CIS 2011 Breaks Sandboxie 3.5

Using Windows XP SP2 with all updates (upgrading to SP3 is not an option for several more weeks), the CIS 4 series ( originally 4-0-141842-828 + all automatic updates) had been working well for months with Avast 5 (current installed version 5-0-677) and Sandboxie 3.48. Weeks ago, when CIS 5 was released, I downloaded and installed with the firewall only, with the Defense + Maximum Protection option. Immediately, Sandboxie could not start any application, including Windows Explorer. The error message was always “SBIE2204 Cannot start sandboxed service RpcSs.” I uninstalled CIS, manually removed all traces from the Registry and file system, and Sandboxie function returned immediately. I ran without CIS until 10/30.

After updating SBIE to version 3-50, and having it work successfully with Avast for a week or so, I downloaded a new version of the CIS 5 installer, and reinstalled CIS, again without the antivirus component, using the Maximum Protection option. Avast was turned off, and all running applications were closed, before the installation. After checking for updates, CIS reports (as it did originally) the installed version as Comodo Internet Security 5-0-162636-1135, and update says that it is the most current. After restarting several times, so that CIS could be configured to allow all the normally autostarted applications, I ran a whole system scan with Avast. I then set CIS to “Clean PC” mode, and tried SBIE for the first time. The SBIE error returned immediately, again regardless of the application being opened. This is never accompanied by any indication in the Comodo Defense + Events log that a blocking event has occurred, or any related popup warning. Windows System or Application Event logs show no warnings or other indications.

I then began a series of tweaks, none of which have worked. The error persists when: CIS is set to any of the Protection Levels (Safe, Paranoid, etc), or is disabled; CIS Image Execution Control is disabled; Avast 5 real-time shields are disabled; Avast 5 real-time shields are set with exceptions to ignore files in the SBIE and Comodo folders.

I continued with tweaks designed to try to let CIS run as intended, but remove any restrictions on any SBIE files. To do this, I accessed the Computer Security dialog from the Defense + tab of the main CIS interface. In the Computer Security dialog, I opened the “Protected Files and Folders” tab, and clicked the Groups button. In the File Groups dialog, I clicked “Add,” and created a new File Group which I called “Sandboxie Files.” I then added the contents of the Sandboxie installation folder, which includes its driver.

I then clicked on the “Predefined Policies” tab, and created a new Predefined Security Policy, which I named “Sandboxie.” I then edited the new Policy, and customized its Protection Settings and Access Rights. On the Protection Settings tab, I set all Protection Types to Inactive. On the Access Rights tab, I set all the listed Access Names to “Allow.” I then set the Access Name “Run as Executable” to “Ask,” since “Allow” is not an option. I then modified that setting under the “Exclusions” column by adding exclusions for all the standard Predefined File Groups, plus the newly created Sandboxie group.

Finally, on the Defense + Rules tab, I added the Sandboxie File Group, and then set it to use the Sandboxie Predefined Security Policy.

At that point, as I understand it, Comodo has been set to ignore every file in the Sandboxie installation folder (which includes its driver), each of those files should be allowed to interact with any other file on the system, and each should be able to take any possible action which would normally trigger action by Defense +. The errors, however, persist.

Have you tried adding the SbieCtrl.exe to Trusted Software Providers?

First Installation:

  • I’ve downloaded the same copy from sandboxie’s website
  • Installed into defualt directory
  • Installation Went Near Perfect - An Alert Came Up for installation of Driver - I Applied the “Treat As: trusted Application” No Alerts were made after except for checking udates
  • Also Same Error as reported by KomodoDragon999
  • I’ve Added Sandboxie into the trust software providers list by adding SbieCtrl.exe (Defense+ > Computer Security Policy > Trusted Software Providers > Add > From Running Proces > SbieCtrl.exe
  • Problem Solved For Me After Above Instruction
  • Uninstalled and Remove Files From The Defense+ Policy and Trusted Software Providers

Second Installation;

  • I’ve downloaded the same copy from sandboxie’s website
  • Installed into a different directory because i noticed that there were two files still left (a .DLL and .EXE) These were not in use
  • Installation Went Perfect
  • Noticed Sandboxie was automatically entered in the “Trusted Software Providers” List - That is why no alerts/pop ups were shown
  • Also No Errors in the Sandboxie Log

(I’m running on Windows XP SP2 Pro)
My configuration, Both Firewall/Antivirus Installed
Defense+: Safe Mode
Firewall: Custom Policy
CIS Sandbox is On

Let me try to reproduce your error,

Hope this help until i reply back with screen shot

- Jacob Kilgore
C-O-M-O-D-O Forum Moderator

I believe i have a answer to your problem

Once I’ve downloaded Sandboxie and installed on a different partition P:\Program Files\Sandboxie
I didn’t add anything except with the alerts that came up (No Screenshots sorry) I selected Trusted App… Then I went to CIS > Defense+ > Computer Security Policy > Trusted software vendors and the Selected Add > By Process > SbieCtrl.exe

and restarted,

No Errors and worked for me…

Did this help you?

