Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.
Thanks for the tip. But I think I will block rundll32.exe from running with the help of EXE Radar. You can even block only specific command lines, this way you don't have to block all instances of rundll32.exe.
After all this commotion and website being down, I wonder if its time to develop an open source alternative to sandboxie.
With an open-source approach one could get more dev's on board to be able to keep up with windows 10 changes.
If sandboxie really is such a niche that its not worth selling it anymore, why not make the original Open Source under a strong copyleft Licence like GPLv3
after firefox 68.0 with sandboxie the task manager shows 5 firefox 32.exe processes !!
I've been having problems with Sandboxie the past couple months or so, on numerous occasions when I try to open it a box pops up saying something about the driver is unavailable, so I uninstall and reinstall, works for a week or so then same thing happens, usually I install the latest beta but no luck. I can't remember what the box says exactly, usually 2 pop up and one says something about the driver. Anyways something is broken, and I haven't made any major changes on my computer, W10 probably. So I've uninstalled as I won'at use any program that doesn't work flawlessly on my computer. Installed Shadow Defender as an alternate as I have a lifetime license.
I am keeping an eye on your ESET thread, in hopes that there is resolution. On my W7x64 machines, excluding the entire SBIE folder in ESET is not preventing the delete failure completely, but strangely, perhaps coincidentally, it does lessen the frequency of the issue. I suppose I could try disabling ESET HIPS. As I recall, you did that and it enabled you to delete the sandbox. For me, at this point, deletion is possible after reboot. I plan to try seeing if Privacy Eraser does it. I previously have not had SBIE application selected in PE. I had another thought to share, but my head is starting to hurt from all this. Maybe later.
Been plagued here with the same issue (on Win 10 only). Seems to be resolved now. See "Program Stop > Leader Programs": https://www.sandboxie.com/ProgramStopSettings#leader
I tried the Leader Programs before and it does not solve the issue for me Win 7/64
Leader program setting has not done the trick for me, either. I put that in place when this failure to delete business first started up for me.
I am thinking about removing the ESET software compatibility setting in SBIE that I have had in place for ages.
In the back of my mind I seem to recall someone (perhaps Bo) suggesting that removing a program from compatibility sometimes has beneficial effects. Yeah, gonna try that. Couldn't hurt.
PE does in fact delete most of the undeleted files and folders, but not all, so I do not consider it to be a very viable option or recourse.
Removing ESET compatibility setting in SBIE had no positive effect on the issue at hand. Still got the "Could not move the sandbox folder out of the way" error message.
FWIW, I am now trying a suggestion from Barb@Sophos...
and where is the problem now? you are using firefox x86 on a x64 system - and the # is called multiprocess and you better stick with it otherwise you lower security because disabling means disabling sandbox. multiprocess (e10s) is present since firefox 48.
and you tried Lingering Programs? Just curious.
I am a complete ignorant user regarding what is going on with Sandboxie. I thought previously in reading post about it, it was a great program. Now I am wondering - are there now significant problems with it? If so, no time for me to consider it - I don't need added problems I can avoid.
No. I say they are minor problems, nuisances, but disturbing in that support doesn't seem dedicated to the software, and because one never knows for sure that all of the monkeying around one does to circumvent the problems isn't weakening Sandboxie's strength. This isn't a fun time to be a Sandboxie user. The power of the software is such that I can't imagine going online without it, but it does seem to require more and more attention than ever before. JMHO.
Did this work?
So far so good, but there hasn't been a lot of usage to test it. I am closing Chrome much more frequently, in order to give SBIE plenty of opportunities to not delete properly, and with perhaps a dozen or so chances, I haven't had the problem.
I just now implemented the same blocking setting on my other 7x64 machine, so I can monitor that as well. And blocking ekrn.exe hasn't triggered any other error messages either. I am cautiously optimistic.
Oh yeah, I have also left the Sandboxie folder excluded in ESET, in case that makes a difference. It didn't, when doing that alone.
Edit: Regrettably, I must report that I did receive the dreaded "Could not move the sandbox folder out of the way" error message once after having blocked ekrn.exe. I've probably closed a couple dozen browser sessions without any issue, but just now the Sandboxie deletion failure did happen, and I had to reboot to delete. I made note of the numbers, in case we begin to look at the size of the space (or number of files or folders) as a potential trigger. 98 files and 44 folders occupying 45 MB of space.
Back to waiting for ESET's release of new Cleaner module 1197 on pre-release update servers next week.
I am encouraged by what Marcos posted on the ESET forum a couple of days ago...
and then today...
chrome is set up both as a leader and lingering program and has been for a while. Since my prime browser is FF and it happens to FF too, I don't see that this setting helps. FWIW, I am now waiting for the promised eset release of a new module update and hope this will address the issue.
i dont see any forthcoming here. at least i think (for sure) its not the browser instead a 3rd-party program eg antivirus or some silly plugin (dll/ocx like flash or silverlight). i can run firefox complete in the box, no lingering nothing, my full profile and also a fresh profile. windows 10 + defender. as long you dont give it a try there wont be a solution for you (all).
maybe process explorer can elaborate for you which "Thread" is locking your browser-exe.
Quick update on the sandbox deletion issue...
Other than the one occurrence to the contrary, I have had very good success with Barb@Sophos' ekrn.exe blocking suggestion. I encourage others to try it while they wait for ESET to release a possible fix.
Current update on the sandbox deletion issue...
Since implementing Barb@Sophos' ekrn.exe blocking suggestion over four days ago, I have now received the "Could not move the sandbox folder out of the way" error message at least a half dozen times, which probably represents 5% to 10% of time that I closed the browser. A couple of those times were when I closed my email client, Outlook 2010.
So obviously, I am no longer saying that I think this blocking suggestion is doing any good. For some reason it appeared to be working quite well early on. Now not so much. Wish I didn't have to report the bad news.
Looking forward to ESET releasing a fix.
Just downloaded ESET's new Cleaner module 1197 pre-release update. I'll post back if it's doing the trick. I think I'll remove the ekrn.exe blocking in order to give ESET a chance to do its thing without interference of any kind.
If you use ESET, you really don't need sandboxie...
ESET HIPS if set properly would block almost everything and Sbie won't have anything to do
properly... properly... properly... properly...
Separate names with a comma.