Thanks but be prepared...

[Syrinx]

First off, I'd like to give you all a HUGE thanks for the back to school sale. It was perfect timing and very much appreciated here! We grabbed another license and I'm currently working on integrating SBIE into the PC [PC in my wording being 'a' computer not necessarily a desktop] our kid(s) will be using shortly.

I already ran into one hiccup regarding 'User Accounts' but managed to figure that one out just as I was writing a PM to nag Craig about it [my mistake there]. Be prepared though I may soon have thoughts or questions with areas or scenarios I haven't encountered on my own machine and of course I will desire quick aid! :P So yeah, end of this random rant... /yay 'Anything Else'

P.S.:
First question:
I normally visit often [and hate auto-updates for anything in general (even windows), I like to control all that on my machine] and so I normally have auto-updates disabled.

I currently have the SBIE beta on that PC so will it still get an update alert for an official release with a beta installed?

Second Question:
I'm hoping to have the ability to delete certain sandboxes on close (which requires sbiectrl at this time) [along with quick recovery? maybe?] but want to avoid having the icon displayed/accessible in the tray for my kid(s) account.

Is there any type of /hide option where it could remain running and operational but not be in the notification area to be seen or messed with?

I've already enabled the edit and admin only options for the ini so it can't be disabled/changed etc but would like to take it a tad further to the mostly 'invisible' but still fully operational sector. I'm tempted to loop back around to an old suggestion where I thought deletion should be handled by the primary sbie service anyway but for this instance I'd really be happy with just a way to prevent sbiectrl from being shown in the notification area on the initial start (logon for a specific user) through a simple option/flag/switch... eg altering a specific run link or adding a switch such as /hide:kid [kid being a username in this case] that could be appended to the startup shortcut or someplace in the ini that is later processed but still results in no tray sbiectrl for said user via that path. Obviously I'm not asking for anything that prevents them from launching sbiectrl manually and seeing it later but for kid(s) the age I'm talking about that's unlikely to happen anyway.

[Syrinx]

OK I ran into an issue in regards to SRP with dll rules enabled. I've worked around it for now but I'd appreciate any information in regards to why or how this occurs so that I can possibly figure out a better solution.

This error pops up when the WizardGraphicalClient (actual game) for Wizard101 is launched and only when SRP dll rules are restricted with a default security level of Disallowed. The game folder is defined as 'Unrestricted'. So is Program Files where SBIE is installed...

SBIE2327 Error in COM Server: [31 / 0]

The game still functions but I wanted to 'fix' the issue rather than hide and ignore the Error...
I found that the Event Log also had an error at the same time,

Event 1, UAC
The process failed to handle ERROR_ELEVATION_REQUIRED during the creation of a child process.

The workaround I've applied for now was to add "C:\Program Files\Sandboxie" as Unrestricted which also fixes another quirk where SRP would block the Crypto.exe of SBIE.

With that rule added it no longer issues any errors and nothing in the event log. It's working. It's weird because the default rule of Program Files being Unrestricted really should have allowed all that anyway....

So I'm confused as to why it's happening but as I found that little quirk in SRP isn't limited to SBIE, (offtopic) I also had to add C:\Program Files\WindowsApps as a separate rule or Apps from the store wouldn't work.

Is there something special with SBIE that might explain why SRP rules weren't being applied properly (as in how I expected) with just the default Program Files rule? The only thing I can come up with is related to ANONYMOUS LOGON/AppContainer....but then why do those new rules work? /headache

P.S. The machine I'm setting up is Windows 10 Pro x64

[Syrinx]

Figured out the SRP issue finally. Turns out it was related to the 'default' SRP rules!

Particularly the use of 'Registry Path Rules'

Removing these and explicitly adding both Program Files paths and Windows solved all the above issues (without extra rules) with SBIE, AppX (Store apps) and even another one I only just noticed before testing this fix on a whim.

Bad MS - Fix that [DEFAULT] reg path issue when dll restrictions are enabled!

[Syrinx]

Geesh has it been that long? I can't edit the above post so here goes another random extra unrelated to SBIE but I felt like venting so here it goes...

I found another issue, this time with the Windows Defender Network Inspection Service.

Event ID 3002, Windows Defender
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004005
Error description: Unspecified error
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

Google didn't help and just about every page I landed on was in regards to MSE and the 'solution' was normally something along the lines of an uninstall and then reinstall of MSE. Welp, I'm working on Win 10 and it's integrated so there is no uninstall/reinstall option. The other ones suggesting that I remove certain .dat files also didn't help...

Manually checking for updates didn't show anything odd either...

After a bit of testing I found this error only popped up when the DLL SRP was enabled (Imagine that).

It turns out that MS didn't take their own guidelines into account for Windows Defender and some needed files (dlls) live inside a ProgramData folder.

"C:\ProgramData\Microsoft\Windows Defender\Definition Updates" hold dlls for updates and the 'Windows Defender Network Inspection Service' won't start correctly without (only at boot) it...resulting in the service not running at startup along with the above event log error. Oddly enough manually starting it or using a script to start it after login seemed to work just fine.... /NewHeadache

Once I added the Definition Updates folder as Unrestricted the problem was solved upon reboot - no more errors and the service starts on boot!

Either way, problem solved but shame on MS for not following their own guidelines with such an 'important' piece of the OS in Windows 10 and making me waste my time figuring this mess out... /MadFace? At least they altered the NTFS security permissions so that the location isn't a potential entry for malware via a LUA. /NotQuiteAsMadFace?

[Syrinx]

Just a minor update/correction.

The...

Event 1, UAC
The process failed to handle ERROR_ELEVATION_REQUIRED during the creation of a child process.

event still happens occasionally (not nearly as often) but I haven't bothered to investigate it further just yet as everything still works. I can confirm it only happens when I'm testing my kids setup and launching the games within SBIE. Never seen these on Win7 with the same games so it seems to be related to either Win10 or some global policy restriction that isn't present on my machine but active there.
If I get around to figuring it out I'll try to remember to update this thread further.

yes, I realize at this point I'm talking to myself but that's nothing new :P