Sandboxie Plus (Sbie fork)

Discussion in 'sandboxing & virtualization' started by DavidXanatos, Apr 9, 2020.

  1. wahok

    wahok Registered Member

    Joined:
    Jul 30, 2020
    Posts:
    5
    Location:
    earth

    when you say to "uninstall and try again" you mean to uninstall zonealarm or to uninstall sandboxie & then try to install again (tried & did not work) ?

    if you mean to uninstall zonealarm then the question is what should replace zonealrm, after all i need "firewall+antivirus" ?


    i would like to to say again that the problem did not exist before sandboxie was abandoned.

    thanks
     
  2. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    54
    Location:
    uk
    "So far" is unfortunately the case, as when I started my desktop pc today the "!" is back. Uninstall 5.4.35, and reinstalled 5.4.33 or was it 5.4.32 <fx:sigh> and our friend werfault.exe was back :sick::'(.

    And there is definitely something wrong with install/uninstall, as it continues to think, erroneously, on uninstall that the program is at c:\program files\sandboxie and so my sandboxie folder (c:\program files\utils\sandboxie) gets left behind; even when I use IOBitUninstaller which is very surprising.

    I think I will go back to 5.33.6 for a while as at least: it is stable; I am a bit fed up (sorry David); and it is good enough for my needs for now. Doubtless I will try again in the not too distant future.
     
  3. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    563
    Location:
    Viena
    When the "!" appears probably something deleted SbieDrv.sys in your system again
    you may want to try the plus version as as it has a maintanance menu option where you can check if all components are installed and if they can be started properly.
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    563
    Location:
    Viena
    wow that's a sledgehammer, and to be honest imho completely unnecessary.
    re installation of sbie shouldn't even be often in the most cases.

    just delete the sandboxes folder and if this does not help inspect the sandboxie.ini, or restore it to default i.e. delete and restart.

    No sbie operational relevant data are persisted any ware but the the ini and the folder with the sandboxes themselves.
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    563
    Location:
    Viena
    hmm... that is very surprising as on my OS firefox ran just fine, in fact its my default if that runs fine its ready for release test criterion.

    So I suppose there is something different with your system the results in the issue, I wonder what, what Version of windows are you using exactly?
    and you have any 3rd party security software that may hook something or otherwise interfere with sandboxie?
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,372
    Sorry for writing not clear - in mean zonealarm to uninstall.
    zonealarm hooks any program with a dll vs [injections, malware, whatever], the problem is that it won't work virtualized like sandboxie and throws an error. I don't know if Zonealarm allows exceptions, if possible - use it (set option).

    The PID is the identifier for programs in the task list. It shows you which program is concerned with that failiure. It can tell us the program name the community might help you out with an exception in sandboxie settings to get it work.

    #fixed some serious typos, omg#
     
    Last edited: Sep 14, 2020
  7. wahok

    wahok Registered Member

    Joined:
    Jul 30, 2020
    Posts:
    5
    Location:
    earth

    results:

    Closed sandboxie & then restarted it, new "sandboxie.ini" created & problem vanished but returned after a short while &
    the trick stopped working, the "sandboxie.ini" is not the problem or the solution.

    Error Message that i get while trying to launch web browser:

    chrome:
    SBIE2101 Object name not found: \Sessions\1\BaseNamedObjects\ISWWH_BEACON@1a6c@EFR-controller, error CreateEvent (C0000022) access=001F0003 initialized=1

    firefox:
    SBIE2101 Object name not found: \Sessions\1\BaseNamedObjects\ISWWH_BEACON@74c@EFR-controller, error CreateEvent (C0000022) access=001F0003 initialized=1



    i also tried:
    1) erased all firewall rules concerning sandboxie, did not help.
    2) closed zonealarm firewall+antivirus, did not help.
    3) reinstalled sandboxie, did not help.
    4) uninstalling & then reinstalling,did not help.
    5) uninstalling & deleting manually sandboxie folder,did not help.

    a few pages ago there was someone else that had the same error message, maybe his comments were more helpful in trying to
    understand the problem.


    it looks as if i have no choice but to go back to 5.33.3


    thanks
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    563
    Location:
    Viena
    Try adding to the apropiate section of the sandboxie ini

    OpenIpcPath=*ISWWH_BEACON*

    I suspect that some 3rd party software injects its own DLL into the process which than tries to connect to a core component and Sbie blocks that, with the above line the connection should be permited.
     
