Sandboxie causing "An anonymous session connected from [MY COMPUTER NAME] has attempted to open an LSA policy handle ..." on Windows 10

OS: Windows 10 x64 1809

Sandboxie Version: 5.30

Anti Virus: Kaspersky Internet Security v2019

Steps to reproduce: Simply run Firefox(v57) in Sandboxie mode

Screenshot(not mine, but same): filedb.experts-exchange.com/.../LSAsrv-Error2.JPG

Event ID in Event Viewer: 6033

 

Hello.

After upgrading Windows 7 to Windows 10, whenever I launch Firefox in Sandbox mode I get the following error in the Event Viewer:

"An anonymous session connected from [MY COMPUTER NAME] has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Lsa\TurnOffAnonymousBlock DWORD value to 1.
This message will be logged at most once a day."

As confirmed by https://www.tenforums.com/general-support/84319-event-id-6033-lsa-lsasrv.html it is a Sandboxie problem.

I never saw this event before, I run Sandboxie on multiple machines, all Windows 7, this is now the only one running Windows 10 and the only one with this issue.

The anonymous "attack", if so it can be called, is coming from my own machine.

Is this a known issue?

Edit: I clean installed Windows 10 v1809 and the problem persists.

Thank you.

Parents Reply
  • Hi sandboxieuser456 ,

    When I inquired about the May windows update, I assumed you just upgraded to Win10 like most people do. I was thinking perhaps some remnants of Win7 might be left over that could be causing the error. However, I just noticed in your original post you mentioned doing a clean install. I was asking because of the KB4499175 update has been problematic with some anti-virus software but this of course wouldn't effect you on a clean install. I use CIS and Comodo is not effected by the update.

    The LsaSrv error is caused from running a sever and the only 2 server items I have running is Intel Turbo Booster and Sandboxie. The Intel software is installed on your system and not in the BIOS. The preliminary research is to attempt to find commonalities between our machines.

    So far today and yesterday, I have not experienced any errors yet. On Friday, I'm going to update SB to v5.30 and see if the LsaSrv error comes back. Time will tell.

    If you have the time, have your thought about doing a fresh install again and run SB at v5.28 to see if the errors happen? The v5.28 was a part of the image and I don't have another copy but maybe Barbara can get a copy for you to test with. Worse case, I do have v5.26 but the other version would offer better results.

     

Children