 |
 |  |
|
Helper
|
|
Adding the * to all of those settings was just a test - a starting point to see if it would work. But it is not safe to keep it that way. The settings must be changed because the way it is with the *, it effectively disables sandboxing. |
|||||||||||||
|
|||||||||||||||
 |
| |
|
tzuk
|
|
As Helper said, we've effectively disabled all of Sandboxie protection. We now need to work backwards and find a minimal set of resources that we need to block so we get proper protection but without the black screen crashes.
I suggest you start by removing all the checkboxes in Sandbox Settings > Restrictions > Low-Level Access and Sandbox Settings > Restrictions > Hardware Access, And please check if this makes any difference, or if the problem remains "fixed" after these changes. |
|||||||||||
|
_________________ tzuk
|
|||||||||||||
|
| |
|
Jtang
|
|
The checkboxes in Sandbox Settings > Restrictions > Low-Level Access
and Sandbox Settings > Restrictions > Hardware Access were never ticked in the first place. I removed the wildcard "*", and the problem resurface again...... |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
I suggested you add a wildcard star in five different settings:
Did you remove the wildcard from all five? If so, you're going too fast. Let's try something else: - first, put the wildcard back - next, start the Resource Access Monitor (in the File menu of Sandboxie Control) - then, do the thing that would trigger the problem - finally, close the monitor window to copy its contents to the clipboard, and then paste that here in your reply Thanks! |
|||||||||||||
|
|||||||||||||||
|
| |
|
Jtang
|
|
Hi Tzuk,
Below is what I have collected via the Recess Access Monitor: (Drive) \Device\HarddiskVolume2 (Drive) \Device\HarddiskVolume3 (Drive) \Device\SftVol (Unk) 00000022 \Device\SandboxieDriverApi (Unk) 00000039 \Device\KsecDD (Unk) 00000040 \FileSystem\Filters\FltMgrMsg Clsid ------------------------------- File/Key ------------------------------- Image ------------------------------- Image *:\program files\mozilla firefox\firefox.exe Image *:\program files\sandboxie\sandboxierpcss.exe Image *:\program files\sandboxie\start.exe Image c:\program files\mozilla firefox\mozalloc.dll Image c:\program files\mozilla firefox\mozglue.dll Image c:\program files\mozilla firefox\mozjs.dll Image c:\program files\mozilla firefox\mozsqlite3.dll Image c:\program files\mozilla firefox\nspr4.dll Image c:\program files\mozilla firefox\nss3.dll Image c:\program files\mozilla firefox\nssutil3.dll Image c:\program files\mozilla firefox\plc4.dll Image c:\program files\mozilla firefox\plds4.dll Image c:\program files\mozilla firefox\smime3.dll Image c:\program files\mozilla firefox\softokn3.dll Image c:\program files\mozilla firefox\ssl3.dll Image c:\program files\mozilla firefox\xpcom.dll Image c:\program files\mozilla firefox\xul.dll Image c:\program files\sandboxie\sbiedll.dll Image c:\windows\system32\advapi32.dll Image c:\windows\system32\apphelp.dll Image c:\windows\system32\cfgmgr32.dll Image c:\windows\system32\clbcatq.dll Image c:\windows\system32\comdlg32.dll Image c:\windows\system32\cryptbase.dll Image c:\windows\system32\dbghelp.dll Image c:\windows\system32\devobj.dll Image c:\windows\system32\dwmapi.dll Image c:\windows\system32\dwrite.dll Image c:\windows\system32\fltlib.dll Image c:\windows\system32\gdi32.dll Image c:\windows\system32\guard32.dll Image c:\windows\system32\imm32.dll Image c:\windows\system32\kernel32.dll Image c:\windows\system32\kernelbase.dll Image c:\windows\system32\lpk.dll Image c:\windows\system32\lz32.dll Image c:\windows\system32\msctf.dll Image c:\windows\system32\msimg32.dll Image c:\windows\system32\msvcrt.dll Image c:\windows\system32\nsi.dll Image c:\windows\system32\ntdll.dll Image c:\windows\system32\ntmarta.dll Image c:\windows\system32\ole32.dll Image c:\windows\system32\oleaut32.dll Image