  9. wahok

    wahok Registered Member

    Joined:
    Jul 30, 2020
    Posts:
    5
    Location:
    earth
    was not sure which is the "appropriate section" so i tried to add the OpenIpcPath=*ISWWH_BEACON* at the end of each of the 3 sections,
    one at a time, did not work.

    after the problem starts closing the prog and restarting it does not create a new "ini" file in the "windows folder", i use a copy i made from the
    time immediately after the installation.

    may be the problem hides in the registry, i will try to install again (after bringing back from the acronis image) & export/keep a copy of the registry,
    after the problem will appear i will try to import the registry from the registry backup that i made, if that will solve the problem it will give you a hint about where the problem is, maybe.

    thanks
     
  10. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    44
    Location:
    Land of Oz
    Win 10 64b, latest 2004. :confused:
    Avast only, the one who is scanning nervously your test installs.
    But if I remember, the issue, that no program was starting anymore, was what the others reported as well, while testing the version. It was literal any program which went in strike. Inclusive the werfault and the Rpcss service not starting 2 times, every minute or so, till you terminated the program. Same for FF, Void engine, Dishonored and unity, in fact all I threw at the initial version had the same result. No go.
     
    Last edited: Sep 14, 2020
  11. jclarkw

    jclarkw Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    66
    Location:
    USA
    With reference to the previous pair of messages starting at https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/page-18#post-2945280, here we go again:

    This time I can't restart the service. (I am still, or was, running David's Sandboxie 5.42.1 under Windows 10 vs. 1909) When I try, I get the following message:
    New Service Problem.jpg
    Otherwise the situation is similar except that I did suffer a "Getting Windows Ready. Don't turn off your computer" blue screen for an hour or so immediately after I tried to permit the service (again!) in Windows Defender and then allowed a restart. (I have no idea what Windows was doing while I waited. The only new entry in Windows Update History is that it failed to install the latest Cumulative Update for .NET Framework.

    What next? -- jclarkw

    P.S. to Dave -- Permitting the entire directory, C:\Program Files\Sandboxie, in Windows Defender did not help.
     
    Last edited: Sep 15, 2020
  12. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    348
    Location:
    .
    Maybe David can ask for more donations to then hire Barb back, then David could go back to actually developing. /shocking

    Imagine if Curt had to constantly deal with this, rofl.
     
  13. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    304
    Location:
    VPN city
    people have been talking on this thread about the antivirus they use auto-blocking/auto-quarantining different files of sandboxie plus.

    I just thought I'd give my input. The security setup I have, listed in my signature doesn't quarantine anything, it blocks known-malware and unknown files, but it doesn't quarantine anything.

    Comodo has a sandbox of its own, so to get it to never conflict with sandboxie or any other open source project forked from sandboxie. There's a few things you need to change in comodo firewall.

    first! switch to proactive security. then go into the user interface settings and set a password on the settings

    firewall settings: Enable "do not show popup alerts" and select "block requests"

    firewall: network zones: enable d"o not show popup alerts and treat location as" select "public"

    Hips settings: enable it in safe mode, enable "do not show popup alerts" select "block requests"

    Containment: Containment settings: disable the two options to not virtualize access to files and registry keys, disable automatic startup for services installed in the container. Enable do not show privilege elevation alerts, select block. You may also want to set up a password on the virtual desktop just for good measure.

    Containment: Auto containment: change the option to run virtualized to block.

    Containment: Auto containment: the listing in that menu that get applied to known-malware, go into that listing, disable the option to auto-quarantine known-malware.

    file rating: file rating settings: disable cloud lookup. Comodo often has PUPs and adware whitelisted by mistake, disabling cloud lookup will make comodo catch a whole lot more.

