SBIE2101

SBIE2101 Object name not found: \BaseNamedObjects\IGFXKMDNotifyBatchBuffersComplete, error OpenEvent (C0000022) access=001F0003 initialized=1

Happens frequently (every day)
Sandboxy 5.30
Windows 10 Enterprise 2016 LTSB, x64
Internet Explorer 11.2791.14393, Chrome 73.0.3683.86, 64bit
No antivirus, Windows' only protections (not sure which ones, Defender I guess)
Step to reproduce - surf Internet, preferably FaceBook
It occured on current version and on previous versions too
Full message is on top of this message. Usually it repeated several times in SandBoxy window.

Parents
  • Hi O G1,

    Does the issue follow you to a new Sandbox with default settings?
    Any specific things to do in facebook when the issue occurs? (chats, videos, crafting a response..?) 

    Please post a copy of your configuration file
    Sbie control --> Configure --> Edit configuration

    Are there any addons involved?
    Is functionality affected in any way? (Can you click on "Hide" the message if not, and see if that helps?) 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barb@Sophos,

    Actually, this issue happens on new Sandbox with default settings, which was created especially for runnig Internet Explorer for Facebook. Because Facebook's videos hang up entire computer when running in Chrome, and I suppose due to the same issue with SandBoxy, but it is just a siggestion.

    I'm unable to say confidently tha issue happens after some specific actions in Facebook. But, seems, most probably, after running video.

    No any addons involved.

    Functionality is not affected (button "Hide" could be pressed, window closed and no obstacles to continue).

    Config is below.

    Regards,

    O G1

     


    [GlobalSettings]

    Template=WindowsRasMan
    Template=7zipShellEx
    Template=WindowsLive
    Template=OfficeLicensing
    ActivationPrompt=n
    FileRootPath=F:\Sandbox\%USER%\%SANDBOX%
    TemplateReject=SynapticsTouchPad

    [DefaultBox]

    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    Enabled=y

    [UserSettings_086A01A8]

    SbieCtrl_UserName=OG
    SbieCtrl_NextUpdateCheck=1560277782
    SbieCtrl_UpdateCheckNotify=n
    SbieCtrl_ShowWelcome=n
    SbieCtrl_WindowCoords=478,98,1013,494
    SbieCtrl_ActiveView=40021
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_ProcessViewColumnWidths=250,70,300
    SbieCtrl_BoxExpandedView=Apps1,DefaultBox,Mailer,NetBeans,Pharo,Quarantine

    [Browser]

    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=Chrome_Profile_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=Chrome_Sync_DirectAccess
    Template=Chrome_Preferences_DirectAccess
    Template=Chrome_Passwords_DirectAccess
    Template=Chrome_History_DirectAccess
    Template=Chrome_Bookmarks_DirectAccess
    Template=Chrome_Force
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    Template=qWave
    RecoverFolder=D:\Music\just downloaded
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%\Software
    RecoverFolder=D:\Downloads\Software
    RecoverFolder=D:\Downloads
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y
    LeaderProcess=chrome.exe

    [Mailer]

    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    Template=qWave
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y

    [Quarantine]

    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    Template=qWave
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y

    [Apps1]

    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    Template=qWave
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y
    BoxNameTitle=y
    OpenPipePath=D:\Just4Fun\

    [IE]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    ForceProcess=iexplore.exe
    NotifyStartRunAccessDenied=y
    DropAdminRights=y

  • Hi Barb@Sophos,

    Actually, in my previous post I described results of discussed tests:

     - I confirmed, that incorrect behaviour happens under Sandboxy only

     - it happens with or without drop administrative rights

     - I collected Res. Acc. Mon data as you described

    The only thing was not checked - Chrome hrdware acceleration on/off. Because Chrome isn't involved in investigations. IE only.

    And one more thing must be mentioned again - now no any error messages happens. Just silent incorrect work.

    May be another point worth to be mentioned: loging issue started to happen in last week or two. Earlier it did not happen. On link you sent me mentioned Windows 7. So it is old enough issue. I met it not much time ago.

    So, what can I test more?

  • Hi O G1,

    Thanks for clarifying.
    The Chrome steps were sent since your original post includes Chrome as well (the idea is to find if all your browsers behave the same in the sandbox, or just IE).

    If you did choose to hide the message, as originally suggested, then that's probably why you are not seeing the error anymore (to un-hide Configure --> Forget hidden messages). Otherwise, has anything changed since you reported the problem? Any additional information will be appreciated.

    Interesting that the login issue started not too long ago for you. The post is, indeed, for Windows 7 originally, but seems to apply exactly to your situation.

    I re-tested the behavior and I am still unable to reproduce it. Can I please get the exact windows build that you are using? Perhaps that's the key here.

    Thanks!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barb@Sophos

    What I did right now.

