Sandboxie couldn't terminal all processes (Error Status 0xc0000001)

[0x391F]

What happened?

Sandboxie couldn't terminal all processes or delete contents (Error Status 0xc0000001). By the way, ekrn.exe (ESET Kernel) keep 50%+ CPU usage.

To Reproduce

1. Sandboxie terminal all processes
2. Couldn't terminal all processes (Error Status 0xc0000001)

Expected behavior

This bug shouldn't appear.

What is your Windows edition and version?

Windows 10 Enterprise LTSC 2021 x64 (21H2)

In which Windows account you have this problem?

User account with UAC protection set to Always notify.

Please mention any installed security software

ESET Internet Security

What version of Sandboxie are you running?

Sandboxie-Plus 1.0.9 x64

Is it a regression?

No response

List of affected browsers

No response

In which sandbox type you have this problem?

Not relevant to my request.

Is the sandboxed program also installed outside the sandbox?

Yes, it is also installed outside the sandbox.

Can you reproduce this problem on an empty sandbox?

Not relevant to my request.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response

Sandboxie-Plus.ini configuration (for Plus interface issues)

No response

[0x391F]

I don't know this bug cause by Sandboxie conflict with ESET Internet Security or not.

[DavidXanatos]

and the processes stay there, can you kill them from the task manager? what if you uninstall assset?

[0x391F]

and the processes stay there, can you kill them from the task manager? what if you uninstall assset?

The sandboxed processes even couldn't killed by task manager (Access denied). But today this bug doesn't reproduce.

[ghost]

https://github.com/sandboxie-plus/Sandboxie/issues/1502 https://github.com/sandboxie-plus/Sandboxie/issues/1514

[Shadowized]

I too am experiencing this issue, I threw a few games inside a Sandbox to test and when I would close them, the process remained running and nothing could kill them, I tried with ProcessHacker, ProcessLasso, Sandman, and Taskmanager. In Sandman when I try to terminate it this is the error I get.

for me this started when I upgraded SBIE+ from v1.0.15 to v1.0.18 but I also tried v1.0.19 and the issue happened there too so I suppose I'll try downgrading to see if I can narrow it down a little more.

edit: I don't use/have ESET.

[ghost]

Please post your SBIE config. When the issue occurs, you will not be able to terminate the processes even if you use system account

[Shadowized]

[GameTest]
ConfigLevel=9
AutoRecover=y
Template=FileCopy
Template=SkipHook
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#ff8000,off,6
Enabled=y
BoxNameTitle=-
CopyLimitKb=111522
NotifyStartRunAccessDenied=n
OpenWinClass=*
BlockNetworkFiles=y
OpenPrintSpooler=n
AllowSpoolerPrintToFile=n
CopyLimitSilent=n

one odd thing I noticed with the effected processes was I was not getting any firewall notifications (comodo firewall in custom mode thus anything including loopback traffic needs to be allowed manually) but when I rebooted I saw them so perhaps the issue is a weird race condition/hook, I dunno but I wasn't even able to dump the memory of the processes it would give permission denied.

[0x391F]

This bug reproduce today, but different from the previous, Sandboxie-Plus could delete contents, and the bug disappear immediately, ESET CPU usage become normal.

[ghost]

https://github.com/sandboxie-plus/Sandboxie/issues/1502#issuecomment-1036934666

[0x391F]

This bug reproduce today, ekrn.exe cost>=50 CPU, and sandboxie couldn't delete contents, but after I try to unmount RAMDisk, this bug disappear immediately. The sandboxie work folder is storage in RAMDisk.

[github-actions[bot]]

As it has been 3 months since the last activity, we are automatically closing this issue in 14 days. If it is still present, please respond to help us investigate on newer Sandboxie versions. Thank you for your contribution!

[isaak654]

It would be interesting to know whether DenyHostAccess=ekrn.exe,y can help you to prevent the issue.

[0x391F]

Fortunately, this bug doesn't reproduce in recent 2 months, I think the conflict between ESET Internet Security and Sandboxie has been resolved by ESET, because some EIS module has been updated in the meantime.