The script (.bat) does not run when deleting the sandbox (OnBoxDelete params) if the sandman.exe process is not running

[LexKul]

Describe what you noticed and did

I have a setting for the sandbox - OnBoxDelete: .bat script, which is executed before deleting the contents of the sandbox. I noticed, that the script works only if the sandman.exe process is running.

How often did you encounter it so far?

every time

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Expected behavior

The trigger on deleting the sandbox must run without starting the sandman.exe process

What is your Windows edition and version?

Windows Server 2019

In which Windows account you have this problem?

User account with secure desktop turned off for UAC prompts.

Please mention any installed security software

Microsoft Defender

What version of Sandboxie are you running?

Sandboxie Plus 1.1.3 64-bit

Is it a new installation of Sandboxie?

I have been using the same version for some time.

Is it a regression?

Sandboxie Plus 1.1.3 64-bit

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response

[offhub]

SandMan.exe is responsible for executing such actions, it is normal for them not to be executed while the app is closed.

[LexKul]

@offhub Thanks for the feedback! This only applies to triggers onBoxDelete? But if I use a different type of trigger - StartProgram (same .bat script), then it is executed regardless of whether the SandMan.exe process is running or not. That's how it should be?

[offhub]

The 'OnBoxDelete' function will not be triggered as the auto delete function does not work when the interface is closed. Perhaps their code will need to be ported to the Sandboxie service for both to work. @DavidXanatos can give a more satisfying answer on this subject.

[DavidXanatos]

this is how sandboxie always worked even with the old SbieCtrl.exe moving this to the service is not strait forward it would need to handle many things including snapshot restoration, etc...

[LexKul]

@DavidXanatos or maybe as a quick solution to add a startup SandMan.exe in the background? Example: sandman.exe -background

[offhub]

1. Hide the system tray icon.

   Options > Global Settings > Shell Integration > Windows Shell > Systray options > Show Icon in Systray > Don't show any icon

2. Disable Start UI with Windows

   Options > Global Settings > Shell Integration > Windows Shell > Start Sandbox Manager > Start UI with Windows

3. Enable asynchronous box operations. (This setting hides some dialogs such as auto delete.)

   Options > Global Settings > General Config > General Options > SandMan Options > Run box operations asynchronously whenever possible (like content deletion)

4. Disable popup notifications.

   Options > Global Settings > Notifications > Don't show the popup message log for all SBIE messages

5. Disable other popup settings as well.

6. Create a powershell script.

   SandMan.ps1: Start-Process -WindowStyle Hidden "C:\Program Files\Sandboxie-Plus\SandMan.exe"

7. Create a task with the task scheduler.

   Trigger: At logon Action: Start program: Program: powershell.exe Arguments: -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -File "C:\Program Files\Sandboxie-Plus\SandMan.ps1"

[DavidXanatos]

Whats wrong with having sandman runnign with an icon?

[LexKul]

@offhub Thank you for your answer. That's what I'm doing now, but I don't use it at the same time powershell script, but I run it directly SandMan.exe using the task scheduler. I thought having such an option (a startup SandMan.exe in the background) would be easier.

Whats wrong with having sandman runnign with an icon?

@DavidXanatos Of course there is no problem, but I thought of it as an additional feature