DavidXanatos
commented
1 year ago Would it be to much to ask to switch the UI language to english and re take the 2nd screenshot?
Closed 7starsseeker closed 11 months ago
DavidXanatos
commented
1 year ago Would it be to much to ask to switch the UI language to english and re take the 2nd screenshot?
DavidXanatos
commented
1 year ago PS: With as far asI can tell simmilar setup, same windows version, and VBS enabled i cant reproduce this issue.
To debug it further it would be required to test a couple test build drivers,
for that you would need to enable Test signing mode bcdedit /testsigning on
would you be willing to try out a few test drivers?
7starsseeker
commented
1 year ago Here.
Although I want to continue to follow in to help solve this problem, but on the one hand I am now dealing with my thesis and may not have time to do it; on the other hand I only have this one computer on hand to use for my thesis and dare not let anything go wrong with it.
So I'm sorry I can't continue to offer help.
isaak654
commented
1 year ago Template=ComodoInternetSecurity
This product is known to cause BSOD issues, please apply the recommendations described in https://github.com/sandboxie-plus/Sandboxie/issues/1427#issuecomment-1001273168
7starsseeker
commented
1 year ago Template=ComodoInternetSecurity
This product is known to cause BSOD issues, please apply the recommendations described in #1427 (comment)
OK,I'll try and thanks
isaak654
commented
1 year ago OK,I'll try and thanks
This is intended as a suggestion that still needs confirmation. Please feel free to report back as soon as you are able, no rush.
xsmolasses
commented
1 year ago I'm mentioning here what I've no reason to think is related, yet to make brief one readily reproducible BSoD case (but on a box start) using combination experimental options UnstrippedToken=y (not to be mistaken for UnfilteredToken) together with SandboxieLogon=y. Win10 [Pro]: vbox guest halts, or applied to the host hardware, a stop error. Tested v1.9.3 and v1.9.4.
reraikes
commented
1 year ago I've been pulling my hair out since Sunday with a BSoD (UNEXPECTED_KERNEL_MODE_TRAP) after making no changes to a Windows 11 system. Uninstalling Sandboxie (5.64.3 or 5.64.4) results in a perfectly healthy system. I've uninstalled everything possible and the problem still persists. I've reinstalled Windows 11 (saving settings and apps), but the crashes still occur if Sandboxie is installed.
DavidXanatos
commented
1 year ago Is the issue introduced in 5.64.3 or are earlier versions affected as well? could you please provide a crashdump?
reraikes
commented
1 year ago Is the issue introduced in 5.64.3 or are earlier versions affected as well?
5.64.3 had been running since its release without problems until Sunday evening.
could you please provide a crashdump?
Could you please provide me with instructions?
DavidXanatos
commented
1 year ago So the issue started with 5.64.4 hence you should be able to install 5.64.3 again, correct?
When windows crashes and a BSOD is shown a crash dump is saved in C:\Windows\Minidump zip it and upload it to a file hoster
isaak654
commented
1 year ago could you please provide a crashdump?
Could you please provide me with instructions?
List of crash dump locations: https://github.com/sandboxie-plus/Sandboxie/discussions/2487#discussioncomment-4224189
reraikes
commented
1 year ago 5.64.3 had no problems until the BSoD started on Sunday. 5.64.3 and 5.64.4 exhibit the same problem. Booting is fine and you can always sit on the login screen forever. If not connected to the Internet, you can log in (using PIN) and all is well forever. Rebooting with the Internet connected, UNEXPECTED_KERNEL_MODE_TRAP occurs (usually within a few seconds of logging in). Disconnecting from the Internet and rebooting does not allow you to log in again (BSoD immediately after entering your PIN) - Sandboxie or its hooks must be corrupted as you must boot into safe mode, uninstall Sandboxie, and then everything is perfectly healthy again.
isaak654
commented
1 year ago @DavidXanatos Since we are in the mood here to concentrate different BSODs, then let's go through them all one by one.
The ease with which this can be reproduced is alarming. Crash dump: removed
DavidXanatos
commented
1 year ago reraikes
commented
1 year ago 5.64.5 does NOT fix the UNEXPECTED_KERNEL_MODE_TRAP BSoD when logging in while connected to the Internet.
