search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.69k stars 1.52k forks source link

SandboxieRpsSs.exe can't start service DcomLaunch #3318

Closed Sweeistaken closed 11 months ago

Sweeistaken commented 1 year ago

Describe what you noticed and did

I tried to open Any EXE and I had these errors: SandboxieRpcSs.exe: SBIE2313 Could not execute SandboxieDcomLaunch.exe (346)
15:48:45.628 SandboxieRpcSs.exe: SBIE2204 Cannot start sandboxed service DcomLaunch (346)

How often did you encounter it so far?

all the time.

Affected program

Every program

Download link

Not relevant

Where is the program located?

The program is installed outside the sandbox.

Expected behavior

A program showing up

What is your Windows edition and version?

Windows 11 Pro 22H2 64-bit

In which Windows account you have this problem?

A Microsoft account (Standard user).

Please mention any installed security software

Malwarebytes

What version of Sandboxie are you running?

Sandboxie-Plus v1.10.5

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No

Crash dump

No response

Trace log

https://swee.pythonanywhere.com/fastfile/tracelog.log-sandboxie

Sandboxie.ini configuration

DefaultBox=DefaultBox
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=7zipShellEx
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsRasMan
offhub commented 1 year ago

I'm not sure, but if parental controls are enabled for the account, you may get this error.

https://github.com/sandboxie-plus/Sandboxie/issues/928#issuecomment-865069530

Sweeistaken commented 1 year ago

@offhub Well, I do have parental controls enabled on this account, but I don't belive that will be the case. This has been a mysterious error I can't fix by googling

Does sandboxie's virtulazation have to do with Hyper-V?

DavidXanatos commented 1 year ago

Does sandboxie's virtulazation have to do with Hyper-V?

No

its strange and as long as there is no simple way to reproduce this on other machines its not really fixable, you must find out what about your general settup is breaking sbie so that i can reproduce it.

TGKx commented 12 months ago

I have the same problem. In order to reproduce it you have to link a microsoft.com account that has parental controls enabled to the local windows account. The local account has to be a standard user (non-administrator) on the system. Once you do this, SBIE will toss the error for every standard user account when trying to launch an app. Making the standard user accounts administrators will allow SBIE to run but this is not something I want to do.

I've tried everything I can to restore my windows machine to the prior behavior including ripping out any references to the Microsoft account that originally had parental controls but can't find a way to do it.

DavidXanatos commented 12 months ago

ok since i don't use online accounts some guidence please, so I create 2 disposable garbage MS accounts one for the fake child and one for fake fake parent, which one do I link with the PC the child one is assume? how do i enable parental controls?

TGKx commented 12 months ago

Here is how I'd try to reproduce it:

  1. Use a VM (this may trash up your pc config since I cant find a good way to back out of this)
  2. Create a standard non-admin local user and login
  3. Open the Microsoft Store app in Win 10
  4. Click sign-in and create a sign-in. When you create the Microsoft account be sure to set a birthday so you're an adult. Be sure to associate to an email address.
  5. Log out the "adult" account in the Microsoft store and create a second one, this time being sure to create a birthday for a ~10 year old. As part of the "child" account creation process I think you are offered to link to a parent's account (the "adult" one) by providing the email address. Then an email is sent to confirm/permit. There is an opt-in to enable parental controls under the "adult" account after confirming/permitting. You can control the family settings by going to https://family.microsoft.com and logging in as the "adult". You should see the "child" account linked in the family group and the computer name listed as a linked device.
  6. Confirm the Microsoft accounts are linked to the local standard user account by running "Email & Accounts" from the start menu. Under "Your Info" and "Email & Accounts" you should see the microsoft.com accounts listed.
  7. At this point I'd do a reboot and then try and run sandboxed apps and they should break with the error message.

I did something similar to this while trying to install Minecraft for one of my kids since it requires them to log in to Microsoft to play.

Hope this helps

Edit: One last thing, be sure to enable the parental software controls on using applications. I had mine set to allow for apps age 9 or older which may have caused this. You can see the settings under the family.microsoft.com; login as the adult, select the child's profile, click content filters, then click the Apps & Games tab. Be sure you have the age drop down set to 9. I have it setup so the child is allowed to run non-microsoft applications.

DavidXanatos commented 11 months ago

To fix the system you need to first stop the AppIDSvc service and then the AppID driver

net stop AppIDSvc & net stop AppID

once booth are terminated sandboxie works as usual. In detail its the AppID driver which interferes but it can only then be unloaded when the AppIDSvc is already stopped

DavidXanatos commented 11 months ago

UnstrippedToken=y also helps but is not a safe option when the error happens NtCreateUserProcess returns STATUS_BLOCKED_BY_PARENTAL_CONTROLS without taking a look into the appid.sys driver I assume it registers a process creation callback and blocks the process start when it sees a process with a stripped token trying to spawn an other process.

Only starting the AppID driver though is not enough to trigger the issue it must run on a system with parental controls enabled, so there is some additional setting which tells it to break sandboxie.

DavidXanatos commented 11 months ago

So the config baking the appid driver break sandboxie is located in C:\Windows\System32\AppLocker\Plugin.133422605925491691.Policy deleting this policy file and rebooting (or reloading the driver) solves the issue. on a quick test the file did not appear to get re created when the child logs in but I think they may be juts a mater of time.

I don't think there is an easy fix, as we can not interfere with the other driver, I'll add a troubleshooting script offering the user to disable Plugin.133422605925491691.Policy and restart the driver, or just stop the driver.