SEB detects virtual machine

[J0p1e]

Describe the Bug When attempting to log in to SEB via the Moodle platform, the error message appears: "This computer seems to be a virtual machine. The selected configuration does not allow SEB to run in a virtual machine." However, when starting the moodle test in safe exam browser and that same notebook and trying to log in with a different account, it works. On another notebook, it also works for the student who otherwise encounters the issue. It has already been attempted to reset and reinstall SEB, but without success.

Steps to Reproduce Steps to reproduce the behavior:

1. Start SEB
2. Try to log in to your acc from moodle
3. See error

Expected Behavior A possible way to bypass this error.

Screenshots

Version Information

• OS: Widows 11
• SEB-Version 3.7.1

Additional Logs.zip

[dbuechel]

The detection mechanism indeed appears to be recognizing a virtual machine:

2024-08-12 14:00:09.399 [21] - INFO: Validating virtual machine policy...
2024-08-12 14:00:09.423 [21] - WARNING: [Registry] Failed to get sub keys for 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskFlow\DeviceCache'.
2024-08-12 14:00:09.424 [21] - DEBUG: [VirtualMachineDetector] Computer 'COMPUTER' appears to be a virtual machine.
2024-08-12 14:00:09.426 [21] - ERROR: Detected virtual machine while SEB is not allowed to be run in a virtual machine! Aborting...

Can you provide a video showing the entire physical device while reproducing the issue?

[leumas700]

Just a quick response: I was present during the testing, and I am responsible for Moodle at our school. The notebook in question is not a virtual machine, nor does it have one installed. It is a standard notebook.

The strange thing is that when the student tries to start the SEB on this notebook and then logs into Moodle to access the quiz, the error message appears. However, if I start the SEB and log into Moodle using my account on the same machine, it suddenly works.

If you still need proof that the notebook is not a virtual machine, I can provide that in the coming days.

Kind regards, Samuel

[dbuechel]

Great, thanks for the update. The following part I do not quite understand:

The strange thing is that when the student tries to start the SEB on this notebook and then logs into Moodle to access the quiz, the error message appears. However, if I start the SEB and log into Moodle using my account on the same machine, it suddenly works.

That would then indicate that the user profile / account has some influence on the VM detection. @Notselwyn Could this be the case? I see just now that there indeed is a warning with respect to a registry access in the user hive...

[Notselwyn]

@leumas700 @J0p1e Could you please run the attached (zipped) Python script when the virtual machine error gets displayed? This aggregates some data used for virtual machine detection (such as CPU metadata) and exports it to a new file called signatures.db3. It would be great if you could send us the signatures.db3 file, so we can assess what is causing the false positive.

vm_tooling.zip

[leumas700]

Thanks for the update. We will get in touch with the student and try this. We will update you with the requested files.

[leumas700]

As promised the information requiered: (Once before and once after trying to access the seb quiz) vm_tooling_ergebnise.zip

[Notselwyn]

Thank you. Unfortunately I cannot find anything based on those databases which would trigger the detection. What is the output of the following cmd.exe commands? If my theory is correct, the cause should be visible here

Get all MAC addresses on the system:

wmic nicconfig get DNSHostName,MACAddress,Description

Registry export of hardware related keys (please attach devcache.reg to your message):

reg export HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskFlow\DeviceCache devcache.reg