There are two noticeable changes:
SBIE2331 Service start failed: [22 / 1060] The specified service does not exist as an installed service.
DavidXanatos
commented
1 year ago We may have here a few different issues at hand, your report says 5.64.3 is broken as well but was not in the past, so something changed on your system which in combination with 5.64.3 causes a BSOD
Other users reported issues starting with 5.64.4 and I have identified a potential issue in the driver and fixed it.
So I think we need to debug your issue separately, also the crash dump does not point to the SbieDrv.sys so its difficult to pinpoint was the initial problem may be.
Please try the following things:
isaak654
commented
1 year ago please try https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.9.5
The BSOD issue reported in https://github.com/sandboxie-plus/Sandboxie/issues/2958#issuecomment-1563614521 is still on v.1.9.5 x64.
Note: SandboxieLogon=y was in [GlobalSettings], UnstrippedToken=y in [DefaultBox].
I'm sorry, but I'm not going to reproduce it a third time to confirm the fix.
offhub
commented
1 year ago The system still crashes.
please try https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.9.5
The BSOD issue reported in #2958 (comment) is still on v.1.9.5 x64.
Note:
SandboxieLogon=ywas in [GlobalSettings],UnstrippedToken=yin [DefaultBox].I'm sorry, but I'm not going to reproduce it a third time to confirm the fix.
DavidXanatos
commented
1 year ago It is not helpful to mash BSOD's together unless one is sure they had all the same cause.
As far as I can tell we have 3 different BSOD issues in this thread
the first one reported by 7starsseeker which should be fixed in 1.9.5 and was introduced in 1.9.4
the one with SandboxieLogon=y and UnstrippedToken=y which was introduced who knows when as UnstrippedToken=y is a debug option for the most adventurous of all testers
and the one reported by reraikes which seams to have appeared when 1.9.4 came out but then seams to also started happening with 1.9.3 which run just fine before, so it has some strange compound reason.
I fixed one,
now I'll look into the SandboxieLogon=y and UnstrippedToken=y
and for the last one we need more info what else may have changed on the system before I can proceed further with that one
DavidXanatos
commented
1 year ago LOL my unpublished driver version with some half done hacks around the token mechanics is not affected by the SandboxieLogon=y and UnstrippedToken=y issue, the public version is (normally its the other way around), lets see which dirty hack for fun actually fixed something unexpectedly....
reraikes
commented
1 year ago Completely uninstalling Sandboxie (including sandboxie.ini) and reinstalling 5.64.5 with default settings does not correct the problem. If connected to the Internet when the system is booted, an UNEXPECTED_KERNEL_MODE_TRAP BSoD occurs shortly after logging in to Windows and Sandboxie Control is auto-started. If not connected to Internet, all is well (Edge can be launched in a Sandbox without a BSoD occurring). Uninstalling Sandboxie results in a perfectly healthy system.
Installing older versions of Sandboxie which had no problems in the past exhibit the same symptom.
Uninstalling everything possible except Sandboxie still has the problem. Reinstalling Windows 11 (saving settings and apps) does not correct the problem.
Backups are created at 6:00 am every day. Restoring backups from weeks ago does not correct the problem. Only uninstalling Sandboxie eliminates the problem. I know this makes it sound like a hardware issue, but without Sandboxie installed, numerous diagnostics and stress tests complete without issue (BIOS settings are at default and there is no overclocking or other optimizations in use).
Do you have any knowledge of the Intel CPU microcode updating process in Windows? Especially how to disable it (it's my understanding it's volatile and reoccurs on every boot). I use an Intel Core i9-13900K CPU which is a recent offering from Intel and I'm wondering if Sandboxie isn't getting along with an update that was made available this past Sunday.
DavidXanatos
commented
1 year ago @isaak654 please try the CI drive 1.9.6 it solves the SandboxieLogon=y and UnstrippedToken=y issue
@reraikes this is strange, I don't think its related to a microcode update, and yea these are usually transient in Nature, that unless you update your UEFI then it may bring a new microcode update and upload it to the CPU on each boot.
typpos
commented
1 year ago @reraikes
Reinstalling Windows 11 (saving settings and apps) does not correct the problem.
