[Sandboxie Beta] Sandboxie Beta 5.31 (Latest version 5.31.2)

1. Sandboxie Beta 5.31.2
Windows 10 Enterprise LTSC 2019 x64 Build 17763.615 {rs5_release 180914-1434}

2. Any programs

3. Windows Defender. Off by group police

4. Attempting to launch any program results in an error.
SBIE2203 Failed to communicate with Sandboxie Service: RPCSS_SXS - (Sandboxie RpcSs) [77/FFFFFFFF]
SBIE2204 Cannot start sandboxed service RpcSs (1)
SBIE2204 Cannot start sandboxed service DcomLaunch (-4)

5. Yes, it occur in a new sandbox with default settings

6. 

(Drive) \Device\CdRom0
(Drive) \Device\HarddiskVolume1
(Drive) \Device\HarddiskVolume2
(Drive) \Device\HarddiskVolume3
(Drive) \Device\HarddiskVolume4
(Drive) \Device\HarddiskVolume5
(Drive) \Device\HarddiskVolume6
(Drive) \Device\HarddiskVolume7
(Drive) \Device\HarddiskVolume8
(Drive) \Device\IsoCdRom0
Clsid -------------------------------
File/Key -------------------------------
Image -------------------------------
Ipc -------------------------------
Ipc \BaseNamedObjects\__ComCatalogCache__
Ipc \BaseNamedObjects\SC_AutoStartComplete
Ipc \RPC Control\epmapper
Ipc \Sessions\1\BaseNamedObjects\ComPlusCOMRegTable
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_352
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_6156
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcEptMapper
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs
Ipc \Sessions\1\BaseNamedObjects\SC_AutoStartComplete
Ipc \Sessions\1\BaseNamedObjects\SM0:6156:304:WilStaging_02
Ipc \Sessions\1\BaseNamedObjects\SM0:6156:304:WilStaging_02_p0
Ipc \Sessions\1\BaseNamedObjects\SM0:6156:304:WilStaging_02_p0h
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Ipc O \BaseNamedObjects\msctf.serverDefault1
Ipc O \KernelObjects\MaximumCommitCondition
Ipc O \KnownDlls\advapi32.dll
Ipc O \KnownDlls\bcryptPrimitives.dll
Ipc O \KnownDlls\cfgmgr32.dll
Ipc O \KnownDlls\clbcatq.dll
Ipc O \KnownDlls\combase.dll
Ipc O \KnownDlls\cryptsp.dll
Ipc O \KnownDlls\gdi32.dll
Ipc O \KnownDlls\gdi32full.dll
Ipc O \KnownDlls\IMM32.dll
Ipc O \KnownDlls\kernel.appcore.dll
Ipc O \KnownDlls\kernel32.dll
Ipc O \KnownDlls\kernelbase.dll
Ipc O \KnownDlls\MSCTF.dll
Ipc O \KnownDlls\msvcp_win.dll
Ipc O \KnownDlls\MSVCRT.dll
Ipc O \KnownDlls\ole32.dll
Ipc O \KnownDlls\OLEAUT32.dll
Ipc O \KnownDlls\powrprof.dll
Ipc O \KnownDlls\profapi.dll
Ipc O \KnownDlls\PSAPI.DLL
Ipc O \KnownDlls\rpcrt4.dll
Ipc O \KnownDlls\sechost.dll
Ipc O \KnownDlls\SHCORE.dll
Ipc O \KnownDlls\SHELL32.dll
Ipc O \KnownDlls\SHLWAPI.dll
Ipc O \KnownDlls\ucrtbase.dll
Ipc O \KnownDlls\user32.dll
Ipc O \KnownDlls\win32u.dll
Ipc O \KnownDlls\windows.storage.dll
Ipc O \KnownDlls\WS2_32.dll
Ipc O \RPC Control\lsapolicylookup
Ipc O \RPC Control\SbieSvcPort
Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0
Ipc O \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefault1
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1
Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1
Ipc O \Sessions\1\Windows\ApiPort
Ipc O \Sessions\1\Windows\SharedSection
Pipe -------------------------------
Pipe ?
Pipe \Device\CNG
Pipe \Device\SrpDevice
WinCls -------------------------------

sandboxie.ini

[GlobalSettings]

Template=7zipShellEx
Template=WindowsRasMan
Template=WindowsLive
Template=UltraMon
Template=OfficeLicensing

[DefaultBox]

ConfigLevel=7
AutoRecover=y
BlockNetworkFiles=y
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Enabled=y

[UserSettings_08DA01C0]

SbieCtrl_UserName=user
SbieCtrl_BoxExpandedView=DefaultBox
SbieCtrl_NextUpdateCheck=1563972269
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_ShowWelcome=n
SbieCtrl_AutoApplySettings=n
SbieCtrl_SettingChangeNotify=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_TerminateWarn=n
SbieCtrl_WindowCoords=389,217,1237,632
SbieCtrl_ActiveView=40021

***
Attempting to open a text file in a sandbox

Hi Kon,

I am working on updating a Windows Enterprise version to the one you are using so that I can test the behavior.

