IE7 wont start sandobxed

[Unknown_User_868]

IE7 will not load for me with either 3.0.04 or 3.0.03

i get the folowing errors in debug

(003236) SBIE (KD) 0002001F \REGISTRY\Machine\System\CurrentControlSet\Services\EventLog\Determina\SecureCore
(003236) SBIE (KD) 0002001F \REGISTRY\Machine\System\CurrentControlSet\Services\EventLog\Determina
(003236) SBIE (KD) 0002001F \REGISTRY\Machine\System\CurrentControlSet\Services\EventLog
(003236) SBIE (FD) C0100080.01.00000040 \Device\NamedPipe\EVENTLOG
(003236) SBIE (FD) C0100080.01.00000040 \Device\NamedPipe\EVENTLOG
(003236) SBIE (FI) 00000022 \Device\SandboxieDriverApi (null)
(003236) SBIE (KD) 02020019 \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
(003236) SBIE (FD) C0100080.01.00000040 \Device\NamedPipe\EVENTLOG

and 2 errors from sandboxie:

sbie2306 could not locate user directory: [c0000022 / 11]

sbie2304 initialization faild for process iexplore.exe

when i add

OpenpipePath=\Device\NamedPipe\EVENTLOG
openkeypath=iexplore.exe,hkey_local_machine\System\CurrentControlSet\Services\EventLog
openkeypath=iexplore.exe,hkey_local_machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
openkeypath=iexplore.exe,hkey_local_machine\SYSTEM\ControlSet001\Services\EventLog

to my config and try and run ie7, it explodes, here is a small sample:

(002296) SBIE (KD) 00000003 \REGISTRY\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
(002296) SBIE (FI) 00000022 \Device\SandboxieDriverApi (null)
(002296) SBIE (ID) 00000000 \BaseNamedObjects\SbieDllDummyEvent_2296
(002296) SBIE (KD) 000F003F \REGISTRY\machine\software\microsoft\com3
(002296) SBIE (KD) 000F003F \REGISTRY\machine\software\microsoft\ole
(002296) SBIE (KD) 000F003F \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
(002296) SBIE (KD) 000F003F \REGISTRY\Machine\Software\Classes\*\shell\sandbox
(002296) SBIE (KD) 000F003F \REGISTRY\Machine\Software\Classes\Wow64Node\*\shell\sandbox
(002296) SBIE (KD) 000F003F \REGISTRY\User\Current\Software\Classes\*\shell\sandbox
(002296) SBIE (KD) 000F003F \REGISTRY\User\Current\Software\Classes\Wow64Node\*\shell\sandbox
(002296) SBIE (KD) 000F003F \REGISTRY\machine\software\classes\clsid\{de1f7eef-1851-11d3-939e-0004ac1abe1f}
(002296) SBIE (KD) 000F003F \REGISTRY\machine\software\microsoft\windows nt\currentversion\winlogon
(002296) SBIE (KD) 000F003F \REGISTRY\machine\software\classes\clsid\{ceff45ee-c862-41de-aee2-a022c81eda92}
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (ID) 001F0003 \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
(002296) SBIE (ID) 00100002 \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (FI) 00000039 \Device\KsecDD (null)
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE
(002296) SBIE (KD) 02000000 \REGISTRY\MACHINE

that is about 1/100th of what i get.
i also get 6 sbie errors:

sbie2308 could not create object directory: [11 / 5]

sbie2309 could not disable com+/dcom: [11 / c0000022]

sbie2309 could not disable com+/dcom: [21 / c0000022]

sbie2311 could not disable recycle bin (bitbucket): [88 / c0000001]

sbie2312 could not enable browsenewprocess setting: [99 / c0000001]

sbie2320 could not disable windows explorer as desktop process: [11 / c0000022]

then i get a ie7 error about not being able to find the about:blank and to make sure the address is correct, the ie7 process starts in the sandbox, but i cant see the window.

this is the full box settings:

[web]

Enabled=yes
CopyLimitKb=32768

ForceProcess=iexplore.exe
ForceProcess=firefox.exe

OpenpipePath=\Device\NamedPipe\EVENTLOG
openkeypath=iexplore.exe,hkey_local_machine\System\CurrentControlSet\Services\EventLog
openkeypath=iexplore.exe,hkey_local_machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
openkeypath=iexplore.exe,hkey_local_machine\SYSTEM\ControlSet001\Services\EventLog


LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe

RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

BlockDrivers=y
BlockFakeInput=y
BlockWinHooks=y

BoxNameTitle=y


firefox does not have any issues. i know other people are having problems with ie7 loading slowly, but at least theirs loads. ie also works fine un-sandboxed.

[tzuk]

sbie2306 could not locate user directory: [c0000022 / 11]

SBIE2306 with error code 11 means error reading registry, and C0000022 means the error is because of access denied (typically a permissions thing). Open*Path aren't going to work here. You quoted other errors, at least half of them say the operation failed with "access denied."

I can't tell you yet what's wrong. Try deleting the sandbox and restarting your computer, just for good measure. If that doesn't help, I'd like to see your entire Sandboxie.ini.

firefox does not have any issues.

