Hi, I am using Opera browser with Sandboxie. And I have Restriction > Start Run access set only to allow the Opera exe. I am getting a prompt from Sandboxie saying dllhost wants to run in the sandbox also. Is this normal ? Or have I been attacked ? Just created a new Windows account. Ran Sandboxie, with Opera and it asks for dllhost permissions to run in sandbox also. But in another existing account, it never asks for dllhost.
You are not being attacked . In an Start Run restricted sandbox where you only allow the browsers exe to run, its normal to get a message telling you dllhost is attempting to run when you open file explorer in the browser and navigate to a folder. Thats probably what you were doing. You can ignore the message and continue doing what you are doing, hide the message or add dllhost to the programs that are allowed to run. Bo
Hi, On a different machine, I created a new Windows account and I tried opening Opera directly first and then closing it. Then start Sandboxie Quicklaunch. And I don't get the 'dllhost is trying to run in the sandbox' message. Maybe Opera just needs to use dllhost during the first run. And I did not use Opera with file open/save dialog. That machine has been offline for a month, and hopefully was not pwned all this time. and this testing is done while it is offline. Is it possible that Opera just needs dllhost during the first run ?
Just re-imaged machine from an offline image. Can confirm that Opera does use dllhost on first start up. After running Opera directly, then starting Opera from Sandboxie, the dllhost message is gone.
There was no need to reimage the machine, I dont use Opera but is normal for dllhost to attempt to run when doing some functions with the browser. Like when you navigate folders with File explorer for uploading a picture or a file. dllhost runs and closes fast as you observed. You can see it in Sandboxie control. Bo
I get the dllhost stuff when I try to access the File - Open menu in FF... not sure if the same behaviour relates to Opera.
dllhost.exe or "com surrogate" is a windows method for programs to call external functions. when using process explorer you an see a long string after "...\dllhost.exe" {abcd...}" this string is the caled function outside. it is possible todeactivate but then you lower also security because that function is secured. dllhost.exe is a on the lingering program list in sandboxie. if "com surrogate" crashes the external function is malfunctioning, eg. concerning multimedia it could be a buggy codec.
