search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.46k stars 1.5k forks source link

Weird Behaviour #4103

Open ImSiddh opened 1 month ago

ImSiddh commented 1 month ago

Describe what you noticed and did

I notice an unexpected weird behaviour which occurs again and again with Sandboxie. When the suspected behaviour continue going on, I removed the Sandboxie.

How often did you encounter it so far?

Multiple times

Expected behavior

I installed the latest Sandboxie plus version 1.14.4 in portable form on my D drive. After running and downloading available plugins when I open my web browser under sandbox, sandboxie plus throw an error pop up saying PID 1868: SBIE2335 initialization failed for process bdtrackersnmh.exe [33/5] and when I click troubleshoot in pop up box it opens 3 tabs in my web browser. 1st tab shows sandboxie website where there is a message information not found. But the second tab opens random webpages in the form of ip address. One such address is http://0.0.7.76/ and third tab have my c drive indexed as index.php. These behaviours looks very weird and concerning. The process which is giving error is my anti virus Bitdefender which is the reason for error message but when I click troubleshoot in Sandboxie error message opening a website in private ip range and indexed c drive is something that bother as I haven't installed any other program and Bitdefender is not the reason for those tabs. This behaviour looks weird and I can't understand it. Any suggestions.

Affected program

Brave Browser

Download link

https://brave.com/

Where is the program located?

The program is installed only outside the sandbox.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

1.14.4

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

This is first time I have this issue

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 Pro 22H2

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

Bitdefender Total Security

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

No response

offhub commented 1 month ago

SBIE2335 initialization failed for process bdtrackersnmh.exe [33/5]

You can hide the error message containing bdtrackersnmh.exe or block access to bdtrackersnmh.exe.

To hide:

issue4103dsblntfcn

To block: (Sandbox > Edit. ini Section)

ClosedFilePath=*\bdtrackersnmh.exe

One such address is http://0.0.7.76/and third tab have my c drive indexed as index.php. These behaviours looks very weird and concerning.

I installed Bitdefender and tested it on a virtual machine. When I click on the troubleshooting 2335 message link and run it in the sandbox, two additional tabs open, such as C: and 0.0.x.y, as you said. Sandboxie might be passing too many arguments when opening the link, or Bitdefender might be interfering. @DavidXanatos

https://github.com/user-attachments/assets/755c8e33-72f3-42f5-a7c3-5902ea85dcd2

DavidXanatos commented 1 month ago

that is so wired, and if you choose to open it unsandboxed it opens fine?

ImSiddh commented 1 month ago

Yes, when I run Browser unsandboxed, it is working fine but when I run browser under sandboxie, this happens. And in fact, another user is also able to replicate it in virtual machine. This means this is not specific to me. It might be possible that some compatibility plugins that are installed at first run might be causing this issue. I don't know what exactly causing this. You are the expert. So, you can find the cause of this behaviour.@DavidXanatos

love-code-yeyixiao commented 1 month ago

Please tell us the complete command line of sandboxed browser in Sandman'UI.

---Original--- From: @.> Date: Wed, Jul 24, 2024 09:30 AM To: @.>; Cc: @.***>; Subject: Re: [sandboxie-plus/Sandboxie] Weird Behaviour (Issue #4103)

Yes, when I run Browser unsandboxed, it is working fine but when I run browser under sandboxie, this happens. And in fact, another user is also able to replicate it in virtual machine. This means this is not specific to me. It might be possible that some compatibility plugins that are installed at first run might be causing this issue. I don't know what exactly causing this. You are the expert. So, you can find the cause of this @.***

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

ImSiddh commented 1 month ago

Now, the updated version 1.14.5 has not such weird behaviour. Though bdtrackersnmh.exe error still pop up but now when I click troubleshoot it says that there is no automated troubleshooting available and then it ask to collect log and then it successful submit the error log within the app. But the random opening of indexed C drive and webpage doesn't occurs in the updated version. The screenshot are attached.

On Tue, Jul 23, 2024 at 4:57 PM 爱编程的叶一笑 @.***> wrote:

Please tell us the complete command line of sandboxed browser in Sandman'UI.

