Cant remove box or terminate prog => starts srv in other box

[JohnBox]

I have installed FTK imager in a sandbox and that works fine.

Then I installed Nitro Pro 9 in a sandbox and that works fine as well.

However when closing Nitro it does not terminate all services running in the box. Then I terminate programs in the box manually. That works.

Then I try to delete the contents of the FTK imager box. That tells me "Please terminate programs running in the sandbox before deleting its contents." AND at the same time it STARTS the Nitro sandbox with services Start.exe, SandboxieRpcSc.exe and SandboxieDcomLaunch.exe. in it.

When I terminate programs for the FTK imager box is tells me "There are no processes to terminate". When I try to delete the contents of the FTK imager box same it tells me "Please terminate programs running in the sandbox before deleting its contents." Stuck in a loop.

Now comes the fun part. When I try to delete the Nitro sandbox it tells me "Please terminate programs running in the sandbox before deleting its contents." When I terminate programs for the Nitro box, and there are none running, it tells me "There are no processes to terminate".

How can I get rid of both sandboxes and completely remove them? Yes, removing them is also not possible because it tells me "Please delete contents of sandbox FTK before invoking this command."

Why does the Nitro box start up several services when I try to delete the contents of the FTK imager box?

Also, just to test this out, I tried to remove another sandbox and again it tells me "Please terminate programs running in the sandbox before deleting its contents." and when I terminate programs it tells me "There are no processes to terminate." as well as ALSO firing up the above mentioned services in the Nitro box again.

So regardless of what box I am trying to remove it starts those services in the Nitro box.

You see I am stuck in a loop and two or more boxes are actually somehow linked to the Nitro box or each other. How and why and is this not a security breach? How can it happen that trying to remove one sandbox starts services in another sandbox? Are sandboxes not 100% independent from each other?

Below the config for the Nitro and FTK box. Please help. Thank you


[NITRO]

Enabled=y
ConfigLevel=7
Template=AutoRecoverIgnore
Template=Firefox_Phishing_DirectAccess
Template=Chrome_Phishing_DirectAccess
Template=LingerPrograms
Template=BlockPorts
BorderColor=#40FF00
NeverDelete=n
NotifyInternetAccessDenied=y
NotifyStartRunAccessDenied=y
BoxNameTitle=n
ClosedFilePath=%{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}%\
ClosedFilePath=%{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}%\
ClosedFilePath=%Personal%\
ClosedFilePath=%{374DE290-123F-4565-9164-39C4925E467B}%\
ClosedFilePath=%My Music%\
ClosedFilePath=%Favorites%\
ClosedFilePath=%{56784854-C6CB-462B-8169-88E350ACB882}%\
ClosedFilePath=%Desktop%\
ClosedFilePath=%My Pictures%\
ClosedFilePath=%My Video%\
ClosedFilePath=%{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}%\
ClosedFilePath=C:\Users\User\.VirtualBox\
ClosedFilePath=\Device\Mup\
ClosedFilePath=InternetAccessDevices
CopyLimitKb=491520
ForceProcess=nitropdf.exe

[FTK]

Enabled=y
ConfigLevel=7
Template=AutoRecoverIgnore
Template=Firefox_Phishing_DirectAccess
Template=Chrome_Phishing_DirectAccess
Template=LingerPrograms
Template=BlockPorts
BorderColor=#40FF00
NeverDelete=n
NotifyInternetAccessDenied=y
NotifyStartRunAccessDenied=y
BoxNameTitle=n
ClosedFilePath=%{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}%\
ClosedFilePath=%{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}%\
ClosedFilePath=%Personal%\
ClosedFilePath=%{374DE290-123F-4565-9164-39C4925E467B}%\
ClosedFilePath=%My Music%\
ClosedFilePath=%Favorites%\
ClosedFilePath=%{56784854-C6CB-462B-8169-88E350ACB882}%\
ClosedFilePath=%Desktop%\
ClosedFilePath=%My Pictures%\
ClosedFilePath=%My Video%\
ClosedFilePath=%{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}%\
ClosedFilePath=C:\Users\User\.VirtualBox\
ClosedFilePath=\Device\Mup\
ClosedFilePath=InternetAccessDevices
CopyLimitKb=999999
ForceProcess=ftk imager.exe
DropAdminRights=y

I had exact behaviour already once with other sandboxes, reverted back to an older and clean OS image with Macrium Reflect and the problems were gone. So something is messing up somehow...

