A. THE BUG Can you reproduce the problem & if so how reliably?:
Yes If you can, exact steps to reproduce. If not, exactly what you did & what happened:
1: The problem exists in Windows 10 Pro x64 environment, possibly in all Windows 10.
2: Install CIS 126.96.36.19903
3:Install the cusrrent Sandboxie version from here: http://www.sandboxie.com/SandboxieInstall.exe
4:Try to right click on any sandbox in Sandboxie and start Explorer: Run Sandboxed \ Run Windows Explorer. One or two sentences explaining what actually happened:
In any situation nothing happens: Sandboxie doesn’t work. Th esolution is to add the entire Sandboxie folder to the shellcode injections exclusions list: Tasks \ Firewall Tasks \ Open Advanced Settings
Security Settings \ Defence+ \ HIPS \ HIPS Settings
Detect shellcode injections \ Exclusions
Add \ Folders: C:\Program Files\Sandboxie
But even if you do it Explorer will not be able to start with error error 'The application was unable to start correctly (0xc00000e5). Click OK to close the application. One or two sentences explaining what you expected to happen:
I expect Sandboxie working! The explorer should open in a separate sandboxed window like any other program in this conditions. If a software compatibility problem have you tried the advice to make programs work with CIS?:
Yes - actually adding to the shellcode injections exclusions list helped to rus Sandboxie at all. But the issue with Windows Explorer still exists. Any software except CIS/OS involved? If so - name, & exact version:
Yes. Sandboxie 5.04. Any other information, eg your guess at the cause, how you tried to fix it etc:
B. YOUR SETUP Exact CIS version & configuration:
CIS 188.8.131.5203 “Comodo - Internet Security” Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default Have you made any other changes to the default config? (egs here.):
No Have you updated (without uninstall) from CIS 5, 6 or 7?:
No Have you imported a config from a previous version of CIS:
No OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows Pro 10 x64 UAC enabled admin account physical machine Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
Just want to emphasize on this issue. Windows explorer is not the only application not running through Sandboxie because of Comodo.
Sandboxie users are not able to use the application if they have Comodo installed.
Many thanks if this issue is getting considered as important.
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may not communicate with you in the forum or by PM/IM, depending on time, availability, and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
Can set-up sandbox such that only a specific process (e.g. browser) plus any required supporting processes run inside the sandbox
Fine-grained control of system resource access
Can create customized sandboxes with different restrictions for different applications
In my experience…
Protection-wise… it’s debatable… but I think Sandboxie offers nothing significant over COMODO’s sandbox.
Reliability and compatibility-wise, COMODO’s sandbox is less troublesome (except for isolated cases of web-page scripts and an occasional application incompatibility); Windows Updates always seem to mess with Sandboxie - but Invincea is pretty good at fixing issues in a reasonably timely manner.
The one advantage to Sandboxie is that it is more flexible in terms of configuration.
It is not only the browser that won’t run sandboxed in Sandboxie (with Comodo under Windows 10) but all 64-bit apps (total commander, gimp, blender…). In Windows 7 everything was fine.
The main reason I’m forced to use Sandboxie is lack of possibility to change sandbox folder location in Comodo. VTRoot is on system partition, which quite often is on small SSD drive so every gigabyte moved out to external HDD is worth a lot.
CIS is great software but it shouldn’t limit functionality of other apps.
I’d love to switch to Comodo’s sandbox but for now functionality and customizability is more important for me. What is worse, even with everything disabled in Comodo (AV, firewall, defense - every suboption unchecked and system rebooted) I can’t get 64-bit apps sandboxed. Sandboxie works properly only after uninstalling CIS.
I found a solution to my problem. Under “Security Settings/Defense +/HIPS Settings/Detect shellcode injections - Exclusions” I need to add All Aplliations option (or at least paths to applications I want to run sandboxed) to be able to run 64-bit apps.
It is strange though that to run 32-bit apps it is enough to add Sandboxie installation folder but for 64-bit I need to exclude all executables that I want to run sandboxed in Sandboxie.