search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
12.79k stars 1.43k forks source link

Office splash screen crashes after "Updating Microsoft 365 and Office..." #3704

Open e-t-l opened 3 months ago

e-t-l commented 3 months ago

Describe what you noticed and did

I have Microsoft Office sandboxed with the standard Office template, and it works fine at first, but after a while Office will try to update, and after that it will become unusable. On the splash screen for any Office app, instead of "Starting Microsoft [program]..." it will say, "Updating Microsoft 365 and Office..." and after 30-60 seconds it will crash with error code 0xc000142.

It seems likely that Sandboxie is not permitting Office to fully update correctly outside of the sandbox, so there is some sort of mismatch with the contents of the sandbox and the current C2R Office installation. Emptying the sandbox temporarily fixes the issue, but the issue returns within a few weeks (whenever the next Office update rolls out).

At first I suspected there were some leftover Office update/installation files that were causing conflicts, so I tried setting "C:\Windows*" to "Open," and when that didn't work, to "Read only," but the issue persisted. Since I couldn't find any other likely suspects in the sandboxed filesystem, I believe the conflict is likely happening in the Registry.

How often did you encounter it so far?

Every time until I empty the box

Expected behavior

Microsoft Office updates should be applied outside the sandbox, so that Office apps (e.g. Word) run normally and up-to-date inside the sandbox.

Affected program

Microsoft Office 365 ProPlus C2R

Download link

https://c2rsetup.officeapps.live.com/c2r/download.aspx?ProductreleaseID=O365ProPlusRetail&platform=x64&language=en-us&version=O16GA

Where is the program located?

The program is installed only outside the sandbox.

Did the program or any related process close unexpectedly?

Yes, it did, but no .dmp file has been created in the system.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie-Plus v1.12.9 64-bit

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

My sandbox contains existing programs or data.

What is your Windows edition and version?

Windows 11 Enterprise 23H2 64-bit

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Avast One

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
Template=WindowsRasMan
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsDefender
ForceDisableSeconds=600000
PreferExternalManifest=msedge.exe,y
PreferExternalManifest=Spotify.exe,y
Template=Chrome_KB5027231_fix
Template=Avast_Antivirus
Template=Edge_Fix
OpenClsid={D713F357-7920-4B91-9EB6-49054709EC7A}
DisableWinNtHook=CreateEnclave
DisableWinNtHook=LoadEnclaveData
DisableWinNtHook=InitializeEnclave
DisableWinNtHook=CallEnclave
RunCommand=PeaZip|"C:\Program Files\PeaZip\peazip.exe"
DefaultBox=DefaultBox
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
SandboxieLogon=y
EditAdminOnly=y
ForceDisableAdminOnly=y
ExternalManifestHack=msedge.exe,y
NoRestartOnPCA=y
ApproveWinNtSysCall=LoadKeyEx
FakeAdminRights=explorer.exe,n

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
BreakoutProcess=firefox.exe
BreakoutProcess=betterbird.exe
BreakoutProcess=acrobat.exe
OpenPipePath=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*
ForceProcess=Wabbitemu.exe
ForceProcess=C:\Users\****\AppData\Roaming\Wabbitemu*
ForceProcess=Calibre.exe
ForceProcess=C:/Program Files/Calibre2*
ForceProcess=*.epub
ForceProcess=*.mobi
BreakoutProcess=*.pdf
DropAdminRights=y
FakeAdminRights=y

[OfficeyBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#ff9900,ttl,4
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
ForceProcess=WINWORD.EXE
ForceProcess=EXCEL.EXE
ForceProcess=MSPUB.EXE
ForceProcess=POWERPNT.EXE
ForceProcess=MSACCESS.EXE
BreakoutProcess=firefox.exe
BreakoutProcess=acrobat.exe
BreakoutProcess=brave.exe
BreakoutProcess=vlc.exe
BreakoutProcess=betterbird.exe
AllowSpoolerPrintToFile=y
RpcMgmtSetComTimeout=n
OpenLsaEndpoint=y
OpenSamEndpoint=y
; OpenIpcPath=\RPC Control\SECLOGON
; OpenCredentials=y
StartProgram="C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
NotifyDirectDiskAccess=y
LingerProcess=OfficeClickToRun.exe
OpenFilePath=C:\Program Files\Microsoft Office*
OpenFilePath=C:\Users\****\AppData\Roaming\Microsoft\Office*
OpenFilePath=C:\Users\****\Documents\Outlook Files*
OpenFilePath=C:\Users\****\AppData\Local\Microsoft\Office*
OpenFilePath=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*
OpenPipePath=C:\Users\****\AppData\Local\Microsoft\Office*
OpenPipePath=C:\Users\****\AppData\LocalLow\Microsoft\Office*
OpenPipePath=C:\Users\****\AppData\Roaming\Microsoft\Office*
OpenPipePath=C:\Program Files\Microsoft Office*
ReadFilePath=C:\WINDOWS\system32*
ReadFilePath=C:\WINDOWS\Installer*
ReadFilePath=C:\WINDOWS\SysWOW64*
ReadFilePath=C:\WINDOWS\Microsoft.NET*
ReadFilePath=C:\WINDOWS\assembly*
offhub commented 3 months ago
  1. Add DontCopy=*.dll and DontCopy=*.exe to your config
  2. Delete Content
  3. See if it helps
e-t-l commented 3 months ago
  1. Add DontCopy=*.dll and DontCopy=*.exe to your config
  2. Delete Content
  3. See if it helps

I'll try that. It might be a few weeks before Office updates and I'm able to see if the issue recurs.

e-t-l commented 3 months ago

Well, that actually happened quite quickly! The same issue occurred. @offhub's config instructions didn't make a difference.

e-t-l commented 3 months ago

Going back to my initial theory that the conflict is occurring in the Registry, I deleted all the files in the sandbox but left the RegHives intact. Tried restarting an Office app and sure enough, the issue was still present.

Browsing the sandbox's reg hives, it looks like Office writes tons and tons of stuff, including important HKLM values like Certificate Authorities, so I don't want to give my Office sandbox a blanket whitelist to OpenPipe all the reg keys it wants to write to. But I also don't want to make it Read Only (for the registry), because I have a feeling it does need to write to some keys in order to handle Office software updates properly, and maybe store some Office app settings as well. I'd really like to identify which keys are safe and/or necessary to OpenPipe and just do that. Frequently deleting sandbox content is not a sustainable solution.

Honestly I'm surprised more folks haven't encountered this issue when using MS Office in Sandboxie. It can't just be me, right?

offhub commented 3 months ago
  1. Run sandboxed CMD.
  2. From the host: Try changing the registry key names under HKEY_USERS\SANDBOX_user_BoxName\ one by one, adding an underscore at the end. (machine or user)
  3. Close the box.
  4. Run the Office application to see whether or not it is working.
  5. Close the box.
  6. You can also follow the previous steps for subkeys until you find the actual problematic key.