisor has been detected. Features required for Hyper-V will not be displayed. (Shutting down for the night while system isn't in production; pick this up tomorrow or when there's something other to try.)
bcdedit /v
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume5
path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {232ff6f6-547c-11ef-a2bf-e97364c42453}
resumeobject {232ff6f2-547c-11ef-a2bf-e97364c42453}
displayorder {232ff6f3-547c-11ef-a2bf-e97364c42453}
{232ff6f6-547c-11ef-a2bf-e97364c42453}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
Windows Boot Loader
-------------------
identifier {232ff6f3-547c-11ef-a2bf-e97364c42453}
device partition=C:
path \Windows\system32\winload.efi
description Windows 11
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {232ff6f4-547c-11ef-a2bf-e97364c42453}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {232ff6f2-547c-11ef-a2bf-e97364c42453}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {232ff6f6-547c-11ef-a2bf-e97364c42453}
device partition=C:
path \Windows\system32\winload.efi
description Windows 11 sans security
locale en-US
loadoptions DISABLE-LSA-ISO,DISABLE-VBS
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {232ff6f4-547c-11ef-a2bf-e97364c42453}
displaymessageoverride Recovery
recoveryenabled No
nointegritychecks Yes
isolatedcontext No
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {232ff6f2-547c-11ef-a2bf-e97364c42453}
nx OptIn
bootmenupolicy Standard
hypervisorlaunchtype Autotasklist /V
Image Name PID Session Name Session# Mem Usage Status User Name CPU Time Window Title
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process 0 Services 0 8 K Unknown NT AUTHORITY\SYSTEM 6:29:18 N/A
System 4 Services 0 980 K Unknown N/A 0:01:07 N/A
Secure System 204 Services 0 272,420 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
Registry 252 Services 0 63,120 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
smss.exe 752 Services 0 1,244 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 1212 Services 0 5,000 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A
wininit.exe 1328 Services 0 6,720 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
csrss.exe 1348 Console 1 5,740 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A
services.exe 1404 Services 0 10,792 K Unknown NT AUTHORITY\SYSTEM 0:00:23 N/A
LsaIso.exe 1424 Services 0 3,844 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
lsass.exe 1436 Services 0 26,816 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
winlogon.exe 1524 Console 1 11,912 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1640 Services 0 28,668 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A
fontdrvhost.exe 1668 Console 1 8,688 K Unknown Font Driver Host\UMFD-1 0:00:00 N/A
fontdrvhost.exe 1676 Services 0 3,624 K Unknown Font Driver Host\UMFD-0 0:00:00 N/A
svchost.exe 1772 Services 0 19,724 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 1824 Services 0 11,292 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1928 Services 0 10,744 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 1936 Services 0 5,416 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1944 Services 0 7,236 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 1096 Services 0 5,420 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 972 Services 0 8,296 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 1132 Services 0 12,244 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 980 Services 0 14,048 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 2060 Services 0 7,620 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 2068 Services 0 8,512 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 2160 Services 0 10,432 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2168 Services 0 17,096 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 2176 Services 0 8,692 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 2324 Services 0 5,948 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2380 Services 0 10,468 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2596 Services 0 10,156 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2720 Services 0 12,224 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
WUDFHost.exe 2872 Services 0 9,028 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