c:\windows\system32\profapi.dll Image c:\windows\system32\propsys.dll Image c:\windows\system32\psapi.dll Image c:\windows\system32\rpcrt4.dll Image c:\windows\system32\sechost.dll Image c:\windows\system32\setupapi.dll Image c:\windows\system32\shell32.dll Image c:\windows\system32\shlwapi.dll Image c:\windows\system32\sxs.dll Image c:\windows\system32\user32.dll Image c:\windows\system32\usp10.dll Image c:\windows\system32\uxtheme.dll Image c:\windows\system32\version.dll Image c:\windows\system32\winmm.dll Image c:\windows\system32\wldap32.dll Image c:\windows\system32\ws2_32.dll Image c:\windows\system32\wsock32.dll Image c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll Image c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll Image c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Ipc ------------------------------- Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_2528 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_3112 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_996 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs Ipc O \BaseNamedObjects\__ComCatalogCache__ Ipc O \BaseNamedObjects\FntCache-4ad03949-61c3-4bf6-be18-196c89459d16 Ipc O \BaseNamedObjects\FontCachePort Ipc O \BaseNamedObjects\windows_shell_global_counters Ipc O \KernelObjects\MaximumCommitCondition Ipc O \KnownDlls\advapi32.dll Ipc O \KnownDlls\CFGMGR32.dll Ipc O \KnownDlls\clbcatq.dll Ipc O \KnownDlls\DEVOBJ.dll Ipc O \KnownDlls\gdi32.dll Ipc O \KnownDlls\kernel32.dll Ipc O \KnownDlls\kernelbase.dll Ipc O \KnownDlls\LPK.dll Ipc O \KnownDlls\MSCTF.dll Ipc O \KnownDlls\MSVCRT.dll Ipc O \KnownDlls\NSI.dll Ipc O \KnownDlls\ole32.dll Ipc O \KnownDlls\OLEAUT32.dll Ipc O \KnownDlls\PSAPI.DLL Ipc O \KnownDlls\rpcrt4.dll Ipc O \KnownDlls\Setupapi.dll Ipc O \KnownDlls\SHELL32.dll Ipc O \KnownDlls\SHLWAPI.dll Ipc O \KnownDlls\user32.dll Ipc O \KnownDlls\USP10.dll Ipc O \KnownDlls\WLDAP32.dll Ipc O \KnownDlls\WS2_32.dll Ipc O \RPC Control\plugplay Ipc O \RPC Control\SbieSvcPort Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Ipc O \Sessions\1\BaseNamedObjects\Local\C:*Users*******AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db Ipc O \Sessions\1\BaseNamedObjects\Local\C:*Users*******AppData*Local*Microsoft*Windows*Caches*cversions.1.ro Ipc O \Sessions\1\BaseNamedObjects\Local\FirefoxStartupMutex Ipc O \Sessions\1\BaseNamedObjects\windows_shell_global_counters Ipc O \Sessions\1\Windows\ApiPort Ipc O \Sessions\1\Windows\SharedSection Pipe ------------------------------- WinCls ------------------------------- |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Thanks, unfortunately I don't see anything in the log which seems related to the problem.
Can you please check what happens if you remove the wildcard star (*) from only the Sandbox Settings > Resource Access > File Access > Full Access settings page? |
|||||||||||
|
|||||||||||||
|
| |
|
Jtang
|
|
When remove the wildcard star (*) from only the Sandbox Settings > Resource Access > File Access > Full Access settings page, the sandbox appeared to work fine.
|
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Alright, so next please try to remove the wildcard only from Sandbox Settings > Resource Access > Registry Access > Direct Access.
And if that still works, the next thing is to remove the wildcard also from Sandbox Settings > Resource Access > Window Access. If this still works after that, please confirm that you only have a wildcard remaining in the following setting: Sandbox Settings > Resource Access > IPC Access > Direct Access |
|||||||||||
|
|||||||||||||
|
| |
|
Jtang
|
|
Yes, I removed all wildcard * except the one in Sandbox Settings > Resource Access > IPC Access > Direct Access.
Everything worked fine untill now. |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
OK, definitely making progress here, it's good to know that we need to focus on just the IPC class of resources.
