Using Windows XP SP2 with all updates (upgrading to SP3 is not an option for several more weeks), the CIS 4 series ( originally 4-0-141842-828 + all automatic updates) had been working well for months with Avast 5 (current installed version 5-0-677) and Sandboxie 3.48. Weeks ago, when CIS 5 was released, I downloaded and installed with the firewall only, with the Defense + Maximum Protection option. Immediately, Sandboxie could not start any application, including Windows Explorer. The error message was always “SBIE2204 Cannot start sandboxed service RpcSs.” I uninstalled CIS, manually removed all traces from the Registry and file system, and Sandboxie function returned immediately. I ran without CIS until 10/30.
After updating SBIE to version 3-50, and having it work successfully with Avast for a week or so, I downloaded a new version of the CIS 5 installer, and reinstalled CIS, again without the antivirus component, using the Maximum Protection option. Avast was turned off, and all running applications were closed, before the installation. After checking for updates, CIS reports (as it did originally) the installed version as Comodo Internet Security 5-0-162636-1135, and update says that it is the most current. After restarting several times, so that CIS could be configured to allow all the normally autostarted applications, I ran a whole system scan with Avast. I then set CIS to “Clean PC” mode, and tried SBIE for the first time. The SBIE error returned immediately, again regardless of the application being opened. This is never accompanied by any indication in the Comodo Defense + Events log that a blocking event has occurred, or any related popup warning. Windows System or Application Event logs show no warnings or other indications.
I then began a series of tweaks, none of which have worked. The error persists when: CIS is set to any of the Protection Levels (Safe, Paranoid, etc), or is disabled; CIS Image Execution Control is disabled; Avast 5 real-time shields are disabled; Avast 5 real-time shields are set with exceptions to ignore files in the SBIE and Comodo folders.
I continued with tweaks designed to try to let CIS run as intended, but remove any restrictions on any SBIE files. To do this, I accessed the Computer Security dialog from the Defense + tab of the main CIS interface. In the Computer Security dialog, I opened the “Protected Files and Folders” tab, and clicked the Groups button. In the File Groups dialog, I clicked “Add,” and created a new File Group which I called “Sandboxie Files.” I then added the contents of the Sandboxie installation folder, which includes its driver.
I then clicked on the “Predefined Policies” tab, and created a new Predefined Security Policy, which I named “Sandboxie.” I then edited the new Policy, and customized its Protection Settings and Access Rights. On the Protection Settings tab, I set all Protection Types to Inactive. On the Access Rights tab, I set all the listed Access Names to “Allow.” I then set the Access Name “Run as Executable” to “Ask,” since “Allow” is not an option. I then modified that setting under the “Exclusions” column by adding exclusions for all the standard Predefined File Groups, plus the newly created Sandboxie group.
Finally, on the Defense + Rules tab, I added the Sandboxie File Group, and then set it to use the Sandboxie Predefined Security Policy.
At that point, as I understand it, Comodo has been set to ignore every file in the Sandboxie installation folder (which includes its driver), each of those files should be allowed to interact with any other file on the system, and each should be able to take any possible action which would normally trigger action by Defense +. The errors, however, persist.