    1. Configure --> Forget hidden messages

    2. Create new sandbox

    3. Without any settings "Run Any Program" --> "C:\Program Files\Internet Explorer\iexplore.exe"

    4. Login to FaceBook

    5. Start Resource Access Monitor (log is at bottom of the message)

    6. Find first video (www.facebook.com/.../) and click "play" (white triangle) 

    7. Video doesn't start.

     

    Windows 10 Entrprise 2016 LTSB

    IE11 --> Version 11.2791.14393.0, Update version 11.0.110

    Can I do more to help to understand what's going on?

     

    RAM's log:

    Clsid -------------------------------
    Clsid {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ShellWindows
    Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager
    File/Key -------------------------------
    Image -------------------------------
    Ipc -------------------------------
    Ipc \PdcPort
    Ipc \Sessions\1\BaseNamedObjects\IsoScope_7be4_iso_sm_e_7be4_1401_7d
    Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc
    Ipc \Sessions\1\BaseNamedObjects\windows_webcache_bloom_section_{8333EE6C-ED12-414F-995E-7A2847F80A9B}
    Ipc O \RPC Control\DNSResolver
    Ipc O \RPC Control\SbieSvcPort
    Pipe -------------------------------
    Pipe O \Device\Afd
    Pipe O \Device\NetBT_Tcpip_{3F3F684F-2263-43C7-A8DD-87FEFEEDAD45}
    Pipe O \Device\NetBT_Tcpip_{7194130E-AC2A-49F2-BECE-C618F776512D}
    Pipe O \Device\NetBT_Tcpip_{AF12C15B-FE0C-42E2-AECC-876BBA6E93FF}
    Pipe O \Device\NetBT_Tcpip_{EE97BF7A-1986-4680-9E8A-E6E44420D310}
    WinCls -------------------------------

  • Hi O G1,

    Windows 10 Entrprise 2016 LTSB -->Is there a build version? You may be able to find this by clicking on Start and typing winver . 

    Regarding the log you posted, there's really not much listed in that output.
    To clarify, the videos do work fine in IE outside the Sandbox, correct? As in no issues are experienced and they play fine? 

    Please try the following:
    Start IE in the new Sandbox after deleting its contents
    Log in to Facebook and have a video ready (don't start it yet)
    Launch Res. Acc. Mon
    Click play or whatever is needed to start the video
    Give it about 5 seconds, then stop Res. Acc. Mon and provide the output once more please.

    Thanks!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barb@Sophos 

    Did exectly waht you asked.

    The result isidentical to previous one

    BTW, Windows version is 1607, build 14393.2791

     

    Clsid -------------------------------
    Clsid {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ShellWindows
    Clsid O {A47979D2-C419-11D9-A5B4-001185AD2B89} Network List Manager
    File/Key -------------------------------
    Image -------------------------------
    Ipc -------------------------------
    Ipc \PdcPort
    Ipc \Sessions\1\BaseNamedObjects\IsoScope_8928_iso_sm_e_8928_1401_7d
    Ipc \Sessions\1\BaseNamedObjects\windows_webcache_bloom_section_{8333EE6C-ED12-414F-995E-7A2847F80A9B}
    Ipc O \RPC Control\DNSResolver
    Ipc O \RPC Control\SbieSvcPort
    Pipe -------------------------------
    Pipe O \Device\Afd
    Pipe O \Device\NetBT_Tcpip_{3F3F684F-2263-43C7-A8DD-87FEFEEDAD45}
    Pipe O \Device\NetBT_Tcpip_{7194130E-AC2A-49F2-BECE-C618F776512D}
    Pipe O \Device\NetBT_Tcpip_{AF12C15B-FE0C-42E2-AECC-876BBA6E93FF}
    Pipe O \Device\NetBT_Tcpip_{EE97BF7A-1986-4680-9E8A-E6E44420D310}
    WinCls -------------------------------

  • Hi O G1, 

    Unfortunately, there's nothing new in that second output. I'll get the same version of Windows 10 and let you know once I am done testing. 

    Please provide an answer to these:
    To clarify, the videos do work fine in IE outside the Sandbox, correct? As in no issues are experienced and they play fine? 

    Thank you!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Just to clarify right now started IE outside the SB and enjoyed all videos which was not able to see running IE under SB.

    Regards

  • Hi O G1,

    I installed Windows 10 x64LTSB 2016 build 14393.0 (almost the same as yours) and was able to repro the issue. 

    Try this workaround for the videos:
    Right-click on your Sandbox --> Sandbox settings --> Resource Access --> IPC Access --> Direct Access
    Hit Add Program
    Add iexplore.exe
    Back to Direct IPC Access, you should see "The below list applies to iexplore.exe"
    Hit Add and paste this:
    *\BaseNamedObjects*\windows_webcache*
    Apply and okay your way out
    Delete the contents of your Sandbox and re-try the video you provided before in your response.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barb@Sophos 

    Your workaround works!

    Thanks :)

    Is it safe? Doesn't it allow to drain harmful soft from web cache into system?

  • Hi O G1,

    Please, see my last response about opening IPCs in this thread:
    https://community.sophos.com/products/sandboxie/f/sandboxie-forum/113606/windows-security-making-sure-its-you-2fa/407465#407465

    Hope this helps.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Reply Children
No Data