Sandboxie causing "An anonymous session connected from [MY COMPUTER NAME] has attempted to open an LSA policy handle ..." on Windows 10

I'm having this exact same error but I'm using Win7 64-bit, Sandboxie v5.30.

All drivers and OS updates are current. I'm using Firefox and Waterfox.

Hi Sam.

Thank you for the update, I'm glad I'm not the only one. Never had such issues on Windows 7 myself, did you have them before installing v5.30?

With all that has been going on with Sandboxie in the last few months I prefer not see such errors which could be interpreted as some sort of Malware infection.

All,

I've shared the info with the devs.  I will update this thread once I receive a response.

Regards,

Thank you Barbara, very kind.

Hi all,

I was not able to repro the message on Win 10 1809 + FF 67, so it may be a combination of FF and certain AV software, or an extension. Try a new FF profile and a new Sandbox with default settings to see if the behavior continues. 

The devs stated that this is something on the program's end that not liking Sandboxie using Anonymous Logon (as nothing has changed with Sandboxie in that regard, and there is no malware in our code).

Here's an example of a similar situation:
https://support.microsoft.com/en-us/help/839569/you-may-not-be-able-to-connect-to-an-instance-of-sql-server-by-using-a

You may want to reach out to Mozilla's support and see if they can verify the message and the steps. 

Thanks!

Hi Barbara.

This is what I tested today:

1. I created a new Firefox profile
2. I closed KIS 2019
3. I created a new Sandbox
4. I launched the browser in the new Sandbox and no event was logged

1. I rebooted
2. I launched the browser in the new Sandbox without closing KIS 2019
3. The event was logged

So the issue is not with my regular Firefox profile and/or my regular Sandbox.

It seems to be a conflict with KIS 2019(which I don't have installed on my other machines).

As this event is only logged once per day, I will try again tomorrow with KIS 2019 closed.

Thank you.

Sorry for taking so long to respond, I was having challenges getting logged into this forum using a vpn. I'm good now.

I did notice the problem didn't arise until v5.30 but I also know Windows update for May has been problematic. Coincidence? I don't know yet. It could be one or the other as the culprit; or perhaps both.

I re-imaged my drive and installed all updates till April. Sandboxie is v5.28. I'm going to let it run for 3 days to see if any issues arise. Then I'll update SB to v5.30 to see if it creates the LsaSrv error. Depending on the results, I'll install the Windows May updates. Hopefully, something will present itself.

Curious, do you by any chance use Intel Turbo Booster? Have you experienced any BSOD around the time of the LsaSrv error?

Hi Sam.

I believe by Windows May update you mean 1903? I did not install it as I'm aware of issues.

No BSODs on my side, I will check the BIOS for Intel Turbo Boost later on today.

By the way, do you have KIS installed?

Thank you.

Hi Sam.

I believe by Windows May update you mean 1903? I did not install it as I'm aware of issues.

No BSODs on my side, I will check the BIOS for Intel Turbo Boost later on today.

By the way, do you have KIS installed?

Thank you.

Hi sandboxieuser456 ,

When I inquired about the May windows update, I assumed you just upgraded to Win10 like most people do. I was thinking perhaps some remnants of Win7 might be left over that could be causing the error. However, I just noticed in your original post you mentioned doing a clean install. I was asking because of the KB4499175 update has been problematic with some anti-virus software but this of course wouldn't effect you on a clean install. I use CIS and Comodo is not effected by the update.

The LsaSrv error is caused from running a sever and the only 2 server items I have running is Intel Turbo Booster and Sandboxie. The Intel software is installed on your system and not in the BIOS. The preliminary research is to attempt to find commonalities between our machines.

So far today and yesterday, I have not experienced any errors yet. On Friday, I'm going to update SB to v5.30 and see if the LsaSrv error comes back. Time will tell.

If you have the time, have your thought about doing a fresh install again and run SB at v5.28 to see if the errors happen? The v5.28 was a part of the image and I don't have another copy but maybe Barbara can get a copy for you to test with. Worse case, I do have v5.26 but the other version would offer better results.

Hi Sam.

I don't have Intel Turbo Booster installed.

Unfortunately this is PC #1 of 5 which I have to format so I have no time to clean install to test v5.28 out.

In my case I believe it's a conflict with KIS because with KIS turned off, I get no events.

Hi sandboxieuser456,

I'm glad you found the culprit and hopefully will find its solution.

Hopefully, in a couple of days I'll have a solution too.

Good luck

I just got another LsaSrv error a little over an hour ago. So I know this is not related to v5.30 or the May update.

Now it likely comes down to Intel Turbo Booster Technology or Sandboxie. These are the only "server" software running on my system.

I uninstalled the Intel software and will wait a couple of days to see if the error is generated.

EDIT: I have not updated Sandboxie or windows yet.

Hi Sam.

Do you get them at random or as it's in my case when you load your browser(or another application) in Sandboxie mode?

Hi sandboxieuser456,

I have been trying hard to duplicate this on purpose but without any luck. It appears random but I should know something more in a couple of days.

The only thing left on my system that could trigger this event is Sandboxie. So we'll see.