    Advanced protection: VirusScope: enable "do not show popup alerts" and disable "monitor only applications in the container"

    Advanced protection: Scan exclusions: add sandboxie plus's driver file to the list of excluded paths, just in case.

    Advanced protection: Miscellaneous: in the menu that says "don't detect shellcode injections in these applications" add all of sandboxie plus' EXE's to that list.

    Advanced protection: Miscellaneous: enable "apply the selected actions to unrecognized autorun entries..." select "terminate"

    I would also encourage you to add all of sandboxie plus' files to the file list in the file rating menu and give them all a "trusted" rating.

    You may need to disable auto-containment and HIPS during feature updates to windows.

    Hitmanpro detects the driver file as malware, just because of the signature

    voodooshield with its whitelist cloud will flag every file of sandboxie plus as "not safe" but as long as you're allowing all files in the program files folders there shouldn't be any performance issues and be sure to disable voodooshield's auto-quarantining of detected files
     
    Last edited: Sep 16, 2020
  14. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    54
    Location:
    uk
    And today 5.43.5 installed over 5.33.6 with no problem, and continues to work after a (one) reboot. Go figure!

    I'm certain SbieDrv.sys was present on the previous install and excluded from AVG. Probably down to AVG somehow but I don't see why.

    It doesn't explain the install path issue though. When I check now in "Program and Features " the Location field is blank, while IOBitUninstaller thinks the uninstall path is c:\windows\installer - not the same thing I realise. Regedit (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie) shows C:\Program Files\Utils\Sandboxie\Start.exe. Hope this is of some help.
     
  15. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    54
    Location:
    uk
    5.43.5 still going strong after multiple reboots. AVG "Smart Scan" identifies SbieDrv.sys as a rootkit even though it's added as an exception and now won't let me skip it, so I have to abort the scan.

    Reinforces the likelihood that AVG is the problem; well to be fair the unsigned driver is.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,711
    Location:
    Mexico
    Spoke too soon. Your releases not working with Pop Peeper Pro yet.
     
  17. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    54
    Location:
    uk
    And despite SbieDrv.sys being set as an exception in AVG, it now seems pretty clear to me that the exception is being ignored on some, probably, background scans. When I look at the various scans setup, the exception is shown but AVg just has to be ignoring it!
     
  18. jclarkw

    jclarkw Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    66
    Location:
    USA
    "Sandboxie-Plus" vs. "SandboxieInstall" -- Could somebody please explain concisely the difference between David's two versions of a given release (i.e., between https://github.com/sandboxie-plus/Sandboxie/releases/download/v0.4.1/Sandboxie-Plus-x64-v0.4.1.exe and the much smaller https://github.com/sandboxie-plus/Sandboxie/releases/download/v0.4.1/SandboxieInstall64-v5.43.5.exe download)?

    Something about defaulting to SbieCtrl vs. SandMan as the UI? New features (e.g., the snapshot feature) only in the Plus version? 'Core components' same in the two versions? Is there more to it than this? -- jclarkw
     
    Last edited by a moderator: Sep 17, 2020
  19. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    304
    Location:
    VPN city
    AVG and Avast have other components that will block sandboxie plus' activity.
     
  20. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    348
    Location:
    .
    No need to keep talking about your AV guys, this thread is about and for Sandboxie, if you have problems like "SbieDrv.sys" getting blocked or eaten, then I suggest you go to your respective AV forums and ask for help there. All you do is cutter actual Sandboxie related news and development talk, and making things harder for me and probably David to follow through all this white noise.
     
  21. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    563
    Location:
    Viena
    Yes pleas complain with your AV vendors that you are grown up people and not need them to take away your choice, at least if they want to keep you as paying customers, they must let you decide what to allow on your own devices.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,372
    If some projects only would become 1 °/oo of such sums you never had to worry about your EV-cert again for lifetime. some helping hands resolve a lot of issues for paid supports.
     