My system has 8 partitions. Three of them have Windows installations. The one I use almost exclusively is on drive D:. Both Comodo and SBIE have always been installed in the Program Files directory of Drive D. Are you suggesting that I uninstall SBIE, and reinstall it on one of the other, non-system partitions?

Have you tried adding the SbieCtrl.exe to Trusted Software Providers?

First Installation:

  • I’ve downloaded the same copy from sandboxie’s website
  • Installed into defualt directory
  • Installation Went Near Perfect - An Alert Came Up for installation of Driver - I Applied the “Treat As: trusted Application” No Alerts were made after except for checking udates
  • Also Same Error as reported by KomodoDragon999
  • I’ve Added Sandboxie into the trust software providers list by adding SbieCtrl.exe (Defense+ > Computer Security Policy > Trusted Software Providers > Add > From Running Proces > SbieCtrl.exe
  • Problem Solved For Me After Above Instruction
  • Uninstalled and Remove Files From The Defense+ Policy and Trusted Software Providers

Second Installation;

  • I’ve downloaded the same copy from sandboxie’s website
  • Installed into a different directory because i noticed that there were two files still left (a .DLL and .EXE) These were not in use
  • Installation Went Perfect
  • Noticed Sandboxie was automatically entered in the “Trusted Software Providers” List - That is why no alerts/pop ups were shown
  • Also No Errors in the Sandboxie Log

Jake

EDIT: Revised

I’m sorry I’m no following you. In your first message, at 7:44pm, you said that you “downloaded and installed (successfully Sandboxie,” and that after rebooting “Everything work’d flawlessly.” Now, at 8:05pm, you’re saying that you “installed it on my Windows Partition the first time around and got the same error.” It seems like a contradiction. I don’t see how everything could have been working “flawlessly” if you were getting a SBIE error.

I’m sorry;

I did get the error, but I resolved it by the above steps…

OK, now I understand. I don’t see why installing to a different partition would have an effect, but I’ll give it a try. It may take some time before I can report back. Thanks for your input.

The reason why there was no errors, because once you delete a object in “Trusted Software Providers” and uninstall the product from that provider… then restart then reinstall the same piece of software it will automatically add it’s self “Defined by COMODO”
It has nothing to do with installing it to a different partition, i just stated that for notes on what i did… (I’ll revise more indepth)

Updated
Sorry for the confusion
Jake

To duplicate your settings, I set Comodo to “Safe Mode” instead of Clean PC. I also confirmed that SBIE was shown as a Trusted Vendor as defined by Comodo. I believe that setting is created as a default during Comodo Installation. Then I uninstalled SBIE, and rebooted. Finally, I tried installing SBIE to another partition. SBIE does not call for a reboot after installation, so I tried to run something right after installation. The error returned. I rebooted, but the error persisted.

Although this was unsuccessful, reinstalling closed off other variables as possible causes. I can now confirm that it is not significant that you installed SBIE after Comodo was already installed, whereas I installed Comodo after SBIE was installed. This has also confirmed that it is not a factor that you were using a default Sandboxie.ini configuration, while my configuration file was highly customized. Third, the location of the installation directory is not a factor. Finally, the inclusion of SBIE as a Trusted Vendor is not a factor.

in short
did you solve?
i have the same issue

Nothing that I tried solved the issue.

give a look http://www.sandboxie.com/phpbb/viewtopic.php?t=10013

Thanks for pointing out this thread. At the time I posted my original comment in this Comodo forum, Tzuk had not been able to replicate any problem. Now that he’s found something, hope might be on the way. However, since there is now a recognition by both Comodo and Sandboxie of an incompatibility, couldn’t Comodo’s developers communicate directly with Tzuk and work together to find a fix?

???

Where has Comodo said there is an incompatibility?

well i browse several forums and there are lots of users with xp , with issue with comodo & sandboxie

as a matter of fact with many other software like true image and so on

by the way i love sandboxie and comodo

check this http://www.sandboxie.com/phpbb/viewtopic.php?t=9878