Now I would like to get another Resource Access Monitor log because I feel that your earlier one was not complete. Usually a resource log includes a lot more resources than your log showed. So can you try the log again please? The important point is to start the log before running anything under Sandboxie, and to make sure that you're pasting all of its contents, in your reply here. |
|||||||||||
|
|||||||||||||
|
| |
|
Jtang
|
|
Leaving the wildcard in Sandbox Settings > Resource Access > IPC Access > Direct Access intact, and opened the IE within the sandboxie, I got the following Resource Access Monitor log:
(Unk) 00000039 \Device\KsecDD (Unk) 00000040 \FileSystem\Filters\FltMgrMsg Clsid ------------------------------- File/Key ------------------------------- Image ------------------------------- Image c:\windows\system32\crypt32.dll Image c:\windows\system32\d3d10warp.dll Image c:\windows\system32\dciman32.dll Image c:\windows\system32\ddraw.dll Image c:\windows\system32\ddrawex.dll Image c:\windows\system32\msasn1.dll Ipc ------------------------------- Ipc O \...\MmcssStatusEvent Ipc O \BaseNamedObjects\AudioEngineDuplicateHandleApiPort2055266549 Ipc O \KnownDlls\CRYPT32.dll Ipc O \KnownDlls\MSASN1.dll Ipc O \MmcssApiPort Ipc O \RPC Control\DNSResolver Ipc O \RPC Control\LSARPC_ENDPOINT Ipc O \RPC Control\protected_storage Ipc O \RPC Control\SbieSvcPort Ipc O \RPC Control\umpo Ipc O \Sessions\1\BaseNamedObjects\!IECompat!Mutex Ipc O \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Settings Ipc O \Sessions\1\BaseNamedObjects\__DDrawCheckExclMode__ Ipc O \Sessions\1\BaseNamedObjects\__DDrawExclMode__ Ipc O \Sessions\1\BaseNamedObjects\ConnHashTable<4956>_HashTable_Mutex Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2ConnHashTable<4956> Ipc O \Sessions\1\BaseNamedObjects\Isolation Signal Registry Event (B2121A3E-9F6A-11E1-9C81-80C16E4548D0, 0) Ipc O \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMem!Settings Ipc O \Sessions\1\BaseNamedObjects\Local\__DDrawCheckExclMode__ Ipc O \Sessions\1\BaseNamedObjects\Local\__DDrawExclMode__ Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Roaming_Microsoft_Windows_PrivacIE_index.dat_163840 Ipc O \Sessions\1\BaseNamedObjects\Local\DDrawDriverObjectListMutex Ipc O \Sessions\1\BaseNamedObjects\Local\DDrawWindowListMutex Ipc O \Sessions\1\BaseNamedObjects\ThemeLoadedEvent Pipe ------------------------------- Pipe O \Device\Afd Pipe O \Device\Afd\AsyncConnectHlp Pipe O \Device\Afd\Endpoint WinCls ------------------------------- WinCls O MSTaskSwWClass WinCls O Shell_TrayWnd |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Something is still wrong with your log I'm afraid... Take a look here, this is how a typical log looks like:
http://www.sandboxie.com/phpbb/viewtopic.php?t=12279 As you can see, it's longer than what you post. The problem is that your logs so far don't include any information that can help us understand the problem better. Please try to see if you can get a more detailed log. |
|||||||||||
|
|||||||||||||
|
| |
|
Jtang
|
|
I restarted the PC, and then clicked on "Sandboxed Web Browser", below is the log that I got this time, if this is still not good, can you help by providing a step by step instruction in getting a log and I will follow that through:
(Drive) \Device\HarddiskVolume2 (Drive) \Device\HarddiskVolume3 (Drive) \Device\SftVol (Unk) 00000022 \Device\SandboxieDriverApi (Unk) 00000039 \Device\KsecDD (Unk) 00000040 \FileSystem\Filters\FltMgrMsg Clsid ------------------------------- File/Key ------------------------------- Image ------------------------------- Image *:\program files\internet explorer\iexplore.exe Image *:\program files\sandboxie\sandboxiecrypto.exe Image *:\program files\sandboxie\sandboxierpcss.exe Image *:\program files\sandboxie\start.exe Image c:\program files\bluetooth suite\ieplugin.dll Image c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll Image c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll Image c:\program files\common files\microsoft shared\windows live\wlidnsp.dll Image c:\program files\internet