NVDisplay.Container.exe 2932 Services 0 46,076 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
dwm.exe 3020 Console 1 94,588 K Running Window Manager\DWM-1 0:00:04 DWM Notification Window
svchost.exe 3088 Services 0 7,996 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:01 N/A
svchost.exe 3128 Services 0 8,096 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 3180 Services 0 25,144 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 3308 Services 0 7,572 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3320 Services 0 12,980 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3328 Services 0 11,992 K Unknown NT AUTHORITY\SYSTEM 0:00:03 N/A
svchost.exe 3340 Services 0 5,816 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3348 Services 0 8,040 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 3364 Services 0 16,204 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3504 Services 0 7,512 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
Memory Compression 3596 Services 0 N/A Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3676 Services 0 8,440 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3768 Services 0 8,984 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3776 Services 0 10,312 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 3852 Services 0 7,256 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 3860 Services 0 6,440 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
taskhostw.exe 4036 Services 0 16,824 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 4052 Services 0 38,432 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:09 N/A
svchost.exe 2580 Services 0 6,812 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 2520 Services 0 17,556 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 4164 Services 0 6,800 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
WUDFHost.exe 4196 Services 0 9,700 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
NVDisplay.Container.exe 4416 Console 1 62,928 K Running NT AUTHORITY\SYSTEM 0:00:04 NvSvc
svchost.exe 4436 Services 0 16,588 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 4564 Services 0 14,272 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
SbieSvc.exe 4624 Services 0 12,540 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 4800 Services 0 7,172 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
WmiPrvSE.exe 4620 Services 0 9,988 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5156 Services 0 10,652 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 5164 Services 0 6,768 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 5476 Services 0 16,712 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5500 Services 0 12,420 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
spoolsv.exe 5572 Services 0 15,972 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5724 Services 0 8,364 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
launcher-x64.exe 5732 Services 0 5,904 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
Everything64.exe 5740 Services 0 7,856 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5748 Services 0 20,680 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:01 N/A
wfcs.exe 5756 Services 0 197,392 K Unknown NT AUTHORITY\SYSTEM 0:00:34 N/A
tvnserver.exe 5764 Services 0 9,304 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5772 Services 0 16,296 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 5780 Services 0 6,064 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
vmcompute.exe 5820 Services 0 27,140 K Unknown NT AUTHORITY\SYSTEM 0:00:50 N/A
CExecSvc.exe 5848 Services 0 4,120 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
conhost.exe 6024 Services 0 12,392 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 6120 Services 0 9,496 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
sunshinesvc.exe 6508 Services 0 3,784 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 6996 Services 0 16,884 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
sihost.exe 6696 Console 1 28,020 K Running A\User 0:00:00 N/A
svchost.exe 5508 Console 1 17,020 K Unknown A\User 0:00:00 N/A
svchost.exe 7720 Console 1 8,556 K Unknown A\User 0:00:00 N/A
