Sanboxed Chrome crashes 0xc000005; ESET HIPS [Not Sbie issue but ESET's] [SOLVED]

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Whitepointer
Posts: 5
Joined: Sun Mar 04, 2018 1:56 pm

Sanboxed Chrome crashes 0xc000005; ESET HIPS [Not Sbie issue but ESET's] [SOLVED]

Post by Whitepointer » Tue Oct 02, 2018 3:22 am

After the Chrome updated from 68 to 69 i now get 0xc000005 execution error when trying to run the sandboxed Chrome. I am running Sandboxie version 5.26 and 5.27 made no difference. Note, when i run Chrome unsandboxed it does not crash with the 0xc000005 execution error, instead it runs as it should without issue.

I have ESET running on my WIN 10/64 machine.

Tried to reinstall Chrome, Sandboxie, and then ESET and these changes didn't fix. Then completely removed ESET along with all traces, installed and switched to interactive mode, and permanently approved everything i was asked to approve access to - it still didn't work ie it crashes with the above error.

Tried Chrome beta 70 version and it did not work.

Switched off ESET HIPS and am able to load Chrome through Sandboxie as it should. - It works but now i have disabled a critical antivirus feature.

I don't want to run without HIPS enabled so I have rolled back Chrome to Version 68.0.3440.84 (Official Build) (64-bit) and all is working as it should. If anyone has to rollback make sure you disable Chrome auto update. Rollback versions can be found using a google search, google does not provide rollback versions.

I have no other problems running programs through Sandboxie with HIPS enabled. Example Internet Explorer and Opera both work.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Barb@Invincea » Tue Oct 02, 2018 10:08 am

Hello Whitepointer,

Looks like this has been going on for a while:
viewtopic.php?t=16756
Try these exclusions:
viewtopic.php?p=126532#p126532

If the issues continue, I will take a look at your Sandboxie config file and your Res. Acc. Mon, after you provide all of the required information:
viewtopic.php?f=11&t=19746 ---> Please provide the ESET version, the Windows version (and architecture) repro steps and results of running it in a new Sandbox with default settings.

Sandboxie configuration file:
Configure--> Edit configuration
Copy-paste the contents here
Highlight the contents you just copied and click on the "</>" button to format them.

Resource Access Monitor output:
https://www.sandboxie.com/ResourceAccessMonitor
Launch Res. Acc. Mon.
Reproduce the issue.
Copy-paste the Res. Acc. Mon output and paste it here.
Highlight the output you just pasted and click on the "</>" button in the forum to format it

Regards,
Barb.-

Whitepointer
Posts: 5
Joined: Sun Mar 04, 2018 1:56 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Whitepointer » Fri Oct 05, 2018 4:22 pm

Ok so here is an update, i have uninstalled all 3 software packages again, thoroughly scrubbed the system for traces and reinstalled everything again, and i have the same error. But this time its not HIPS. The error only occurs when i enable Protocol Filtering in ESET. I will start another Thread with theses error specifics as it appears that this thread is no longer accurate.


---------- MERGED POST ---------------
It seems this problem was another issue Protocol frittering in ESET

---------- MERGED POST ---------------
Update:

It appears its not ESET HIPS related as Disabling ESET Protocol Filtering will allow the chrome browser to run sandboxed. I will start another thread as this thread title is not accurate now.

-------------- MERGED POST -----------------------------
Chrome 68 worked fine, but once chrome updated to 69 I started to get 0xc0000005 execution error when trying to run the sandboxed browser in Sandboxie. Other browsers work fine, it is just effecting Chrome. I have gone through disabling and enabling settings in ESET and the following two changes will work:

1. Disabling ESET Protocol Filtering, not the preferred option as the system is running unprotected
or
2. Disabling Disabling Banking and payment protection in ESET, the better option but still not ideal.

According to ESET support, this error is due to a clash between eOppMonitor.dll and SbieDll.dll:

https://forum.eset.com/topic/17100-0xc0 ... ment-84480

My system details
Win 10/64
Sandboxie 5.26 64
Occurs in Sandbox default settings
Chrome ver 69.0.3497.100 (Official Build) (64-bit)
Antivirus ESET Internet Security 11.2.63.0
To reproduce the error, right click chrome and select Run Sandboxed

Cheers

huldu
Posts: 31
Joined: Sat Apr 19, 2008 4:30 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by huldu » Tue Oct 09, 2018 3:41 pm

Yeah, I ran into this issue myself. The problem is disabling the protocol filtering also disables the "protection"(ie web access) offered by the AV.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Barb@Invincea » Wed Oct 10, 2018 9:34 am

All,

Once you provide the info I requested, I will be able to review the process and perhaps find out what's happening.
Please see viewtopic.php?p=134824#p134824