  23. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    44
    Location:
    Land of Oz
    I agree, it is entirely up to the AV, if it ignores the exception you made. AVAST usualy accepts your decision, even if it needs two times to tell it off. So even, if it is the same company as AVG, the engines and tool in generell are very different.Avast nervously scans but finds no harm, which I think should be it. I hope :rolleyes: And then again, who said snakeoil to AVs, sometimes I am not sure too.

    BTW @DavidXanatos did you need any other info, than Win version. Suppose HW is not that critical for the tool. I had the exact same results with the oooold HW, Win 7 all good, Win 10 the issues started. Even the most powerhungry games, never ever had issues or lags or so running in the sandbox. Another big advantage to VM. There is no emulation just a kind of cage around the program. For me there is some issue with SBIE and Win 10, which seem to end up in a kind of deadlock. Some security mechanism in Win 10 maybe, which needs some adaption. And the most tricky part for such a system close software will be to keep up with the software which might break with every iteration something. Err fix in terms of MS.
    I just thought about, to try a most simple program like notepad with the bugged 5.43. So I uninstalled the good new version, reinstalled 5.43 and bang. Simply using start any program, resulted in no dialog to enter the program, but Werfault came up, same with the other programs. So even the dialog to enter a program doesn't work. And a bit later the no way to start the RPcSs.
    Hope this brings some more light to the issue we faced.
    2020-09-18 21_24_27-Sandboxie Control - xanasoft.com.png
     
  24. jclarkw

    jclarkw Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    66
    Location:
    USA
    "Updating Office..." Problem with Outlook 2019 (Again):

    I just uninstalled SandboxieInstall64-v5.42.1.exe (which had quit working because of antivirus issues) and installed Sandboxie-Plus-x64-v0.4.1.exe (which is apparently running fine) under Windows 10 Pro vs. 1909. I updated my sandboxed shortcuts accordingly (basically changing "sandboxie" to "sandboxie-plus" where it occurred in the various paths). I now have my sandboxed default Web browser and sandboxed Google Chrome running in their respective sandboxes.

    BUT I'm having problems with Outlook 2019, which is once again giving me the following message (that ultimately fails) whenever I try to use my updated shortcut:
    Sandboxie 5_42_1 Error 1 08_07_20.png
    Last time I had this error, in SandboxieInstall64-v5.42.1.exe (see post at https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/page-15#post-2937425), I never understood how it got fixed, it just went away after some uninstalling an re-installing of earlier Sandboxie versions.

    For what it's worth, my shortcut for Sandboxed Outlook looks like this:

    Target: "C:\Program Files\Sandboxie-Plus\Start.exe" /box:Outlook "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk"
    Start in: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
    Look for icons in this file: %ProgramFiles%\Sandboxie-Plus\Start.exe

    I've tried several alternative forms, but all give the same issue. Any thoughts before I start randomly uninstalling and re-installing again? -- jclarkw
     
  25. jclarkw

    jclarkw Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    66
    Location:
    USA
    Well, I uninstalled anyhow, deleted everything obviously related to Sandboxie, restarted, and then installed SandboxieInstall64-v5.43.5.exe this time. Now my shortcuts don't automatically start Sandboxie Control, although the appropriate box is checked in "Windows Shell Integration." Thus (for example) the default browser starts up alright but not inside the Default Box. (I haven't gotten back to Outlook yet.) If I manually start Sandboxie Control first, however, the browser does start sandboxed from the shortcut. Does this make any sense?

    Update FYI: I checked the "When Windows starts" box at the top of "Windows shell integration," but that didn't do the trick either until I also went to Windows "Startup Apps" and set Sandboxie Control to "On." I never had to do that before, but now all is working fine.

    Also in SandboxieInstall64-v5.43.5.exe I'm no longer having the "Updating Office" problem with my Outlook shortcut. Based on past history, however, this doesn't necessarily mean that the non-plus version lacks a "bug" that the plus version has but perhaps only that this problem depends on the exact procedure for uninstall and reinstall.

    Anyhow I'll stay with the non-plus version for now, at least until I know more about what I'm missing in the plus version... -- jclarkw
     
    Last edited: Sep 19, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.