That's strange, these errors should not be related to the specific program that is starting.

[Unknown_User_868]

my full ini.

[GlobalSettings]
ConfigLevel=1
BoxRootFolder=%APPDATA%
ForceDisableSeconds=10



FileTrace=.
PipeTrace=.
KeyTrace=.
IpcTrace=.
GuiTrace=.


[DefaultBox]

BlockWinHooks=n
Enabled=yes
CopyLimitKb=32768
OpenFilePath=msimn.exe,%AppData%\Identities
OpenFilePath=msimn.exe,%Local AppData%\Identities
OpenFilePath=msimn.exe,%AppData%\Microsoft\Address Book
OpenFilePath=msimn.exe,*.eml
OpenFilePath=outlook.exe,%AppData%\Microsoft\Outlook
OpenFilePath=outlook.exe,%Local AppData%\Microsoft\Outlook
OpenFilePath=outlook.exe,*.eml
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Identities
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Software\Microsoft\Outlook Express
OpenKeyPath=msimn.exe,HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
OpenKeyPath=msimn.exe,HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express
OpenKeyPath=msimn.exe,HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Outlook Express
OpenKeyPath=outlook.exe,HKEY_CURRENT_USER\Software\Microsoft\Office
OpenKeyPath=outlook.exe,HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe

RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

BlockDrivers=y
BlockFakeInput=y
BlockWinHooks=y

BoxNameTitle=y

[web]

Enabled=yes
CopyLimitKb=32768

ForceProcess=iexplore.exe
ForceProcess=firefox.exe

OpenpipePath=\Device\NamedPipe\EVENTLOG
openkeypath=iexplore.exe,hkey_local_machine\System\CurrentControlSet\Services\EventLog
openkeypath=iexplore.exe,hkey_local_machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
openkeypath=iexplore.exe,hkey_local_machine\SYSTEM\ControlSet001\Services\EventLog


LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe

RecoverFolder=%Favorites%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

BlockDrivers=y
BlockFakeInput=y
BlockWinHooks=y

BoxNameTitle=y

[citrix]
Enabled=yes
CopyLimitKb=32768


OpenFilePath=wfica32.exe,*
OpenKeyPath=wfica32.exe,*
OpenIpcPath=wfica32.exe,*
OpenFilePath=pcl2bmp.exe,*
OpenKeyPath=pcl2bmp.exe,*
OpenIpcPath=pcl2bmp.exe,*

OpenFilePath=firefox.exe,%Local Settings%\Temp\launch.ica
OpenFilePath=iexplore.exe,%cache%

LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe

BoxNameTitle=y


[drive]
Enabled=yes
CopyLimitKb=32768
AutoExec=reg add HKCU\software\microsoft\windows\currentversion\policies\explorer /v NoDrives /t REG_DWORD /d 0 /f
openfilepath=a:\
openfilepath=b:\
openfilepath=e:\
openfilepath=f:\
openfilepath=g:\
openfilepath=h:\




i dont use the default box for anything. the citrix box is specifically for launching citrix (as discussed in this other thread). i use firefox to start it (via a shortcut on the desktop, so it starts in this box). the drive box is for the drive issue we were discussing (this thread). the web box is what ie is launching into when it has an issue. if the problem can't be fixed with open*path statements then ill just get rid of those. i tired forcing ie into the default box just to see what would happen and got the same problem. I'm probably overlooking something obvious, but i don't know what. additionally the ie process is not consistent with its running in the sandbox. sometimes it starts, sometimes it doesn't. i have already cleared out the box (all of them actually). ie version 7.0.5730.11, don't know if that is the latest version. . .

[tzuk]

OpenpipePath=\Device\NamedPipe\EVENTLOG
openkeypath=iexplore.exe,hkey_local_machine\System\CurrentControlSet\Services\EventLog
openkeypath=iexplore.exe,hkey_local_machine\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
openkeypath=iexplore.exe,hkey_local_machine\SYSTEM\ControlSet001\Services\EventLog

I noticed you use OpenXxxPath casually. It's not a good idea. In this particular example, it's even a bad idea. Remove these, reload configuration, retry sandboxing.

[Unknown_User_868]

if they are not helping fix the issue i will remove them. unfortunately to get the program as transparent as possible i have to open a lot of file paths, thats why i'm trying to run them all in different boxes. rest assured that at home i don't do that.

on a totally unrelated note, i am trying to get the default downloads directory (the one that ie and firefox prompt you with when you click on save <whatever>) in ie and firefox to have to a different directory that is outside the sandbox, something like c:\downloads. my question is: does this change the internal download directory (the one that things get saved to automatically). what i'm hoping is that driveby downloads will still save to the default directories (my documents and desktop i think) but that the stuff that users save explicitly will go to the downloads directory. i am trying to find a way to make the recovery process invisible.

[tzuk]

I don't know where this topic is headed to, anymore. Do you still have problems with IE 7?

[Unknown_User_868]

i just tried the latest version, it still wont start. my last post was just stating that i would remove the unnecessary open paths from my config, which i have done, and an unrelated question about setting up ie and firefox after we get the issue resolved. sorry about the confusion.