Regards,
Barb.-

Whitepointer
Posts: 5
Joined: Sun Mar 04, 2018 1:56 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Whitepointer » Wed Oct 10, 2018 3:16 pm

Sandboxie.ini file

Code: Select all

[GlobalSettings]

Template=NOD32
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
ActivationPrompt=n

[DefaultBox]

ConfigLevel=7
AutoRecover=n
BlockNetworkFiles=y
Template=IExplore_Favorites_RecoverFolder
Template=Chrome_Phishing_DirectAccess
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Enabled=y

[UserSettings_05000141]

SbieCtrl_UserName=HIDDEN
SbieCtrl_BoxExpandedView=DefaultBox
SbieCtrl_ShowWelcome=n
SbieCtrl_NextUpdateCheck=1539284131
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_WindowCoords=554,99,1031,527
SbieCtrl_ActiveView=40021
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_AutoApplySettings=n

Resource Monitor Output

Code: Select all

(Drive)     \Device\HarddiskVolume2
(Drive)     \Device\HarddiskVolume4
(Drive)     \Device\HarddiskVolume5
Clsid       -------------------------------
File/Key    -------------------------------
Image       -------------------------------
Ipc         -------------------------------
Ipc         \BaseNamedObjects\__ComCatalogCache__
Ipc         \BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
Ipc         \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
Ipc         \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db
Ipc         \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Ipc         \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Ipc         \BaseNamedObjects\RotHintTable
Ipc         \BaseNamedObjects\SC_AutoStartComplete
Ipc         \BaseNamedObjects\windows_shell_global_counters
Ipc         \RPC Control\actkernel
Ipc         \RPC Control\epmapper
Ipc         \RPC Control\OLEC19FBD684A5EE74D96429E579692
Ipc         \Sessions\2\BaseNamedObjects\__ComCatalogCache__
Ipc         \Sessions\2\BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
Ipc         \Sessions\2\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
Ipc         \Sessions\2\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db
Ipc         \Sessions\2\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Ipc         \Sessions\2\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Ipc         \Sessions\2\BaseNamedObjects\C:*Users*****AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000120.db
Ipc         \Sessions\2\BaseNamedObjects\C:*Users*****AppData*Local*Microsoft*Windows*Caches*cversions.1.ro
Ipc         \Sessions\2\BaseNamedObjects\ComPlusCOMRegTable
Ipc         \Sessions\2\BaseNamedObjects\ComTaskPool:9404
Ipc         \Sessions\2\BaseNamedObjects\RotHintTable
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_DummyEvent_1416
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_DummyEvent_5236
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_DummyEvent_6204
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_DummyEvent_9404
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcEptMapper
Ipc         \Sessions\2\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs
Ipc         \Sessions\2\BaseNamedObjects\SboxSession
Ipc         \Sessions\2\BaseNamedObjects\SC_AutoStartComplete
Ipc         \Sessions\2\BaseNamedObjects\ScmCreatedEvent
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:120:WilError_01
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:120:WilError_01_p0
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:120:WilError_01_p0h
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:304:WilStaging_02
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:304:WilStaging_02_p0
Ipc         \Sessions\2\BaseNamedObjects\SM0:1416:304:WilStaging_02_p0h
Ipc         \Sessions\2\BaseNamedObjects\SM0:5236:304:WilStaging_02
Ipc         \Sessions\2\BaseNamedObjects\SM0:5236:304:WilStaging_02_p0
Ipc         \Sessions\2\BaseNamedObjects\SM0:5236:304:WilStaging_02_p0h
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:120:WilError_01
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:120:WilError_01_p0
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:120:WilError_01_p0h
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:304:WilStaging_02
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:304:WilStaging_02_p0
Ipc         \Sessions\2\BaseNamedObjects\SM0:9404:304:WilStaging_02_p0h
Ipc         \Sessions\2\BaseNamedObjects\SyncRootManager
Ipc         \Sessions\2\BaseNamedObjects\windows_shell_global_counters
Ipc         \WindowsErrorReportingServicePort
Ipc      O  \BaseNamedObjects\NODCOMM49554745To31524B45CommPort
Ipc      O  \KernelObjects\MaximumCommitCondition
Ipc      O  \KernelObjects\SystemErrorPortReady
Ipc      O  \KnownDlls\advapi32.dll
Ipc      O  \KnownDlls\bcryptPrimitives.dll
Ipc      O  \KnownDlls\cfgmgr32.dll
Ipc      O  \KnownDlls\clbcatq.dll
Ipc      O  \KnownDlls\combase.dll
Ipc      O  \KnownDlls\COMDLG32.dll
Ipc      O  \KnownDlls\gdi32.dll
Ipc      O  \KnownDlls\gdi32full.dll
Ipc      O  \KnownDlls\IMAGEHLP.dll
Ipc      O  \KnownDlls\IMM32.dll
Ipc      O  \KnownDlls\kernel.appcore.dll
Ipc      O  \KnownDlls\kernel32.dll
Ipc      O  \KnownDlls\kernelbase.dll
Ipc      O  \KnownDlls\MSCTF.dll
Ipc      O  \KnownDlls\msvcp_win.dll
Ipc      O  \KnownDlls\MSVCRT.dll
Ipc      O  \KnownDlls\ole32.dll
Ipc      O  \KnownDlls\OLEAUT32.dll
Ipc      O  \KnownDlls\powrprof.dll
Ipc      O  \KnownDlls\profapi.dll
Ipc      O  \KnownDlls\PSAPI.DLL
Ipc      O  \KnownDlls\rpcrt4.dll
Ipc      O  \KnownDlls\sechost.dll
Ipc      O  \KnownDlls\SHCORE.dll
Ipc      O  \KnownDlls\SHELL32.dll
Ipc      O  \KnownDlls\SHLWAPI.dll
Ipc      O  \KnownDlls\ucrtbase.dll
Ipc      O  \KnownDlls\user32.dll
Ipc      O  \KnownDlls\win32u.dll
Ipc      O  \KnownDlls\windows.storage.dll
Ipc      O  \KnownDlls\WS2_32.dll
Ipc      O  \RPC Control\lsapolicylookup
Ipc      O  \RPC Control\lsasspirpc
Ipc      O  \RPC Control\SbieSvcPort
Ipc      O  \Security\LSA_AUTHENTICATION_INITIALIZED
Ipc      O  \Sessions\2\Windows\ApiPort
Ipc      O  \Sessions\2\Windows\SharedSection
Ipc      O  \Sessions\2\Windows\Theme3581923211
Ipc      O  \Sessions\2\Windows\ThemeSection
Ipc      O  \ThemeApiPort
Ipc      O  \Windows\Theme2186689536
Pipe        -------------------------------
Pipe        ?
Pipe        \Device\CNG
Pipe        \Device\HarddiskVolume1
Pipe        \Device\HarddiskVolume2
Pipe        \Device\HarddiskVolume3
Pipe        \Device\HarddiskVolume4
Pipe        \Device\HarddiskVolume5
Pipe        \Device\KsecDD
Pipe        \Device\MountPointManager
Pipe        \Device\Ndis
Pipe        \Device\NDMP10
Pipe        \Device\NDMP11
Pipe        \Device\NDMP12
Pipe        \Device\NDMP13
Pipe        \Device\NDMP14
Pipe        \Device\NDMP3
Pipe        \Device\NDMP4
Pipe        \Device\NDMP5
Pipe        \Device\NDMP6
Pipe        \Device\NDMP7
Pipe        \Device\NDMP8
Pipe        \Device\NDMP9
WinCls      -------------------------------
WinCls   O  Shell_TrayWnd
Last edited by Barb@Invincea on Thu Oct 11, 2018 9:59 am, edited 1 time in total.
Reason: Formatted content