explorer\ieproxy.dll Image c:\program files\internet explorer\ieshims.dll Image c:\program files\microsoft silverlight\4.0.50401.0\agcore.dll Image c:\program files\microsoft silverlight\4.0.50401.0\npctrl.dll Image c:\program files\norton internet security\engine\19.1.0.28\ccipc.dll Image c:\program files\norton internet security\engine\19.1.0.28\ccl110u.dll Image c:\program files\norton internet security\engine\19.1.0.28\ccvrtrst.dll Image c:\program files\norton internet security\engine\19.1.0.28\coieplg.dll Image c:\program files\norton internet security\engine\19.1.0.28\efacli.dll Image c:\program files\norton internet security\engine\19.1.0.28\ips\ipsbho.dll Image c:\program files\sandboxie\sbiedll.dll Image c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120505.001\scxpx86.dll Image c:\sandbox\james\defaultbox\drive\c\windows\system32\sspicli.dll Image c:\windows\system32\advapi32.dll Image c:\windows\system32\apphelp.dll Image c:\windows\system32\atl.dll Image c:\windows\system32\atl100.dll Image c:\windows\system32\audioses.dll Image c:\windows\system32\avrt.dll Image c:\windows\system32\bcrypt.dll Image c:\windows\system32\bcryptprimitives.dll Image c:\windows\system32\bthprops.cpl Image c:\windows\system32\cfgmgr32.dll Image c:\windows\system32\clbcatq.dll Image c:\windows\system32\comdlg32.dll Image c:\windows\system32\credssp.dll Image c:\windows\system32\crypt32.dll Image c:\windows\system32\cryptbase.dll Image c:\windows\system32\cryptsp.dll Image c:\windows\system32\cryptsvc.dll Image c:\windows\system32\d2d1.dll Image c:\windows\system32\d3d10.dll Image c:\windows\system32\d3d10_1.dll Image c:\windows\system32\d3d10_1core.dll Image c:\windows\system32\d3d10core.dll Image c:\windows\system32\d3d10level9.dll Image c:\windows\system32\d3d10warp.dll Image c:\windows\system32\d3d8thk.dll Image c:\windows\system32\d3d9.dll Image c:\windows\system32\dciman32.dll Image c:\windows\system32\ddraw.dll Image c:\windows\system32\ddrawex.dll Image c:\windows\system32\devobj.dll Image c:\windows\system32\dnsapi.dll Image c:\windows\system32\dsound.dll Image c:\windows\system32\dui70.dll Image c:\windows\system32\duser.dll Image c:\windows\system32\dwmapi.dll Image c:\windows\system32\dwrite.dll Image c:\windows\system32\dxgi.dll Image c:\windows\system32\es.dll Image c:\windows\system32\esent.dll Image c:\windows\system32\explorerframe.dll Image c:\windows\system32\fltlib.dll Image c:\windows\system32\fwpuclnt.dll Image c:\windows\system32\gdi32.dll Image c:\windows\system32\guard32.dll Image c:\windows\system32\ieapfltr.dll Image c:\windows\system32\ieframe.dll Image c:\windows\system32\iertutil.dll Image c:\windows\system32\ieui.dll Image c:\windows\system32\igdaux32.dll Image c:\windows\system32\igddxva32.dll Image c:\windows\system32\igdumd32.dll Image c:\windows\system32\igdvidproc32.dll Image c:\windows\system32\imagehlp.dll Image c:\windows\system32\imm32.dll Image c:\windows\system32\iphlpapi.dll Image c:\windows\system32\jscript9.dll Image c:\windows\system32\kernel32.dll Image c:\windows\system32\kernelbase.dll Image c:\windows\system32\ksuser.dll Image c:\windows\system32\lpk.dll Image c:\windows\system32\lz32.dll Image c:\windows\system32\macromed\flash\flash32_11_2_202_235.ocx Image c:\windows\system32\mfplat.dll Image c:\windows\system32\midimap.dll Image c:\windows\system32\mlang.dll Image c:\windows\system32\mmdevapi.dll Image c:\windows\system32\msacm32.dll Image c:\windows\system32\msacm32.drv Image c:\windows\system32\msasn1.dll Image c:\windows\system32\mscms.dll Image c:\windows\system32\msctf.dll Image c:\windows\system32\msfeeds.dll Image c:\windows\system32\mshtml.dll Image c:\windows\system32\msimg32.dll Image c:\windows\system32\msimtf.dll Image c:\windows\system32\msls31.dll Image c:\windows\system32\mssprxy.dll Image c:\windows\system32\msvcr100.dll Image c:\windows\system32\msvcrt.dll Image c:\windows\system32\mswsock.dll Image c:\windows\system32\msxml3.dll Image c:\windows\system32\msxml6.dll Image c:\windows\system32\ncrypt.dll Image c:\windows\system32\netprofm.dll Image c:\windows\system32\netutils.dll