In David's post here.... https://www.wilderssecurity.com/threads/sandboxie-plus-1-15-2.455497/ It says ''By enabling “LogMessageEvents” in the global settings, all Sandboxie events can now be logged directly to the system event log for better tracking and analysis'' Where exactly is this setting? I even tried editing the ini to put it there (which resulted in error 1405 syntax error) Sorry if it is obvious but I couldn't find it
@busy Win 10 logs show under System. Win 11 24h2 I cannot find them at all, are they kept somewhere else ?
@busy Today using Win 10 the Win Event Viewer under Windows Logs-System shows SBIE1101 Sandboxie driver (SbieDrv) version 5.70.4 initialized (should it show that for 1 .15.4 ?) Win 11 shows nothing at all. Why do you mention SBIE1308 and SBIE1321 ?
Sandboxie driver: 1.15.4 corresponds to the UI version of Sandboxie Plus. Drv, Svc, and DLL versions are different. Unreleated: You don't need this anymore: "OnBoxDelete=%SystemRoot%\System32\cmd.exe /c RMDIR /s /q "%SANDBOX%"" Win 11 shows nothing at all. Let me check again in the virtual machine then. Why do you mention SBIE1308 and SBIE1321 ? I haven't tried any messages other than those two maybe you're referring to a message that's different from these.
@busy Just for info I installed 1.15.4 on Win 11 24H2 through the user interface message and not from a download and 'over the top' install. That's when I tried the Windows log thing .
@stapp Powershell> Get-EventLog -LogName System -Source SbieSvc -Newest 100 Does the above command return any results?
@busy Get-EventLog : No matches found At line:1 char:1 + Get-EventLog -LogName System -Source SbieSvc -Newest 100 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: ) [Get-EventLog], ArgumentException + FullyQualifiedErrorId : GetEventLogNoEntriesFound,Microsoft.PowerShell.Commands.GetEventLogCommand
@stapp The setting only logs messages that start with "SBIE." To check, follow these steps: Create a new sandbox. Add the line "NotifyNoCopy=y" to the box configuration. Launch a sandboxed "Windows Explorer" in the box. This will trigger a series of SBIE2113 messages in the message log. Afterward, use the PowerShell command to check if its working. Code: Get-EventLog -LogName System -Source SbieSvc -Newest 10
@stapp Some SBIE messages are not enabled by default. Only the enabled messages are logged. The settings you enable from GlobalSettings will apply to all boxes.