huldu
Posts: 31
Joined: Sat Apr 19, 2008 4:30 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by huldu » Wed Oct 10, 2018 4:34 pm

The problem *IS* eset hips. Once you disable it or just uninstall(which I did) eset, there are zero issues running chrome inside the sandbox. I have no idea if that is even something that can be "fixed" on sandboxie's side, I doubt it but one can always hope.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Barb@Invincea » Thu Oct 11, 2018 10:03 am

All,

I am not seeing any specific entries in the Res. Acc. Mon for NOD (except the path we open with the template).
Can somebody post another one please? (I need it with all the AV features on, so I can see if anything is making it to the sandbox).

If all of them show nothing, then the issue is happening before it hits Sandboxie. At which point, you will probably want to raise a case with NOD's support team.

Another suggestion, disable the NOD template and see if that makes any difference.

Regards,
Barb.-

Whitepointer
Posts: 5
Joined: Sun Mar 04, 2018 1:56 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS

Post by Whitepointer » Thu Oct 11, 2018 3:39 pm

@Barb: The post of Res Mon i provided did have all the antivirus featured turned on. I waited until it crashed and then i copied and pasted that info.

@huldu: It is no longer HIPS for me, I can leave HIPS on and completely disable Banking and Payment Protection as per my note above and everything works as it should. Note I must permanently disable the module for it to work.

ESET support have recognised the problem at their end and state that the problem will be fixed once they update their Banking and payment protection module from version 1138 to version 1140.

Whitepointer
Posts: 5
Joined: Sun Mar 04, 2018 1:56 pm

Re: Sanboxed Chrome crashes 0xc000005; ESET HIPS [Not Sbie issue but ESET's]

Post by Whitepointer » Sat Nov 03, 2018 11:18 pm

FIXED

I can confirm that this problem is now fixed because ESET have released their update.

Sandboxed browser now works as it should

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 31 guests