svchost.exe 7752 Services 0 17,436 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
explorer.exe 8288 Console 1 219,800 K Running A\User 0:00:01 N/A
svchost.exe 8320 Console 1 27,504 K Running A\User 0:00:00 Windows Push Notifications Platform
svchost.exe 8396 Services 0 17,924 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 8504 Services 0 9,364 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
taskhostw.exe 8652 Console 1 19,152 K Running A\User 0:00:00 Task Host Window
MicrosoftEdgeUpdate.exe 8664 Services 0 2,520 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 8836 Console 1 22,304 K Running A\User 0:00:00 N/A
svchost.exe 8852 Services 0 13,064 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 8916 Services 0 12,196 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
sunshine.exe 9204 Console 1 26,988 K Running NT AUTHORITY\SYSTEM 0:00:00 N/A
SearchHost.exe 8200 Console 1 221,036 K Running A\User 0:00:01 Search
StartMenuExperienceHost.e 8176 Console 1 114,656 K Running A\User 0:00:00 Start
conhost.exe 8100 Console 1 10,660 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
Widgets.exe 8724 Console 1 34,280 K Running A\User 0:00:00 N/A
RuntimeBroker.exe 7948 Console 1 45,740 K Running A\User 0:00:00 N/A
svchost.exe 7552 Services 0 14,352 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
RuntimeBroker.exe 9368 Console 1 29,424 K Running A\User 0:00:00 OleMainThreadWndName
MoUsoCoreWorker.exe 9480 Services 0 28,944 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 9592 Console 1 12,864 K Unknown A\User 0:00:00 N/A
ctfmon.exe 10124 Console 1 29,988 K Running A\User 0:00:00 N/A
dllhost.exe 9792 Console 1 15,360 K Running A\User 0:00:00 OleMainThreadWndName
wfcUI.exe 10648 Console 1 87,712 K Running A\User 0:00:00 CiceroUIWndFrame
Everything64.exe 10712 Console 1 95,372 K Running A\User 0:00:00 N/A
svchost.exe 8156 Services 0 14,872 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
RAVCpl64.exe 11012 Console 1 16,484 K Running A\User 0:00:00 Realtek HD Audio CPL for Vista
tvnserver.exe 10720 Console 1 8,608 K Running A\User 0:00:00 NotifyIconWindowTitle
svchost.exe 10336 Services 0 7,312 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 10992 Services 0 12,324 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
volumouse.exe 8512 Console 1 11,692 K Running A\User 0:00:00 N/A
SandMan.exe 8444 Console 1 51,688 K Running A\User 0:00:03 Sandboxie_BorderWindow
TextInputHost.exe 9776 Console 1 178,164 K Running A\User 0:00:00 Windows Input Experience
DuoConfig.exe 11640 Console 1 111,072 K Running A\User 0:00:00 Duo Manager (v1.4.9+)
Duo.exe 12068 Services 0 13,372 K Unknown NT AUTHORITY\SYSTEM 0:00:21 N/A
svchost.exe 3916 Services 0 14,440 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
svchost.exe 4548 Services 0 8,812 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 7560 Services 0 7,864 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 8316 Services 0 9,796 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
Taskmgr.exe 11688 Console 1 115,448 K Running A\User 0:00:26 Task Manager
svchost.exe 6212 Services 0 10,000 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
Notepad.exe 4148 Console 1 70,664 K Running A\User 0:00:01 *Untitled - Notepad
svchost.exe 6856 Services 0 22,432 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 7400 Services 0 8,568 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
WindowsTerminal.exe 1232 Console 1 96,156 K Running A\User 0:00:01 Administrator: Command Prompt - tasklist /V
RuntimeBroker.exe 332 Console 1 11,160 K Unknown A\User 0:00:00 N/A
OpenConsole.exe 7820 Console 1 10,368 K Running A\User 0:00:00 N/A
cmd.exe 11556 Console 1 6,120 K Unknown A\User 0:00:00 N/A
svchost.exe 11576 Services 0 11,908 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 2148 Services 0 11,668 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
svchost.exe 13040 Console 1 13,856 K Unknown A\User 0:00:00 N/A
WindowsTerminal.exe 3896 Console 1 85,524 K Running A\User 0:00:00 Administrator: Command Prompt
OpenConsole.exe 11416 Console 1 10,548 K Running A\User 0:00:00 N/A
cmd.exe 12792 Console 1 6,152 K Unknown A\User 0:00:00 N/A
ShellExperienceHost.exe 2924 Console 1 6,508 K Running A\User 0:00:00 Windows Shell Experience Host
