5.15 Beta Available (latest version 5.16 RC)

Listing issues addressed in Beta version 5.15
Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1638
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Curt@invincea » Thu Nov 03, 2016 5:01 pm

123456 wrote:
Curt@invincea wrote:Beta 5.15.3 has been released.
Why Can't You fix this issue?
http://forums.sandboxie.com/phpBB3/view ... 11&t=23402

I can terminate with PCHunter
http://www.softpedia.com/get/Security/S ... nter.shtml
As I said in that thread, it is not possible to terminate some processes. If we spend resources to fix this particular case, all they have to do is move to the technique (open kernel handle) that can't be fixed. And we're right back where we started.

It isn't worth the time & effort.

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Syrinx » Thu Nov 03, 2016 9:46 pm

So after upgrading to 5.15.3 from 5.15.2 I started getting errors and was unable to run anything sandboxed.
SBIE2204 Cannot start sandboxed service RpcSs (C0000364)
SBIE2204 Cannot start sandboxed service DcomLaunch (-4)
Reverting to 5.15.2 solved it but I did a little digging and as it turns out something in this version seems to have changed and now AppLocker is detecting and blocking stuff from Program Files and System32/SysWow64 even though there is already an 'Everyone' rule which worked for these before.

I added four more rules (two for exes, two for dlls) for ANONYMOUS LOGON and it's back to normal again:

Code: Select all

    </FilePathRule>
    <FilePathRule Id="c66ebb93-a8cb-47db-bdc1-f6ad12779b4c" Name="Windows" Description="" UserOrGroupSid="S-1-5-7" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="84149cbb-c1c3-4ef7-bde5-23b093d15009" Name="Program Files" Description="" UserOrGroupSid="S-1-5-7" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
  </RuleCollection>
        <FilePathRule Id="aaa55716-c39a-4538-aa87-ae8fd330e23a" Name="Program Files" Description="" UserOrGroupSid="S-1-5-7" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="ad24b95e-7d7f-418d-87a1-f369489067c5" Name="Windows" Description="" UserOrGroupSid="S-1-5-7" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
  </RuleCollection>
I'm curious as to what might've changed that these were suddenly required but at least it's more consistent now!
Goo.gl/p8qFCf

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1638
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Curt@invincea » Fri Nov 04, 2016 1:19 pm

I had to make a small change to our sandboxed token to allow Win 10-AU Immersive dialogs to work inside the sandbox.

So are you saying you had rules to allow Everyone, and now you have to specifically allow Anonymous? Perhaps you should tell me exactly what you were doing before and what you had to change.

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Syrinx » Fri Nov 04, 2016 3:26 pm

Yes, previously the 'Everyone' (S-1-1-0) rules worked for dlls and exes in Program Files or Windows\System32 & SysWOW64
eg

Code: Select all

    <FilePathRule Id="297fce9c-3f54-4403-ad73-47576f2f64d3" Name="(Default Rule) Windows DLLs" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
was fine. As I found however (previously) they didn't work with specific users though that's a bit offtopic.

But suddenly with 5.15.3 they were being blocked and resulting in even Sandboxies own exes running inside being unable to load the dlls and in turn the errors reported above being shown in SbieCtrl.

Here's a couple sample Event Log errors:

Code: Select all

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-AppLocker" Guid="{CBDA4DBF-8D5D-4F69-9578-BE14AA540D22}" /> 
  <EventID>8004</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2016-11-04T19:11:32.170424000Z" /> 
  <EventRecordID>88832</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="1328" ThreadID="2144" /> 
  <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel> 
  <Computer>SNIPPED</Computer> 
  <Security UserID="SNIPPED" /> 
  </System>
- <UserData>
- <RuleAndFileData xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0">
  <PolicyName>DLL</PolicyName> 
  <RuleId>{00000000-0000-0000-0000-000000000000}</RuleId> 
  <RuleName>-</RuleName> 
  <RuleSddl>-</RuleSddl> 
  <TargetUser>S-1-5-7</TargetUser> 
  <TargetProcessId>1328</TargetProcessId> 
  <FilePath>%SYSTEM32%\MSVCR100.DLL</FilePath> 
  <FileHash /> 
  <Fqbn>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® VISUAL STUDIO® 2010\MSVCR100_CLR0400.DLL\10.0.40219.325</Fqbn> 
  </RuleAndFileData>
  </UserData>
  </Event>