Just in case: After your re-install/repair, do you have any drivers on your system that are newer than since hte BSOD started? Powershell admin: Get-WmiObject Win32_PnPSignedDriver| select DeviceName, Manufacturer, DriverVersion, DriverDate | Sort-Object DriverDate -Descending
reraikes
commented
1 year ago I don't have a list of driver versions for my system before the BSoD problem started last Sunday evening to compare to.
Since I can't find any way to make my system run without BSoD's with Sandboxie installed, I have no reference point.
Here's the current list which probably isn't of value by itself:
DavidXanatos
commented
1 year ago and trying older builds 1.9.2 1.8.x 1.7.x 1.5.x 0.9.x all have the same issue?
reraikes
commented
1 year ago and trying older builds 1.9.2 1.8.x 1.7.x 1.5.x 0.9.x all have the same issue?
I don't remember the specific versions, but I tried a lot of old versions. Nothing changed.
isaak654
commented
1 year ago One of the following links might be useful to obtain further information from another crash dump:
reraikes
commented
1 year ago 5.64.6 also crashes with an UNEXPECTED_KERNEL_MODE_TRAP BSoD. This is after the system has run continuously for 6 days without a single hiccup with Sandboxie not installed.
I've attached a complete (instead of mini) dump that hopefully sheds additional light on the problem.
io43
commented
1 year ago not sure if related but yesnerday i tried to update to 1.9.6 from 1.9.4 on win10 22h2 and my pc totally froze while installing (in silent mode with Winget) it and i had to force reboot and now it say that i'm stil on 1.9.4
isaak654
commented
1 year ago I've attached a complete (instead of mini) dump that hopefully sheds additional light on the problem.
I don't see a significant difference than the previous crash dump.
I'm not familiar with the use of Driver Verifier tool, but seems risky, considering that a system backup is recommended. You may want to contact Microsoft support to evaluate this option for your issue. Anyway, please keep us updated.
not sure if related but yesnerday i tried to update to 1.9.6 from 1.9.4 on win10 22h2 and my pc totally froze while installing (in silent mode with Winget) it and i had to force reboot and now it say that i'm stil on 1.9.4
As mentioned in the release:
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.
For further support, please open a problem report.
offhub
commented
1 year ago @reraikes Test the stability of your system with various stress tests without Sandboxie installed. (prime95, IPDT, Cinebench etc.)
https://www.reddit.com/r/intel/comments/127g7j3/help_diagnosing_13900kf_random_crashes/
reraikes
commented
1 year ago There are absolutely ZERO problems with the system if Sandboxie is not installed. I've run numerous stress tests, including Prime95 and Cinebench, and the system is 100% stable if Sandboxie is not installed. The crashes are not random. They occur shortly after Sandboxie Control starts (with nothing else going on).
This did NOT occur following an update installation of Sanboxie or anything else. It simply started about 10 days ago for no obvious reason. I can restore any of my 42 daily backups (6 weeks worth) and they all exhibit the same BSoD when Sandboxie Control loads. Simply uninstalling Sandboxie from any of them results in a perfectly healthy and stable system.
I would contact Microsoft, but I'm confident that since the system is TOTALLY stable without Sanboxie installed, they will tell me to contact Sandboxie's author.
DavidXanatos
commented
1 year ago Well but the older backups when they were taken, had Sandboxie installed and worked just fine, correct? then something changed and now when sandboxie runs you get a bsod. Now you say if you roll back to one of the previous backups which were perfectly fine with sandboxie, they now experience a BSOD as well, correct?
So something changed and its not windows and not sandboxie as booth come from the backups, I assume you don't run windows update after restoring the backup, or do you? If you do then try not to, restore a known good backup with an unplugged network cable and check if sandboxie which was fine is still fine or if it is not. If it is fine than the culprit is a windows update, and we need to pinpoint this as more users may be affected... If however its not fine then whats the only thing that could have changed and can not be rolled back... the hardware itself.