RuntimeBroker.exe 8252 Console 1 7,936 K Unknown A\User 0:00:00 N/A
msedgewebview2.exe 8608 Console 1 37,724 K Running A\User 0:00:00 N/A
msedgewebview2.exe 12768 Console 1 8,448 K Running A\User 0:00:00 N/A
svchost.exe 3008 Console 1 12,180 K Unknown A\User 0:00:00 N/A
msedgewebview2.exe 8984 Console 1 8,752 K Running A\User 0:00:00 N/A
msedgewebview2.exe 5544 Console 1 29,148 K Unknown A\User 0:00:00 N/A
msedgewebview2.exe 8620 Console 1 20,088 K Unknown A\User 0:00:00 N/A
msedgewebview2.exe 8824 Console 1 7,340 K Unknown A\User 0:00:00 N/A
smartscreen.exe 8644 Console 1 10,752 K Unknown A\User 0:00:00 N/A
SbieSvc.exe 13892 Console 1 7,568 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
SandboxieRpcSs.exe 7712 Console 1 15,136 K Running Sandboxie\ug_xs 0:00:00 N/A
SandboxieDcomLaunch.exe 13704 Console 1 8,816 K Unknown Sandboxie\ug_xs 0:00:00 N/A
chrome.exe 14272 Console 1 160,392 K Running Sandboxie\ug_xs 0:00:02 [#] [ug_xs] Sandbox (via Duo) processes attempt to load but quit, in end
SbieSvc.exe 6100 Console 1 10,244 K Not Responding A\User 0:00:00 OleMainThreadWndName
chrome.exe 13976 Console 1 101,248 K Running Sandboxie\ug_xs 0:00:20 N/A
chrome.exe 8716 Console 1 31,328 K Unknown Sandboxie\ug_xs 0:00:00 N/A
chrome.exe 1656 Console 1 20,148 K Unknown Sandboxie\ug_xs 0:00:00 N/A
chrome.exe 13768 Console 1 145,672 K Unknown Sandboxie\ug_xs 0:00:20 N/A
GameBar.exe 5620 Console 1 55,896 K Running A\User 0:00:00 N/A
RuntimeBroker.exe 9856 Console 1 16,168 K Running A\User 0:00:00 N/A
svchost.exe 14020 Services 0 11,600 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
WmiPrvSE.exe 14284 Services 0 13,764 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A
chrome.exe 3412 Console 1 27,336 K Unknown Sandboxie\ug_xs 0:00:00 N/A
audiodg.exe 13800 Services 0 15,180 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A
msinfo32.exe 11708 Console 1 17,960 K Running A\User 0:00:00 System Information
svchost.exe 1652 Services 0 14,328 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 14744 Services 0 23,696 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
svchost.exe 15124 Services 0 12,596 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A
vmmemCmZygote 1368 Services 0 16 K Unknown NT VIRTUAL MACHINE\BFAD668E-8864-42A0-BB97-E517103 0:00:00 N/A
tasklist.exe 13616 Console 1 11,240 K Unknown A\User 0:00:00 N/AJust tried Memory integrity On; the only toggle present in Core isolation settings. Restarted (w/ boot opts per fresh install). And reflected in msinfo:
Virtualization-based security Services Running Hypervisor enforced Code Integrity
But made no difference to the problem. Curiously, Kernel DMA Protection is still Off (unrelated).
Black-Seraph
commented
3 days ago What Windows version is listed on your system when you open System > About, and what is the current OS build listed there?
xsmolasses
commented
2 days ago System > About
Edition Windows 11 Pro
Version 23H2
Installed on 7/08/2024
OS build 22631.3880
Experience Windows Feature Experience Pack 1000.22700.1020.0sha256: b84e497c019e95ba9aee9da3d86e679454cba1a426593711f0f4d426f48fc845 en-us_windows_11_consumer_editions_version_23h2_updated_july_2024_x64_dvd_13e3dd80.iso
BIOS Mode UEFI
from boot, the unmodified iso image was mounted in a virtual optical drive exposed by an iODD External HDD USB Device, ST400.
Shift F10 DISKPART SELECT DISK # CLEAN CONVERT GPT
And off to the races! Doesn't get more stock, generic, and cleaner than that.
I don't believe I resorted to any registery imports besides those mentioned, which could be why "Virtualization-based security Services Configured" is blank?
Duo will never ever overwrite your bcd settings, that would be way too invasive and risky IMO.
Inadventently and indirectly Duo v1.4.9 setup did alter my bcd settings tho. :-)
hypervisorlaunchtype Auto
Henceforth Windows was hypervised despite other bcd options to the contrary.
For what it's worth,
Edited for clarity: I uninstalled Oracle VirtualBox 7.0.20, and Sandboxie, and Duo v1.4.8, and restarted prior to first stage Duo v1.4.9 setup (Windows components install), and restarted once more. Windows Sandbox I have never been so performant, low refresh rate though, and that's where Duo + Sunshine should shine (?) but fails to launch and keep the Sandbox processes resident.