[bo.elam]

Hi John, some of your problems might go away after a reboot. I suggest you do that and then afterward try to delete consents of the sandboxes. And after deleting contents, try again to Remove the sandboxes that you like to remove.

Bo

[JohnBox]

I went ahead and did a restore with Macrium Reflect of the latest clean image, lost a few installs and setting updates, however the Sandboxie issues are not present any more, simply for the reason I have not yet tested to run FTK and Nitro in sandboxes again. Will report back if the problem persists.

Is this a user supported forum or do people from Invincea also get in touch?

As always, thank you for your help Bo

[JohnBox]

Did try and now FTK and Nitro are modifiable as per normal, so I can delete contents and remove the boxes fine.

Why does this only work after a restore to a clean OS image and/or a restart?

[JohnBox]

And again even after a restart this keeps happening, after using the Nitro box a few times it starts to link all other boxes to itself (opening and closing other boxes will invoke the starting of above mentioned processes in the Nitro box), what leads to not being able to remove the Nitro box because it tells me to del its contents first and when I try that it tells me to terminate the programs and when I try that it tells me there are not programs to delete. This means I have to restart the host on a regular basis and I restart this host as little as possible since this is a workstation that is on most of the time.

Can someone shed some light on this and why this is happening? Is the registry messed up and after a restart it "sorts itself out"? That is not acceptable really. I can't restart the host every time I like to use Nitro PDF.

[Peter2150]

If I read this correctly you are installing Nitro in Sandboxie. Why not just install Nitro on your computer, and then just make it a forced program so when ever you run it it runs sandboxed?

[JohnBox]

Mainly so I can remove it at will at any point in time later on and not have to worry about traces being left on the host.

In the meanwhile reverted back to a clean older OS image, installed FTK into a box and then gave SumatraPDF sandboxed a try and as well the same thing keeps happening. The boxes start linking to each other starting processes in the FTK box whenever the SumatraPDF box or other older boxes that I installed many OS images ago are being started or stopped. Also after restarts this keeps happening.

Somehow this seems buggy to me. A few times the system also got locked up and a few times I let it wait for the error message to come up and a few times it simply displayed "Not responding" in the title of the Sanboxie gui.

edit:
Maybe this is due to how I install FTK into a sandbox. What I do is run the FTK exe sandboxed and then later when the install is done I go into the sandbox and select the main exe for starting up FTK to be forced sandboxed as well as putting a shortcut of that on the desktop. Is this double trouble since the program is already in a sandbox so starting the main exe from it can be done with out forcing the program to run sandboxed?

edit2:
even without force program running of FTK's main exe in the sandbox this behaviour persists.

[JohnBox]

How can I run FTK, regardless of its imaging and backup functions, in a sandbox without it affecting other sandboxes and starting processes in those please?

The issue persists, even after going back to a clean OS image, then installing FTK in a sandbox and then using it sandboxed it will start to affect other sandboxes, also after a restart. Can this get looked into please? Can someone else see and try if they get this behaviour as well? FTK imager is free to get from here: http://www.accessdata.com/support/product-downloads , on this screen just fill in dummy data and you will get the full download: http://go.pardot.com/l/46432/2014-07-09/44kh

[JohnBox]

Same happens when using TeamViewer.

Installed TeamViewer into a box and run it in/from the box, now when I open and close other boxes the TeamViewer box shortly runs the services Start.exe, SandboxieRpcSc.exe and SandboxieDcomLaunch.exe. in it, why is this happening?

[JohnBox]

Must be some sort of bug since when doing a restart the issue is gone for one box though then when making a new box and installing into and running something from that new box those services keep starting in the box the was created before the latest one. A kind of domino effect through the boxes. However when closing the Firefox box most of the time the box that also reacts with other boxes quickly opens and closes the mentioned services. All this makes a sort of unstable or insecure impression however I guess I will have to live with it for now. Any body experiencing this as well?