Image c:\windows\system32\nlaapi.dll Image c:\windows\system32\normaliz.dll Image c:\windows\system32\npmproxy.dll Image c:\windows\system32\nsi.dll Image c:\windows\system32\ntdll.dll Image c:\windows\system32\ntmarta.dll Image c:\windows\system32\ole32.dll Image c:\windows\system32\oleacc.dll Image c:\windows\system32\oleaut32.dll Image c:\windows\system32\pdh.dll Image c:\windows\system32\powrprof.dll Image c:\windows\system32\profapi.dll Image c:\windows\system32\propsys.dll Image c:\windows\system32\psapi.dll Image c:\windows\system32\rasadhlp.dll Image c:\windows\system32\rasapi32.dll Image c:\windows\system32\rasman.dll Image c:\windows\system32\riched20.dll Image c:\windows\system32\rpcrt4.dll Image c:\windows\system32\rpcrtremote.dll Image c:\windows\system32\rsaenh.dll Image c:\windows\system32\rtutils.dll Image c:\windows\system32\samcli.dll Image c:\windows\system32\samlib.dll Image c:\windows\system32\schannel.dll Image c:\windows\system32\sechost.dll Image c:\windows\system32\secur32.dll Image c:\windows\system32\sensapi.dll Image c:\windows\system32\setupapi.dll Image c:\windows\system32\shdocvw.dll Image c:\windows\system32\shell32.dll Image c:\windows\system32\shlwapi.dll Image c:\windows\system32\sxs.dll Image c:\windows\system32\urlmon.dll Image c:\windows\system32\user32.dll Image c:\windows\system32\userenv.dll Image c:\windows\system32\usp10.dll Image c:\windows\system32\uxtheme.dll Image c:\windows\system32\version.dll Image c:\windows\system32\vssapi.dll Image c:\windows\system32\vsstrace.dll Image c:\windows\system32\wdmaud.drv Image c:\windows\system32\windowscodecs.dll Image c:\windows\system32\windowscodecsext.dll Image c:\windows\system32\wininet.dll Image c:\windows\system32\winmm.dll Image c:\windows\system32\winnsi.dll Image c:\windows\system32\wintrust.dll Image c:\windows\system32\wldap32.dll Image c:\windows\system32\wmp.dll Image c:\windows\system32\wmploc.dll Image c:\windows\system32\ws2_32.dll Image c:\windows\system32\wship6.dll Image c:\windows\system32\wshtcpip.dll Image c:\windows\system32\xmllite.dll Image c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll Image c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll Image c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll Image c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Image c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll Ipc ------------------------------- Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_1892 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_2792 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_3740 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_5272 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_5520 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_cryptsvc Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1 Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs Ipc O \BaseNamedObjects\__ComCatalogCache__ Ipc O \BaseNamedObjects\AudioEngineDuplicateHandleApiPort1108262588 Ipc O \BaseNamedObjects\BFE_Notify_Event_{19d66a1d-fa39-43bb-98af-7f41b97190cf} Ipc O \BaseNamedObjects\BFE_Notify_Event_{9a80bad4-78cb-48e4-94bc-0992c459b3e3} Ipc O \BaseNamedObjects\FntCache-19401545-ddd7-4bf3-9141-c579b5a0ebfc Ipc O \BaseNamedObjects\FontCachePort Ipc O \BaseNamedObjects\mmGlobalPnpInfo Ipc O \BaseNamedObjects\RotHintTable Ipc O \BaseNamedObjects\windows_shell_global_counters Ipc O \KernelObjects\MaximumCommitCondition Ipc O \KnownDlls\advapi32.dll Ipc O \KnownDlls\CFGMGR32.dll Ipc O \KnownDlls\clbcatq.dll Ipc O \KnownDlls\COMDLG32.dll Ipc O \KnownDlls\CRYPT32.dll Ipc O \KnownDlls\DEVOBJ.dll Ipc O \KnownDlls\gdi32.dll Ipc O \KnownDlls\IERTUTIL.dll Ipc O \KnownDlls\IMAGEHLP.dll Ipc O \KnownDlls\kernel32.dll Ipc O \KnownDlls\kernelbase.dll Ipc O \KnownDlls\LPK.dll Ipc O \KnownDlls\MSASN1.dll Ipc O \KnownDlls\MSCTF.dll Ipc O \KnownDlls\MSVCRT.dll Ipc O \KnownDlls\NORMALIZ.dll Ipc O \KnownDlls\NSI.dll Ipc O \KnownDlls\ole32.dll Ipc O \KnownDlls\OLEAUT32.dll Ipc O \KnownDlls\PSAPI.DLL Ipc O \KnownDlls\rpcrt4.dll Ipc O \KnownDlls\Setupapi.dll Ipc O \KnownDlls\SHELL32.dll