Unfortunately the last dump is broken also a full dump should be hundreds of MB large.
So assuming its not the hardware or even if it is... the only way I see we could proceed form here on is to try to find a driver version which does not cause a BSOD and from there try to deduce what is breaking something in the kernel in a way as to cause a crash not pointing to sbiedrv.sys you know som sort of memory corruption or alike.... First I would ask you to try older versions of sandboxie, much older as old as would run on your system, if you can find a build which is fine and point me to the first build which is not that would be mighty helpful!
If all older builds fail and you still want to try to fix the issue on the software side, I can offer to send you a bunch of chopped down, unsigned test drivers. With those we could pinpoint which routines in the driver cause the issue on your system. Does not mean we will be able to fix it if its hardware related, that's a lot of testing and a lot of BSOD's to test through.
reraikes
commented
1 year ago Well but the older backups when they were taken, had Sandboxie installed and worked just fine, correct? then something changed and now when sandboxie runs you get a bsod. Now you say if you roll back to one of the previous backups which were perfectly fine with sandboxie, they now experience a BSOD as well, correct?
Yes/correct to all the above.
So something changed and its not windows and not sandboxie as booth come from the backups, I assume you don't run windows update after restoring the backup, or do you? If you do then try not to, restore a known good backup with an unplugged network cable and check if sandboxie which was fine is still fine or if it is not. If it is fine than the culprit is a windows update, and we need to pinpoint this as more users may be affected... If however its not fine then whats the only thing that could have changed and can not be rolled back... the hardware itself.
It's not Windows update as I always unplug the network cable on the first boot of a restored backup and immediately pause Windows update. All is well until I reboot with the network cable plugged in, at which point an UNEXPECTED_KERNEL_MODE_TRAP BSoD occurs within seconds of Sandboxie Control being started. If I then boot into Safe Mode and uninstall Sandboxie, the same system is then 100% stable with no other changes. Run all the stress tests you like without Sandboxie installed and the system will not NOT crash once Sandboxie has been removed. Reinstall Sandboxie and the system will crash once exposed to the Internet.
So assuming its not the hardware or even if it is... the only way I see we could proceed form here on is to try to find a driver version which does not cause a BSOD and from there try to deduce what is breaking something in the kernel in a way as to cause a crash not pointing to sbiedrv.sys you know som sort of memory corruption or alike.... First I would ask you to try older versions of sandboxie, much older as old as would run on your system, if you can find a build which is fine and point me to the first build which is not that would be mighty helpful!
I have tried numerous older versions of Sandboxie, and none of them will run without an UNEXPECTED_KERNEL_MODE_TRAP BSoD if the system is connected to the Internet. They are all 100% stable if you don't let them access the Internet.
If all older builds fail and you still want to try to fix the issue on the software side, I can offer to send you a bunch of chopped down, unsigned test drivers. With those we could pinpoint which routines in the driver cause the issue on your system. Does not mean we will be able to fix it if its hardware related, that's a lot of testing and a lot of BSOD's to test through.
I cannot crash the system if Sandboxie is not installed. Stress tests take all 24 cores to 100% loading and run the core temps to 100 degrees Celsius and nothing complains as long as Sandboxie is not installed, so I can't believe it's a hardware issue. I'm willing to try whatever you have.
reraikes
commented
1 year ago If all older builds fail and you still want to try to fix the issue on the software side, I can offer to send you a bunch of chopped down, unsigned test drivers. With those we could pinpoint which routines in the driver cause the issue on your system.
@DavidXanatos,
Any further thoughts on this approach to identifying the BSOD problem? I would love to be able to use Sandboxie again.
Xmarmalade
commented
1 year ago Similar problems, when I try to open msedge in the sandbox (open files such as pdf/start edge from the start menu), will cause UNEXPECTED_KERNEL_MODE_TRAP I have updated to the latest system and SP
offhub
commented
11 months ago @Xmarmalade What operating system and processor are you using?
Xmarmalade
commented
11 months ago @Xmarmalade What operating system and processor are you using?