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-AppLocker" Guid="{CBDA4DBF-8D5D-4F69-9578-BE14AA540D22}" /> 
  <EventID>8004</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2016-11-04T19:11:04.261975300Z" /> 
  <EventRecordID>88757</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="1164" ThreadID="2364" /> 
  <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel> 
  <Computer>SNIPPED</Computer> 
  <Security UserID="SNIPPED" /> 
  </System>
- <UserData>
- <RuleAndFileData xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0">
  <PolicyName>DLL</PolicyName> 
  <RuleId>{00000000-0000-0000-0000-000000000000}</RuleId> 
  <RuleName>-</RuleName> 
  <RuleSddl>-</RuleSddl> 
  <TargetUser>S-1-5-7</TargetUser> 
  <TargetProcessId>1164</TargetProcessId> 
  <FilePath>%SYSTEM32%\IMM32.DLL</FilePath> 
  <FileHash /> 
  <Fqbn>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\IMM32\6.1.7600.16385</Fqbn> 
  </RuleAndFileData>
  </UserData>
  </Event>
Adding just DLL rules for ANONYMOUS LOGON then caused events like this to be logged and a different set of errors:

Code: Select all

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-AppLocker" Guid="{CBDA4DBF-8D5D-4F69-9578-BE14AA540D22}" /> 
  <EventID>8004</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000000</Keywords> 
  <TimeCreated SystemTime="2016-11-04T19:15:56.072295000Z" /> 
  <EventRecordID>89027</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="2276" ThreadID="2440" /> 
  <Channel>Microsoft-Windows-AppLocker/EXE and DLL</Channel> 
  <Computer>SNIPPED</Computer> 
  <Security UserID="SNIPPED" /> 
  </System>
- <UserData>
- <RuleAndFileData xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0">
  <PolicyName>EXE</PolicyName> 
  <RuleId>{00000000-0000-0000-0000-000000000000}</RuleId> 
  <RuleName>-</RuleName> 
  <RuleSddl>-</RuleSddl> 
  <TargetUser>S-1-5-7</TargetUser> 
  <TargetProcessId>3456</TargetProcessId> 
  <FilePath>%PROGRAMFILES%\SANDBOXIE\SANDBOXIEDCOMLAUNCH.EXE</FilePath> 
  <FileHash /> 
  <Fqbn>O=INVINCEA, INC., L=FAIRFAX, S=VIRGINIA, C=US\SANDBOXIE\SANDBOXIEDCOMLAUNCH.EXE\5.15.3.00</Fqbn> 
  </RuleAndFileData>
  </UserData>
  </Event>
SBIE2204 Cannot start sandboxed service DcomLaunch (1260)
So after adding 2 rules for ANONYMOUS LOGON to both the EXE and DLL rules in addition to the existing EVERYONE (S-1-1-0) rules for Program Files & the Windows folders, AppLocker was once again allowing them to launch.
This is more like what I experienced before with specific user rules and other areas but for some reason the EVERYONE rule worked for those areas before but now it doesn't.
Either way it's not a complaint and I'm unsure if there is even anything to correct. As I said in the last post, now at least things are much more constant in the way AppLocker handles the paths/rules and detection of ANONYMOUS LOGON. It was just weird that in one version it worked without the extra rules and one suddenly needed them.
Goo.gl/p8qFCf

424tsiai
Posts: 31
Joined: Sat Aug 30, 2008 4:56 pm

5.15.3

Post by 424tsiai » Sat Nov 05, 2016 12:36 pm

Still the same issues as described:

http://forums.sandboxie.com/phpBB3/view ... 13#p124013

Bertus
Posts: 38
Joined: Sun Dec 28, 2008 8:56 am

Re: 5.15 Beta Available (latest version 5.15.1)

Post by Bertus » Sun Nov 06, 2016 7:00 am

Bertus wrote:Problem with printing in firefox, Iron and cyberfox. When I try to print from the browser, the browser crashes before the print preview.
It seems splwow64.exe is unable to run in the sandbox.
Printing is working again without problems in sandboxie 5.15.3.

Thanks

ITSecMedia
Posts: 19
Joined: Thu Jun 19, 2014 6:17 pm

Re: 5.15 Beta Available (latest version 5.15.3)

Post by ITSecMedia » Sun Nov 06, 2016 2:31 pm

Installation / Crash / Fail

All attempts to install PrePros6 beta installer in sandboxie fails:

To test simply request free beta thru this form : https://prepros.io/prepros-6

Then try to run the installer in sandboxie ... fails for msi and exe installer.