Ipc O \KnownDlls\SHLWAPI.dll Ipc O \KnownDlls\URLMON.dll Ipc O \KnownDlls\user32.dll Ipc O \KnownDlls\USP10.dll Ipc O \KnownDlls\WININET.dll Ipc O \KnownDlls\WINTRUST.dll Ipc O \KnownDlls\WLDAP32.dll Ipc O \KnownDlls\WS2_32.dll Ipc O \MmcssApiPort Ipc O \RPC Control\{27B4FD7B-035B-4853-938E-CC13FE3724D4} Ipc O \RPC Control\AudioClientRpc Ipc O \RPC Control\Audiosrv Ipc O \RPC Control\DNSResolver Ipc O \RPC Control\epmapper Ipc O \RPC Control\keysvc Ipc O \RPC Control\keysvc2 Ipc O \RPC Control\LRPC-26f330be69436b7385 Ipc O \RPC Control\LRPC-822873169c6b75f210 Ipc O \RPC Control\LRPC-d42048337b4f353332 Ipc O \RPC Control\lsapolicylookup Ipc O \RPC Control\LSARPC_ENDPOINT Ipc O \RPC Control\lsasspirpc Ipc O \RPC Control\nlaapi Ipc O \RPC Control\OLE17C0FCB852D24A3B814BDCEAE87A Ipc O \RPC Control\OLE50F495C44E60493796DB8D06FDB2 Ipc O \RPC Control\OLEA8D8B4C7215B481BAAF7AC295A33 Ipc O \RPC Control\OLECB8C2BE61A8442699C509BF3B5A2 Ipc O \RPC Control\OLEEE850D5BEBE342AF83F1CBC35893 Ipc O \RPC Control\OLEF55E692FFC864C6681AE31CC6EA5 Ipc O \RPC Control\plugplay Ipc O \RPC Control\protected_storage Ipc O \RPC Control\SbieSvcPort Ipc O \RPC Control\senssvc Ipc O \RPC Control\umpo Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED Ipc O \Sessions\1\BaseNamedObjects\!BrowserEmulation!SharedMemory!Mutex Ipc O \Sessions\1\BaseNamedObjects\!IECompat!Mutex Ipc O \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter Ipc O \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Settings Ipc O \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMemory!Mutex Ipc O \Sessions\1\BaseNamedObjects\_!MSFTHISTORY!_ Ipc O \Sessions\1\BaseNamedObjects\_!SHMSFTHISTORY!_ Ipc O \Sessions\1\BaseNamedObjects\__DDrawCheckExclMode__ Ipc O \Sessions\1\BaseNamedObjects\__DDrawExclMode__ Ipc O \Sessions\1\BaseNamedObjects\{1B655094-FE2A-433c-A877-FF9793445069} Ipc O \Sessions\1\BaseNamedObjects\{3BFDD3D2-761C-4206-990C-3CC0643CF73A} Ipc O \Sessions\1\BaseNamedObjects\6 Ipc O \Sessions\1\BaseNamedObjects\c:!users!james!appdata!local!microsoft!windows!history!history.ie5! Ipc O \Sessions\1\BaseNamedObjects\c:!users!james!appdata!local!microsoft!windows!temporary internet files!content.ie5! Ipc O \Sessions\1\BaseNamedObjects\c:!users!james!appdata!roaming!microsoft!windows!cookies! Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{7F4E2A9E-F8CB-4942-8F41-6354575C7CC8}.2.ver0x0000000000000001.db Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Ipc O \Sessions\1\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Ipc O \Sessions\1\BaseNamedObjects\C:_Users_*****_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_131072 Ipc O \Sessions\1\BaseNamedObjects\C:_Users_*****_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_360448 Ipc O \Sessions\1\BaseNamedObjects\C:_Users_*****_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768 Ipc O \Sessions\1\BaseNamedObjects\CicLoadWinStaWinSta0 Ipc O \Sessions\1\BaseNamedObjects\CommunicationManager_Mutex Ipc O \Sessions\1\BaseNamedObjects\ConnHashTable<3740>_HashTable_Mutex Ipc O \Sessions\1\BaseNamedObjects\DBWinMutex Ipc O \Sessions\1\BaseNamedObjects\DINPUTWINMM Ipc O \Sessions\1\BaseNamedObjects\Dwm-15A2-ApiPort-6C1C Ipc O \Sessions\1\BaseNamedObjects\Global\C__ProgramData_Norton_{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_19.1.0.28_Definitions_IPSDefs_20120505.00 Ipc O \Sessions\1\BaseNamedObjects\Global\C__ProgramData_Norton_{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_19.1.0.28_Definitions_IPSDefs_20120505.001 Ipc O \Sessions\1\BaseNamedObjects\Global\CGSCE Ipc O \Sessions\1\BaseNamedObjects\Global\CNDIE Ipc O \Sessions\1\BaseNamedObjects\Global\CSECE Ipc O \Sessions\1\BaseNamedObjects\Global\IDS_STORAGE_MUTEX Ipc O \Sessions\1\BaseNamedObjects\IE_EarlyTabStart_0xf18 Ipc O \Sessions\1\BaseNamedObjects\IE_EarlyTabStart_0xf18_Mutex Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2ConnHashTable<3740> Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2LogonMedium Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2main_e9c Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2main_e9c_0:0_2 Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2main_e9c_0:0_3 Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2main_e9c_0:2_4 Ipc O \Sessions\1\BaseNamedObjects\ie_lcie_sf2main_e9c_0:3_1 Ipc O \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateQuery!3740 Ipc O \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateReply!3740 Ipc O \Sessions\1\BaseNamedObjects\IEFrame!GetAsyncKeyStateSharedMem!3740 Ipc O \Sessions\1\BaseNamedObjects\IEFrame.EventCheckDefaultBrowser Ipc O \Sessions\1\BaseNamedObjects\Internet Explorer Immutable Application State (00000E9C-0000-0000-0000-000000000000) Ipc O \Sessions\1\BaseNamedObjects\Isolation Process Registry (16A50EB0-9F6D-11E1-9AD0-80C16E4548D0) Ipc O \Sessions\1\BaseNamedObjects\Isolation Signal Registry (16A50EB0-9F6D-11E1-9AD0-80C16E4548D0, 0) Ipc O \Sessions\1\BaseNamedObjects\Isolation Signal Registry Event (16A50EB0-9F6D-11E1-9AD0-80C16E4548D0, 0) Ipc O \Sessions\1\BaseNamedObjects\Isolation Signal Registry Event (16A50EB1-9F6D-11E1-9AD0-80C16E4548D0, 0) Ipc O \Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex Ipc O \Sessions\1\BaseNamedObjects\Local\!IECompat!Mutex Ipc O \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMem!Counter Ipc O \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMem!Settings Ipc O \Sessions\1\BaseNamedObjects\Local\!PrivacIE!SharedMemory!Mutex Ipc O \Sessions\1\BaseNamedObjects\Local\__DDrawCheckExclMode__ Ipc O \Sessions\1\BaseNamedObjects\Local\__DDrawExclMode__ Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!local!microsoft!feeds cache! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!local!microsoft!windows!history!history.ie5! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!local!microsoft!windows!history!history.ie5!mshist012012051620120517! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!local!microsoft!windows!temporary internet files!content.ie5! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!roaming!microsoft!windows!cookies! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!roaming!microsoft!windows!iecompatcache! Ipc O \Sessions\1\BaseNamedObjects\Local\c:!users!james!appdata!roaming!microsoft!windows!privacie! Ipc O \Sessions\1\BaseNamedObjects\Local\C:*Users*******AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db Ipc O \Sessions\1\BaseNamedObjects\Local\C:*Users*******AppData*Local*Microsoft*Windows*Caches*cversions.1.ro Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Local_Microsoft_Feeds Cache_index.dat_32768 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_131072 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Local_Microsoft_Windows_History_History.IE5_MSHist012012051620120517_index.dat_32768 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_360448 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Roaming_Microsoft_Windows_IECompatCache_index.dat_376832 Ipc O \Sessions\1\BaseNamedObjects\Local\C:_Users_*****_AppData_Roaming_Microsoft_Windows_PrivacIE_index.dat_163840 Ipc O \Sessions\1\BaseNamedObjects\Local\DDrawDriverObjectListMutex Ipc O \Sessions\1\BaseNamedObjects\Local\DDrawWindowListMutex Ipc O \Sessions\1\BaseNamedObjects\Local\DirectSound DllMain mutex (0x00001498) Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Arbitration Lock Event [ Process : 0x00000e9c ] Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Arbitration Shared Memory [ User : S-1-5-21-3577836292-2341037276-2738463204-1000 ] Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Arbitration Shared Memory Mutex [ User : S-1-5-21-3577836292-2341037276-2738463204-1000 ] Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Arbitration Unlock Event [ Process : 0x00000e9c ] Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Eventing Shared Memory Mutex S-1-5-21-3577836292-2341037276-2738463204-1000 Ipc O \Sessions\1\BaseNamedObjects\Local\Feed Eventing Shared Memory S-1-5-21-3577836292-2341037276-2738463204-1000 Ipc O \Sessions\1\BaseNamedObjects\Local\Feeds Store Mutex S-1-5-21-3577836292-2341037276-2738463204-1000 Ipc O \Sessions\1\BaseNamedObjects\Local\IEFrame!GetAsyncKeyStateQuery!3740 