The only thing that is not standard in your configuration is UltraMon. Have you tested disabling that template and/or disabling UltraMon on the host to see if that helps?

If the issues persist, please answer these additional questions:
-Are there any restrictions in place? Applocker, controls of any sort? If no program is working in the Sandbox, it could mean an OS related setting is blocking it (any additional information regarding setup restrictions may help me test once I get the updates). 
-I take it the programs work fine outside Sandboxie?
-Could you please translate the screenshot to English so that I can review it?

Thank you!

Hi Barb,

Barb@Sophos said:

The only thing that is not standard in your configuration is UltraMon. Have you tested disabling that template and/or disabling UltraMon on the host to see if that helps?

Unfortunately, disabling the rules for the UltraMon and / or disabling it did not help. In addition, I get the same error on VMware with a minimal set of installed programs.

Barb@Sophos said:

Are there any restrictions in place? Applocker, controls of any sort? If no program is working in the Sandbox, it could mean an OS related setting is blocking it (any additional information regarding setup restrictions may help me test once I get the updates). 

I use NoVirusThanks OSArmor v1.4.3 with default rules. Applocker is enabled, but there are no rules to block it, everything is allowed.
Trying to solve the problem, I put the system on a VMware virtual machine. I was unable to trace the cause of the error. Immediately after installation on a clean system, everything works fine, but it is worth updating the system and an error appears.

Barb@Sophos said:

I take it the programs work fine outside Sandboxie?

yes, everything works fine outside the sandbox

Barb@Sophos said:

Could you please translate the screenshot to English so that I can review it?

I'm sorry, I use the localized interface and completely forgot about it.
The essence of the error: I went to the sandbox folder explorer and tried to run a text file that is in it "DONT-USE.TXT". The text of the error: "Error when starting the application (0xc0000364). To exit the application, click OK"

Hi Kon,

I am still trying to get the updated version but I am either at 1697 or 1903, so will have to rebuild a new VM tomorrow. In the meantime, regarding the error message , it does seem to indicate it is blocked.

Here's what to try next:
Please test disabling Applocker, reboot and retry.
If you can verify that turning off AppLocker allows the apps to run, then when you re-enable it, ensure your rules include AnonymousLogon, then retest.

You state that when you do a clean installation, everything works. What Windows version was installed (the clean install) and which update did you apply exactly? I'll give it a try once you provide this info. Please include the exact build you install and the exact update (if possible the KB number) that is applied (the one that triggers the problems for you). 

Regards,

Hi Barb,

Barb@Sophos said:

Please test disabling Applocker, reboot and retry.

You're right! Disabling AppIDSvc solved the problem. I will continue the experiments and let you know when I find the cause.

Barb@Sophos said:

What Windows version was installed (the clean install) and which update did you apply exactly? 

Microsoft Windows 10.0.17763.316 Enterprise LTSC Version 1809 (release in March 2019). Updates were made via Windows update in July. Tomorrow I will check everything from the very beginning and provide accurate data.

Thank you very much!

Hi Kon,

Try adding Anonymous Logon to your Applocker rules, as that is the user Sandboxie programs run as. 

As an update, I tested Win 10 Enterprise 1809 (17763.316) and encountered no issues with Sandboxie 5.31.2  So between this test and your previous response, looks like the issue is related to your environment settings.

Regards,

Hi Barb,

Barb@Sophos said:

Try adding Anonymous Logon to your Applocker rules, as that is the user Sandboxie programs run as. 

Excuse me, could you show exactly how to do this? I can't add "NT AUTHORITY \ ANONYMOUS LOGON" to "Everyone" in settings Applocker rules. Either one or the other.

Hi Barb,

Barb@Sophos said:

Try adding Anonymous Logon to your Applocker rules, as that is the user Sandboxie programs run as. 

Excuse me, could you show exactly how to do this? I can't add "NT AUTHORITY \ ANONYMOUS LOGON" to "Everyone" in settings Applocker rules. Either one or the other.

Hi Kon,

Unfortunately, I don't know how to configure AppLocker. But sandboxed applications run as Anonymous Logon, you'll need Applocker to consider that in the rules. This was something that was discussed in the past (forums no longer accessible) so I am sharing what I remember from that thread. 

Perhaps an online search can help.

Regards,