Sandboxie broken at Windows 6 64bits since 5.24 ( "SBIE2331 Service start failed" error )

I'm an old user of Sandboxie but i never was someone that always got the last updated version as soon as a new version was released. So the version I was using was from 4 series. Today I had to reinstall my Windows 7 64bits so I decided to get the newest version...

 

And after I have tried multiple versions I can say that since version 5.24 Sandboxie is completely broken: despite the program saying it is signed Windows does not accept the driver instalation. If I disable driver signature the program can be installed and works fine, but as soon as I reboot the computer and reenable driver signature the program doesn't work. Has nobody till now seen this problem? I mean, versions 5.24 is almost 3 years old... Sandboxie service simple can't start. Even if i manually try to start it through services.smc it doesn't run.

 

Anyone can easily reproduce the problem: install vanilla Windows 7 64bits SP1 and right after try to install ANY Sandboxie version after 5.22 and Sandboxie driver won't work. Dowgranding to 5.22 or lower makes the software work again.  My media of Windows 7 Home Premium 64bits is original, from MSDN, no modification at all. No other program installed too, just Sandboxie. I have administrative rights and all installers I got directly from Sandboxie site.

 

The strangest thing is that at Sandboxie's site the 5.22 version is adviced as the last one to be compatible with Windows XP, but nothing about being incompatible with Windows 7 too. So the warning is incomplete and should be updated.

 

  • I had a Win 7 b4-bit client, downloaded "SandboxieInstall64-533-3.exe" and that installed fine, service starts.

    I've not used the software before but I see that it has the user mode service: "C:\Program Files\Sandboxie\SbieSvc.exe".

    This is the service you seem to have trouble with, it has no dependencies. 

    From the screenshot you provided it shows the error: -1073740760. This is: STATUS_INVALID_IMAGE_HASH or in words:

    "Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."

    Looking at the Digital signature tab of the file I have:

    Maybe you can check if this is all OK for you.

    It might be worth opening the Event viewer (eventvwr). Under the Applications and Services Logs, locate the CAPI2 under \Microsoft\Windows\ and enable the Operations log (right click).  Then try to start the Service.  Anything of interest logged?

    I would also be interested to run Process Monitor https://docs.microsoft.com/en-us/sysinternals/downloads/procmon when attempting to start the service.   I do see an access denied error in the screenshot also, so a quick filter for result being access denied would be worth a quick look.

    Feel free to zip and share the event log and PML if needed.  As the source code is now available, the operations shown in the PML will hint at how far through the code the service might be getting.

    Also, I notice it has a file system filter driver called SbieDrv.  You can see this by running: Fltmc.exe in an admin prompt, Is that listed for you as evidence the driver is loaded?

    Even with the user mode service stopped, I can't seem to unload this driver using "fltmc unload SbieDrv".  If I set the start type for both the service and the driver to 4 (disabled) and reboot.  I was curious to see if the service can start without the driver do decouple any indirect dependencies.  I can indeed start the user mode service with the driver disabled, so that rules out the driver being an issue at least I would think and simplifies the issue to be just related to the service.

    Regards,

    Jak