Brummelchen
Posts: 388
Joined: Sun Oct 12, 2008 9:13 pm

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Brummelchen » Mon Nov 07, 2016 11:59 am

is there a known problem between games from "deutschland spielt" and sandboxie on windows 10 redstone 1607?

eg "Northern Tales" (a smaller download)
http://www.deutschland-spielt.de/spiele ... hern-tale/
(happens also on other DS games)

i cannot reproduce the error with windows pro th2 (1511) or LTSB.

the games startup, but no windows, no message, nothing - and quit. no log files from game.

the games run fine outside sandboxie.

thx
-------------------------------------
you can not buy or install security!

a3739349drdrbcom
Posts: 13
Joined: Thu Oct 03, 2013 4:07 am

Post by a3739349drdrbcom » Tue Nov 08, 2016 8:00 am

Opera 42.0.2393.14Beta & Opera 43.0.2403.0Dev sandboxed are opened with a "loading" blank page and unable to visit any website even its settings.

Dun
Posts: 350
Joined: Mon Jun 23, 2014 5:00 am
Location: Poland

Re: 5.15 Beta Available (latest version 5.15.3)

Post by Dun » Tue Nov 08, 2016 3:35 pm

The "System process" cpu usage seems to be high in some cases like when you run 2 firefox instances in separate sandboxes. May be win10 issue. Has anyone noticed this?
Sandboxie 5.19.4 personal lifetime license user || Win10 x64 Pro CU (up to date) || ESET SS 10+ x64 || AppGuard 4+ || Firefox 54+ x64 || UAC on

Anocs
Posts: 2
Joined: Thu Nov 10, 2016 5:51 am

BSOD in 5.15.3

Post by Anocs » Thu Nov 10, 2016 6:45 am

After installing 5.15.3 the BSOD welcomes me.

HW: Dell Vostro 3350
OS: Windows 10 Pro 64bit PL (version 1607, compilation 14393.351)
AV: Norton Security 2017 (version 22.8.0.50)

Code: Select all

==================================================
Dump File         : 111016-7171-01.dmp
Crash Time        : 10.11.2016 11:29:29
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff803`66ed221f
Parameter 3       : ffffc780`9006b1c0
Parameter 4       : 00000000`00000000
Caused By Driver  : SbieDrv.sys
Caused By Address : SbieDrv.sys+221f
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a510
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\111016-7171-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 416 620
Dump File Time    : 10.11.2016 11:30:38
==================================================
Attachments
111016-7171-01.zip
Minidump
(91.67 KiB) Downloaded 48 times

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1638
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: BSOD in 5.15.3

Post by Curt@invincea » Thu Nov 10, 2016 12:00 pm

Anocs wrote:After installing 5.15.3 the BSOD welcomes me.

HW: Dell Vostro 3350
OS: Windows 10 Pro 64bit PL (version 1607, compilation 14393.351)
AV: Norton Security 2017 (version 22.8.0.50)
There is a bug that is fixed in 5.15.4. If your Sbie license has expired, and you are using Office ClickToRun, you will get a BSOD when starting Windows.

nanana1
Posts: 161
Joined: Thu Oct 20, 2011 1:57 pm

Re: BSOD in 5.15.3

Post by nanana1 » Thu Nov 10, 2016 7:52 pm

Curt@invincea wrote:There is a bug that is fixed in 5.15.4. If your Sbie license has expired, and you are using Office ClickToRun, you will get a BSOD when starting Windows.
5.15 Beta Available (latest version 5.15.4)
Post by nanana1 » Thu Nov 11, 2016 7:49 pm

Combined 32/64 installer:
http://www.sandboxie.com/SandboxieInstall-515-4.exe

Separate:
http://www.sandboxie.com/SandboxieInstall32-515-4.exe
http://www.sandboxie.com/SandboxieInstall64-515-4.exe

Changes in 5.15.4:
Fixed BSOD when running Office ClickToRun if SBIE license expired
nanana1, a paid lifetime license Sandboxie user

henryg
Posts: 520
Joined: Wed Nov 22, 2006 9:38 am

Stick Password issue

Post by henryg » Fri Nov 11, 2016 8:04 am

Not sure it is new to 5.14 but I am getting frequent crashes:

SBIE2101 Object name not found: , error OpenProcess (C0000022) access=00123FFA initialized=1
SBIE2314 Canceling process stpass.exe [2632 / 7]

I gave using the SP template some time ago because it is (was?) old and SP worked better without it. IME!
Henry

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1638
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: 5.15 Beta Available (latest version 5.15.4)

Post by Curt@invincea » Fri Nov 11, 2016 1:27 pm

5.15.4 has been officially released.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests