A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
-
Can U reproduce the problem & if so how reliably?:
Yes, I can reproduce this every time. -
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
I’ve tested this two ways. For both of them I made a clean install of CIS (and performed all necessary scans and restarts).
If I select Reset Sandbox without running anything in the sandbox the window keeps spinning and saying it’s resetting the sandbox. If I click the X for that window it’s minimized to a background task, as seen in the CIS task window. However, the task says it’s starting. I’ve attached a screenshot of this. Note that I have waited up until the 20 minute mark to restart the computer and the resetting never progressed past saying that it was starting. Also, I checked before running the RESET Sandbox button, and there was already a file in the registry for VritualRoot. I’m not sure if it is supposed to be entirely removed by resetting the sandbox, but I did notice that it was not reset when clicking the RESET Sandbox button.
I have also tested this by first running a browser as virtualized. Then I select Reset sandbox. What I see in this circumstance is that the virtualized browser process is killed. Also, there was a folder in the C-drive created called VTroot, that I can see deleted when running this. Thus, it does appear that the Reset button is doing what it’s supposed to do for the files. However, after allowing it to run for a minute I checked the registry entries at Computer => HKEY_LOCAL_MACHINE => SYSTEM. What I found was that there is a folder there named VritualRoot, which has multiple folders within it. This was never removed. Nor were any of the folders within it. Therefore, it appears the RESET Sandbox button is not deleting the relevant registry keys on my computer. (However, I did notice that after a full uninstall, along with running both uninstall tools, the Vritual Root registry folder is deleted.) Also, the exact same behavior manifests itself by which the the task manager shows that it never gets past starting.
This behavior does not change after restarting the computer. No matter what I do it does not finish resetting the sandbox. Also, I allowed the Reset to run overnight and in the morning it said that it had finished resetting. However, the registry folder was still there (note that this was reset before I ever ran anything virtualized), which I believe should have been removed. Also, the computer went to sleep sometime overnight. Also, if I try to run RESET before restarting the computer it says that an error occurred, and will not reset.
-
If not obvious, what U expected to happen:
Rest sandbox should always be able to reset the sandbox entirely, and in good time. -
If a software compatibility problem have U tried the conflict FAQ?:
NA -
Any software except CIS/OS involved? If so - name, & exact version:
NA -
Any other information, eg your guess at the cause, how U tried to fix it etc:
I’m not sure, perhaps it’s related to the virtualized registry entries, as I believe those should have been reset as well. Thus, perhaps it’s getting hung up because it can’t delete the registry entries. However, I’m not sure whether this is a symptom of the actual problem, or if this is the problem.
Also, I will note that resetting the sandbox worked correctly in previous versions of CIS.
-
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
I have attached the diagnostics and KillSwitch Process dump. Both of these were run while the reset sandbox task was run as a background task, as otherwise CIS wouldn’t let me run them. I also attached a screenshot of the CIS task window after the reset process was moved to background. Please let me know if other attachments would be helpful.
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration:
CIS version 6.1.276867.2813
Default IS Configuration
-
Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
Default -
Have U made any other changes to the default config? (egs here.):
No, it is default settings. -
Have U updated (without uninstall) from a CIS 5?:
No, this was a clean install.
[li]if so, have U tried a a clean reinstall - if not please do?:
NA
[/li]- Have U imported a config from a previous version of CIS:
No
[li]if so, have U tried a standard config - if not please do:
NA
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows 7 x64 (fully updated), UAC disabled, Real System, run as administrator. -
Other security/s’box software a) currently installed b) installed since OS: a)None b)None
[/ol]
[attachment deleted by admin]