Each user including my main was added by these commands:
NET USER "Bedroom" "InitialPassword" /ADD /EXPIRES:NEVER /PASSWORDCHG:NO NET LOCALGROUP Administrators "Bedroom" /ADD WMIC USERACCOUNT WHERE "Name='Bedroom'" SET PasswordExpires=FALSE
And each user password easily updated by copy and paste:
NET USER "Bedroom" "UpdatedPassword" /EXPIRES:NEVER /PASSWORDCHG:NO
Starting one Run-in-Sandbox instance (previously or newly made profile) shall bring new process vmwp.exe and vmmemSandbox, new PIDs and new GUIDs, repeat ad infinitum. A lot of vmmemCmZygote (orphaned?) but collisions to be expected with a tight loop.
Otherwise, normal Duo operation Streams without a problem; is functioning as usual.
(By the way, despite reaching Duo's http interface via ungoogled Chrome, I've never been able to press button "Start" non-"Auto Start" instance.)
vmcompute.exe service is holding OK.
Everything in Event Viewer looks OK..? idk see roundtrip.txt
(Duo service event Stopped [and the profile name] only when I manually Stop Service.)
My only lead to go on is a tenuous correlation with Duo Manager's Sandbox RAM assignment.
Memory 12/128 GB (9%)
In use (Compressed) 11.4 GB (325 MB)
Available 116 GB
Commited 16/212 GB
Cached 108 GB
Duo RAM@32%:
roundtrip.txt
Duo RAM@33% - Microsoft-Windows-Hyper-V-Worker-Admin:
'930a68f6-39c3-4fe0-bdb0-2913d0c093ba' is unable to restore direct map allocation (virtual NUMA node 0, start page 1048576, page count 39): Not enough memory resources are available to complete this operation. (0x8007000E). (Virtual machine ID 930A68F6-39C3-4FE0-BDB0-2913D0C093BA)'930a68f6-39c3-4fe0-bdb0-2913d0c093ba' Virtual SMB Device (Instance ID FEA6E63B-45DA-4E32-8B3D-1873B2CE50E7): Failed to restore with Error 'Not enough memory resources are available to complete this operation. ' (0x8007000E). (Virtual machine ID 930A68F6-39C3-4FE0-BDB0-2913D0C093BA)Not enough memory in the system to start the virtual machine 930a68f6-39c3-4fe0-bdb0-2913d0c093ba with ram size 1024 megabytes. (Virtual machine ID 930A68F6-39C3-4FE0-BDB0-2913D0C093BA)'930a68f6-39c3-4fe0-bdb0-2913d0c093ba' failed to restore. (Virtual machine ID 930A68F6-39C3-4FE0-BDB0-2913D0C093BA)A standard Windows Sandbox, however, opens fluidly every time:
[acd1259a-47a6-4ae1-9e2e-9f49c1aa436e] Modify compute system, settings '{"ResourcePath":"VirtualMachine/ComputeTopology/Memory/SizeInMB","RequestType":"Add","Settings":{"SizeInMB":4096,"DisableTimeout":true}}', result 0x00000000even Windows Sandbox from .wsb config file
<Configuration><MemoryInMB>41944</MemoryInMB></Configuration>[57fe4c09-a927-4c20-8c69-2e9f7709bd50] Modify compute system, settings '{"ResourcePath":"VirtualMachine/ComputeTopology/Memory/SizeInMB","RequestType":"Add","Settings":{"SizeInMB":41944,"DisableTimeout":true}}', result 0x00000000My OS: is stock Windows 11 [Version 10.0.22631.3880] (has never hit Windows Update) on image en-us_windows_11_consumer_editions_version_23h2_updated_july_2024_x64_dvd_13e3dd80.iso and applied post install: https://github.com/TairikuOokami/Windows/blob/692d3b91a7ecefa8d4a44e7af5f015c5a28e9ab4/Microsoft%20Defender%20Disable.bat
Windows Sandbox sandboxing successfully despite strongly & somewhat related Windows Features turned off - the following are left unticked:
Containers Hyper-V Microsoft Defender Application Guard Virtual Machine Platform Windows Hypervisor Platform Windows Subsystem for Linux