---Original--- From: @.> Date: Wed, Jul 24, 2024 09:30 AM To: @.>; Cc: @.***>; Subject: Re: [sandboxie-plus/Sandboxie] Weird Behaviour (Issue #4103)

Yes, when I run Browser unsandboxed, it is working fine but when I run browser under sandboxie, this happens. And in fact, another user is also able to replicate it in virtual machine. This means this is not specific to me. It might be possible that some compatibility plugins that are installed at first run might be causing this issue. I don't know what exactly causing this. You are the expert. So, you can find the cause of this @.***

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/sandboxie-plus/Sandboxie/issues/4103#issuecomment-2246766197, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKDC3V6Y22MJOCVLN6GH72TZN4JZFAVCNFSM6AAAAABLJWLVA2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENBWG43DMMJZG4 . You are receiving this because you authored the thread.Message ID: @.***>

-- Siddharth

|Name| |Process ID| |Title| |Status| |Info| |Path / Command Line|

cmd.exe 7664 Running 09:15:24 C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackersnmh.exe" chrome-extension://khndhdhbebhaddchcgnalcjlaekbbeof/ --parent-window=0" < \.\pipe\chrome.nativeMessaging.in.d602681b3080c132 > \.\pipe\chrome.nativeMessaging.out.d602681b3080c132
bdtrackersnmh.exe 11228 Suspended 09:15:24 "C:\Program Files\Bitdefender\Bitdefender Security App\bdtrackersnmh.exe" chrome-extension://khndhdhbebhaddchcgnalcjlaekbbeof/ --parent-window=0

|Name| |Process ID| |Title| |Status| |Info| |Path / Command Line|

brave.exe 6236 Running (Chromium Based) 09:15:13 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --start-stack-profiler --field-trial-handle=2472,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=2388 /prefetch:3
brave.exe 15636 Running (Chromium Based) 09:15:14 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=brave_rewards.mojom.RewardsEngineFactory --lang=en-GB --service-sandbox-type=none --field-trial-handle=3176,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=3888 /prefetch:8
brave.exe 17232 Running (Chromium Based) 09:15:12 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Richard Smith\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Richard Smith\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" --url=https://cr.brave.com --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=126.1.67.134 --initial-client-data=0x154,0x158,0x15c,0x108,0x160,0x7ffd2aa23c80,0x7ffd2aa23c8c,0x7ffd2aa23c98
brave.exe 17744 Running (Chromium Based) 09:15:13 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --field-trial-handle=2720,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=3644 /prefetch:8
brave.exe 18560 Running (Chromium Based) 09:15:13 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2288,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=2280 /prefetch:2
brave.exe 4580 Running (Chromium Based) 09:15:15 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9220093434 --field-trial-handle=3896,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=5064 /prefetch:1
brave.exe 13096 Running (Chromium Based) 09:15:14 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --start-stack-profiler --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9219665800 --field-trial-handle=3872,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=4972 /prefetch:1
brave.exe 2312 Running (Chromium Based) 09:15:16 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9220801150 --field-trial-handle=4184,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=5548 /prefetch:2
brave.exe 12476 Running (Chromium Based) 09:15:16 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9220957975 --field-trial-handle=4204,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=5816 /prefetch:2
brave.exe 12660 Running (Chromium Based) 09:15:15 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9220416115 --field-trial-handle=4168,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=5404 /prefetch:2
brave.exe 19072 Running (Chromium Based) 09:15:16 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9221331277 --field-trial-handle=4220,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=6288 /prefetch:2
brave.exe 12836 Running (Chromium Based) 09:15:17 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9222003222 --field-trial-handle=4400,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=5840 /prefetch:2
brave.exe 18864 Running (Chromium Based) 09:15:16 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9221649799 --field-trial-handle=4240,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=6324 /prefetch:2
brave.exe 19444 Running (Chromium Based) 09:15:17 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --extension-process --enable-distillability-service --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --brave_session_token=10733669887228174813 --lang=en-GB --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1721783495208603 --launch-time-ticks=9222586180 --field-trial-handle=4380,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=6132 /prefetch:2
brave.exe 19036 Running (Chromium Based) 09:15:34 "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --utility-sub-type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-GB --service-sandbox-type=service --field-trial-handle=10360,i,15186916158140376300,3958712341637452195,262144 --disable-features=PrintCompositorLPAC --variations-seed-version=1 --mojo-platform-channel-handle=10272 /prefetch:8

offhub commented 1 month ago

@DavidXanatos

Without BitDefender installed:

  1. Download and extract https://download.aida64.com/aida64engineer730.zip.
  2. Run AIDA64.exe in a sandbox
  3. Wait for SBIE2103 https://sandboxie-plus.com/go.php?to=sbie-sbie2103&data1=aida64driver [DefaultBox] (StartService)&data2=&process=aida64.exe
  4. Open the link in the sandbox by clicking on the error number in the notification or message window.

https://github.com/user-attachments/assets/81418a4b-d834-41ee-81fd-e8f2d92f44e8