Ipc O \Sessions\1\BaseNamedObjects\Local\IEFrame!GetAsyncKeyStateReply!3740 Ipc O \Sessions\1\BaseNamedObjects\Local\IEFrame!GetAsyncKeyStateSharedMem!3740 Ipc O \Sessions\1\BaseNamedObjects\Local\IESQMMUTEX_0_274 Ipc O \Sessions\1\BaseNamedObjects\Local\MidiMapper_modLongMessage_RefCnt Ipc O \Sessions\1\BaseNamedObjects\Local\RSS Eventing Connection Database Mutex 00000e9c Ipc O \Sessions\1\BaseNamedObjects\Local\RSS Eventing Event Event 00000e9c Ipc O \Sessions\1\BaseNamedObjects\Local\UrlZonesSM_***** Ipc O \Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex Ipc O \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex Ipc O \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfActivated.Default1 Ipc O \Sessions\1\BaseNamedObjects\MSCTF.CtfMonitorInstMutexDefault1 Ipc O \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap Ipc O \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMutex Ipc O \Sessions\1\BaseNamedObjects\OleDfRoot1E79C4A14FB1631F Ipc O \Sessions\1\BaseNamedObjects\OleDfRoot4340E09F04B8BBF6 Ipc O \Sessions\1\BaseNamedObjects\OleDfRoot6F90BEC71D30897E Ipc O \Sessions\1\BaseNamedObjects\OleDfRoot7983A5498C021603 Ipc O \Sessions\1\BaseNamedObjects\OleDfRoot989684D0050D8894 Ipc O \Sessions\1\BaseNamedObjects\RasPbFile Ipc O \Sessions\1\BaseNamedObjects\RSS Eventing Connection Database Mutex 00000e9c Ipc O \Sessions\1\BaseNamedObjects\RSS Eventing Event Event 00000e9c Ipc O \Sessions\1\BaseNamedObjects\SmartScreen_AppRepSettings_Mutex Ipc O \Sessions\1\BaseNamedObjects\SmartScreen_ClientId_Mutex Ipc O \Sessions\1\BaseNamedObjects\SmartScreen_UrsCache_ED8654D5-B9F0-4DD9-B3E8-F8F560086FDFLow_S-1-5-21-3577836292-2341037276-2738463204-1000 Ipc O \Sessions\1\BaseNamedObjects\SmartScreen_UrsCacheMutex_ED8654D5-B9F0-4DD9-B3E8-F8F560086FDFLow_S-1-5-21-3577836292-2341037276-2738463204-1000 Ipc O \Sessions\1\BaseNamedObjects\ThemeLoadedEvent Ipc O \Sessions\1\BaseNamedObjects\UrlZonesSM_***** Ipc O \Sessions\1\BaseNamedObjects\windows_ie_global_counters Ipc O \Sessions\1\BaseNamedObjects\windows_shell_global_counters Ipc O \Sessions\1\BaseNamedObjects\WininetConnectionMutex Ipc O \Sessions\1\BaseNamedObjects\WininetProxyRegistryMutex Ipc O \Sessions\1\BaseNamedObjects\WininetStartupMutex Ipc O \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex Ipc O \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex Ipc O \Sessions\1\Windows\ApiPort Ipc O \Sessions\1\Windows\SharedSection Ipc O \UxSmsApiPort Ipc X $:explorer.exe Pipe ------------------------------- Pipe \Device\NamedPipe\keysvc Pipe O \Device\Afd Pipe O \Device\Afd\AsyncConnectHlp Pipe O \Device\Afd\Endpoint Pipe X \Device\NamedPipe\keysvc Pipe X \Device\NamedPipe\samr WinCls ------------------------------- WinCls O MS_WebCheckMonitor WinCls O MSTaskSwWClass WinCls O Shell_TrayWnd WinCls X DDEMLMom WinCls X MS_AutodialMonitor WinCls X MS_WebcheckMonitor WinCls X Progman |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Thank you for your effort! This is a much better log.
Unfortunately, there are only a few resources that I don't recognize. And none of the names of those resources seem to have any association with graphics drivers. So I'm afraid we'll have to keep guessing about this to see if we can narrow the resources further. The next thing I suggest to try is to remove the wildcard star from Sandbox Settings > Resource Access > IPC Access > Direct Access And instead add this one: \RPC Control\* The idea that instead of excluding everything that is marked as IPC in the log, we exclude just those resources that start with \RPC Control\ and see what happens next. Thank you for your patience with this, I hope we can soon find the minimal set of resources that is needed. |
|||||||||||
|
|||||||||||||
|
| |
|
Jtang
|
|
I remove the wildcard star from Sandbox Settings > Resource Access > IPC Access > Direct Access and added \RPC Control\* . Unfortunately, the same problem returns.......
|
|||||||||||
|
|||||||||||||
|
 | [.06] Sandboxie caused crash in windows7 starter OS | |
|
||
Use the RSS feed to watch this topic for replies |
|
|