[.06] Causes sandboxes to not delete

Listing issues addressed in beta version 4.01
Locked
Guest10
Posts: 5128
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

[.06] Causes sandboxes to not delete

Post by Guest10 » Thu Apr 11, 2013 6:33 pm

I have found (using 4.01.05) that I can cause "System" to have locks on the 2 Reghive files in a sandbox just by sandboxing a program that is not listed in the Start/Run Restrictions list.

With these programs in the list:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe

Sandboxing Notepad gives:
2013-04-11 18:09:18 SBIE1308 Program cannot start due to restrictions - notepad.exe [Test_Start_Run]
2013-04-11 18:09:18 SBIE2314 Canceling process notepad.exe

Double-clicking the SBIE2222 line to allow Notepad to run gives:
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe,notepad.exe

With no programs running at this time, and the sandbox set to auto-delete, delete contents fails (not renamed).
Manual Delete Contents is unable to delete contents due to "System" locks.

Notepad will run the next time it's tried, but when the program ends the sandbox still cannot be renamed or deleted.
So far, I've had to reboot to delete the contents of the 3 sandboxes that I've tried this with.
-----
[Test_Start_Run]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
NotifyStartRunAccessDenied=y
AutoDelete=y
ProcessGroup=<StartRunAccess>,firefox.exe,plugin-container.exe,flashgot.exe
ClosedIpcPath=!<StartRunAccess>,*
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Firefox, Thunderbird
Sandboxie user since March 2007

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2849
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Thu Apr 11, 2013 11:01 pm

I can reproduce this on XP and W7 32bits. I am seeing same messages as Guest10 when I right click on a file and choose to run it sandboxed in a sandbox where the file has not Start/Run access. The sandbox doesn't delete when it closes even though it is set to delete on closing and Reghive files remain in the sandbox.

Bo

w0lfrun
Posts: 52
Joined: Thu Jun 23, 2011 11:21 am

Causes sandboxes to not delete

Post by w0lfrun » Fri Apr 12, 2013 12:00 am

Had the same problem using 4.01.05. I have went back to version 3.76 and no problem with deletion. Windows 7 64bit. (Just wanted to add that I have KB2813170 update installed and 3.76 is working o.k..)
Along with Windows 7 64 bit also have MBAM pro, MSE, Windows firewall, UAC and my browser is Pale Moon with NoScript and Adblock plus Macrium Reflect as backup.
Last edited by w0lfrun on Fri Apr 12, 2013 2:53 pm, edited 1 time in total.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Fri Apr 12, 2013 2:44 am

Thanks, I'll check it out!
tzuk

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Apr 22, 2013 6:43 am

Please check version 4.01.06.
tzuk

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2849
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Mon Apr 22, 2013 3:27 pm

Fixed for me, W7 SP1 32Bits. I ll try .06 in my XP later today.

Bo

Guest10
Posts: 5128
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Mon Apr 22, 2013 6:32 pm

Fixed for me, on XP.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Firefox, Thunderbird
Sandboxie user since March 2007

DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Mon Apr 22, 2013 7:18 pm

Ahh, I hadn't seen this thread before, and I just had the RegHive locked/in use when trying to manually delete the sandbox before upgrading to .06... I thought that was odd, since I think I've only had that previously if Regedit was open (or maybe open to the particular RegHive) when the sandbox became inactive. Turns out I accidentally tried to run more.com yesterday when I only have *.exe allowed to start, so I guess that's why. Nice find Guest10! :)


And I never want to restart for any reason if I can help it, so I was able to fix it by manually unloading the Sandbox_..._... hive from Regedit.
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days? :o

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2849
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Tue Apr 23, 2013 12:01 am

Guest10 wrote:Fixed for me, on XP.
Same here.:D

Bo

Locked

Who is online

Users browsing this forum: No registered users and 2 guests