Windows 11 and AMD R7 5800H when I submitted the problem, my system was up to date
e-t-l
commented
11 months ago @Xmarmalade your issue may be related to mine, which was triggering UNEXPECTED_KERNEL_MODE_TRAP when Edge tried to run. I actually found a fix/workaround for my situation, which appeared to be some residual virtualized setting within the sandbox that wasn't agreeing with the host machine's setting. I solved it, essentially, by emptying the sandbox. Assuming you won't lose too much data, have you tried totally emptying the sandbox (and/or create a new sandbox and copy over the .ini settings)?
Xmarmalade
commented
11 months ago @Xmarmalade your issue may be related to mine, which was triggering UNEXPECTED_KERNEL_MODE_TRAP when Edge tried to run. I actually found a fix/workaround for my situation, which appeared to be some residual virtualized setting within the sandbox that wasn't agreeing with the host machine's setting. I solved it, essentially, by emptying the sandbox. Assuming you won't lose too much data, have you tried totally emptying the sandbox (and/or create a new sandbox and copy over the .ini settings)?
Thanks for your reply. According to your suggestions, I have tried the following steps:
Create a new box "New_Box"
Copy the original box settings to the new box
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{ABCDEFGH-5678-1234-1024-IJKLMNOPQRST}%
BorderColor=#ffffaa,off,2
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
Template=Chrome_Cookies_DirectAccess
Template=Chrome_History_DirectAccess
Template=Chrome_Bookmarks_DirectAccess
Template=Chrome_Phishing_DirectAccess
Template=Chrome_Preferences_DirectAccess
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=n
OpenPipePath=C:\Users\User\Downloads
ClosedIpcPath=<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,crashpad_handler.exeSave the settings and launch ms edge in this box
System Crashed
—- Edit: Using default settings in new sandbox to run edge also caused BSOD.
Xmarmalade
commented
11 months ago @Xmarmalade Could you verify if this fix works for you?
Yes, after modifying the configuration file, the issue has been alleviated.
isaak654
commented
11 months ago the issue has been alleviated.
@Xmarmalade Could you be more specific? What's left?
reraikes
commented
11 months ago What's left?
https://github.com/sandboxie-plus/Sandboxie/issues/3427#issuecomment-1826382781 appears to fix the BSOD's, but leaves all the msedge.exe instances running after Edge is closed: https://github.com/sandboxie-plus/Sandboxie/issues/3427#issuecomment-1826411900
Xmarmalade
commented
11 months ago @isaak654 @reraikes For me, this problem seems to have been solved. ms-edge will not cause BSOD and will not remain after closing. But I'm not sure why ms-edge can't be closed according to https://github.com/sandboxie-plus/Sandboxie/issues/3427#issuecomment-1826411900, did you enable StartupBoost or something?
isaak654
commented
11 months ago I think it would be more appropriate to open a new issue for the msedge.exe instances that do not terminate, possibly indicating which sandboxed extensions in the browser are enabled, as one of them could be responsible.
Given that the system crashes in question are no longer present, this issue has served its purpose.
Describe what you noticed and did
BSOD happend after I update sandboxie-plus to v1.9.4 x64 and on system reboot, just when I unistall it everything went fine. Sorry when I encountered this, I didn't have the system's ability to collect dump files turned on. Now I can turn this on, but I don't want to reproduce the problem for the sake of my computer. I hope you can understand. I've posted the ini file and all the other screenshots you need.
How often did you encounter it so far?
every time on boot
Affected program
sandboxie-plus-x64-v1.9.4
Download link
https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.9.4
Where is the program located?
Not relevant to my request.
Expected behavior
just fine why and how to fix it
What is your Windows edition and version?
Windows 10 Enterprise x64 22h2
In which Windows account you have this problem?
A Microsoft account (Administrator).
Please mention any installed security software
Huorong security
What version of Sandboxie are you running?
Sandboxie-plus v1.9.4
Is it a new installation of Sandboxie?
I just updated Sandboxie from a previous version (explicitly mentioned in this issue).
Is it a regression?
No response
In which sandbox type you have this problem?
Not relevant to my request.
Can you reproduce this problem on a new empty sandbox?
Not relevant to my request.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration