I'm using SRP with a whitelist, which includes the Sandbox folder and all the standard locations on the system (Program Files...). When I run programs with Sandboxie it usually works, but often times it fails with the "This program is blocked by Group Policy..." error. This happens even if the Sandboxed program has been installed into the Sandbox to a location that is whitelisted on the system, like Program Files (x86). Any reason for why that is happening and how to make it work, without disabling SRP?
The Sandbox subfolder. Specifically, for example: "E:\Sandbox\Username\SBname\drive\C\Program Files (x86)\Steam\Steam.exe". (As I said, E:\Sandbox is whitelisted in SRP.) edit: This doesn't just happen to Steam.exe, by the way. I can drop a random independent .exe in that folder and it fails with the same error.
I've never encountered similar situation when I was using SRP. I would try adding "E:\Sandbox\Username\SBname\drive\C\Program Files (x86)\Steam\" to whitelist. Also do you have libraries (DLLs) enforced? Also check if you have variables used in your rules and replace them with absolut paths.
I tried adding the full path to the whitelist, it didn't help. DLLs are not enforced. I have absolute paths in the rules. Oh and I just realized that any .exe file that I copy into the Sandbox folder doesn't run when I choose to run it sandboxed. It does run if I just run it normally. EDIT: and also I realized that I don't have to select "Run Sandboxed" for the program to run sandboxed when it's in the Sandbox subfolder. Even though I remember in the past it didn't always work and some programs ran unsandboxed. Maybe when they ran with UAC/Admin rights? Anyway, Steam itself does start sandboxed this way. But when I try to launch a game like CS:GO from within sandboxed Steam it fails with the SRP error. I can run csgo.exe directly, but then it doesn't work properly (no VAC). So I'm still looking for solutions.
Just a thought, but are you blocking by default the path: "C:\Users\your_username" ? If you are, maybe this is causing the disallow on "E:\Sandbox\Username" path rules.
I tried unblocking that path, but it's still the same. I don't think there's any relation between those two locations, other than them sharing the same folder name. Sadly not. BTW, I used to use AppLocker too, but now it doesn't work with admin accounts anymore and it's a bit more limited than SRP for my needs. Just to sum up my current situation: I can run sandboxed programs with SRP, but those sandboxed programs (Steam) can't launch other programs (CS:GO). If I disable SRP (set it to "Unrestricted") then sandboxed Steam can launch CS:GO.
Can you disable SRP, run CS:GO through Steam and then use Process Explorer to check what is a command line for CS:GO process?
The command line is "C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe" -steam. (I thought I might be able to run sandboxed csgo.exe directly that way by just adding -steam, but I still get the VAC error.)
I haven't used Sandboxie in a long time, and never combined with SRP, but isn't there a way to allow access to selected folders for sandboxed programs? Maybe you need to allow some additional access to some directories for the sandboxed programs that are being blocked by SRP? Just a theory, of course.
Also, do you have Drop rights option enabled in sandbox settings? If so, try disabling it. Of course that's just a guess from my side.
@wat0114: Do you mean in Sandboxie or in SRP settings? Anyway, I can't think of anything at this point that isn't already enabled/whitelisted. @Minimalist: Drop rights option is not enabled.
I'm out of ideas at the moment. It seems that there is something in the way that sandboxed application launches new process that triggers SRP blocking it.
It's somewhere in Sandboxie settings. Sorry, I can't remember where exactly or what it's called. It's really just a shot in the dark but you never know. @bo elam has expert level knowledge on Sandboxie, so hopefully he or someone can come up with something on the Sandboxie end that might work. Otherwise I'm also out of ideas.
I stumbled across this looking for something else. I was just a basic Sandboxie user and could never get my games managers, incl. Steam, to run properly. I assumed I wasn't going that extra mile configuring the sandboxes but it seems Steam recommends to shut off software like Sandboxie in order to avoid the VAC error. So, it seems one shouldn't even try to force it. https://support.steampowered.com/kb_article.php?ref=2117-ilzv-2837 Spoiler: vacsbie