[Unknown_User_868]

i have a coworker who gets the two original messages in the latest version of ie6. we have not done any testing, but i thought you should know. he is using default configuration with sbie 3.00.05.

[tzuk]

It's an access denied error, maybe your permissions are set too restrictive?

Try running this in a command prompt:

Code: Select all

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /v ProfilesDirectory

That's the key/value that cannot be accessed (for read), and causes message SBIE2306 to display.

Try it in a regular command prompt, then in a sandboxed one.

[Unknown_User_868]

the keys are the same: %systemdrive%\documents and settings

the entry for systemdrive is not in the registry though, should i add it? and if so should i put it under shell folders or user shell folders or does it matter?

[tzuk]

No, it says %SystemDrive% for me too, and for many other people. There's no need to create any special value for that.

Like I said, Sandboxie is really doing the equivalent of that 'reg' command, and you said you can get the command to run sandboxed.

I have to admit, I'm puzzled.

[Unknown_User_868]

i can get it to work using

OpenKeyPath=iexplore.exe,*
OpenIpcPath=iexplore.exe,*

but i get the error sbie2312 could not enable browesnewprocess setting: [99/c0000001]

i also tried adding an openpipepath statement, but that did not help. if i remove either of those statements ie will not start. i do not suppose that it is a surprise that this worked, but maybe the error it leaves behind will be a clue?

[tzuk]

Then I suggest,

first you OpenKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

instead of OpenKeyPath=*

Then you can see if it's just this one key that is a problem.

I also suggest you run Process Monitor (from Microsoft) and see what key the access denied is for. Is it the real key in HKEY_LOCAL_MACHINE? Or maybe the access denied is in the sandbox registry hive under HKEY_USERS?

This is a very strange problem, we're probably going to have to spend some time guessing about it, before we figure it out.

[Unknown_User_868]

sorry it has taken so long to respond, but i have been working on other issues as well as this one.

That is not the only entry causing problems. with your string (OpenKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList) i get the following errors:

sbie2309 could not disable com+/dcom: [11 / c0000022]

sbie2309 could not disable com+/dcom: [21 / c0000022]

sbie2311 could not disable recycle bin (bitbucket): [88 / c0000001]

sbie2312 could not enable browsenewprocess setting: [99 / c0000001]

sbie2320 could not disable windows explorer as desktop process: [11 / c0000022]

which are five of the six errors in the original message.

i added the folowing entries:

OpenKeyPath=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
OpenKeyPath=HKEY_LOCAL_MACHINE\
OpenKeyPath=HKEY_Current_user\
OpenKeyPath=HKEY_classes_root\

and now i get

sbie2312 could not enable browsenewprocess setting: [99 / c0000001]

additonaly, now iexplore.exe continues to run every time, but the window does not appear.

here is a sample of the process mon results (with the four entries above in the ini file):

224887 12:03:24.3251656 PM iexplore.exe 528 RegOpenKey HKU\Current\Software\Classes\*\shell\sandbox ACCESS DENIED Desired Access: All Access
224888 12:03:24.3251849 PM iexplore.exe 528 RegOpenKey HKU\Current\Software\Classes\Wow64Node\*\shell\sandbox ACCESS DENIED Desired Access: All Access
224905 12:03:24.3436652 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225060 12:03:24.3651383 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225061 12:03:24.3653009 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225311 12:03:24.4122996 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225364 12:03:24.4254228 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225365 12:03:24.4254471 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225375 12:03:24.4256524 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225377 12:03:24.4257368 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225378 12:03:24.4257530 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225461 12:03:24.4424903 PM iexplore.exe 528 RegOpenKey HKCU\Software\Classes ACCESS DENIED Desired Access: Maximum Allowed
225467 12:03:24.4426434 PM iexplore.exe 528 RegOpenKey HKCU ACCESS DENIED Desired Access: Maximum Allowed
225468 12:03:24.4426588 PM iexplore.exe 528 RegOpenKey HKU\.Default ACCESS DENIED Desired Access: Maximum Allowed
225469 12:03:24.4426778 PM iexplore.exe 528 RegOpenKey HKCU ACCESS DENIED Desired Access: Maximum Allowed
225470 12:03:24.4426915 PM iexplore.exe 528 RegOpenKey HKU\.Default ACCESS DENIED Desired Access: Maximum Allowed
225471 12:03:24.4427040 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225472 12:03:24.4427225 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225478 12:03:24.4446023 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225479 12:03:24.4446294 PM iexplore.exe 528 RegOpenKey HKLM ACCESS DENIED Desired Access: Maximum Allowed
225480 12:03:24.4446523 PM iexplore.exe 528 RegOpenKey HKCU ACCESS DENIED Desired Access: Maximum Allowed


they all pretty much look like that, except it runs on for pages.

let me know what else to try, thanks for your great support.

[tzuk]

The trace shows a lot of access request for the "MAXIMUM_ALLOWED" access level, which were denied. Do you get the same result, with MAXIMUM_ALLOWED, when you remove all the Open*Path settings? If your answer is yes, you may have a conflict with another piece of software.