Jump to content

Tetranitrocubane

Members
  • Content Count

    12
  • Joined

  • Last visited

Profile Information

  • Location
    USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. After updating to cleaner module 1199, the problem has returned with consistency. Edit: Check that - It is still happening periodically, but it was only consistent for the first few times after updating the cleaner module. It's happening only very rarely afterward. Just to add to the confusion, I guess!
  2. Hi Itman, I've tried adding the exception for Deep Behavior Inspection in ESET, but unfortunately the behavior seems to be persisting. I've seen the suggestion on the Sandboxie forums - but I am similarly worried that blocking ESET in Sandboxie will cause more problems than it will solve. Marcos, I'm currently using Sandboxie 5.31.2 64-bit on Windows 10. I recommend using the latest Sandboxie beta, as there are some lingering issues on the 5.30 build. The latest betas are here: https://community.sophos.com/products/sandboxie/sandboxie-beta-versions/f/sandboxie-beta-5-31/113038/sandboxie-beta-sandboxie-beta-5-31-latest-version-5-31-2
  3. Temporarily disabling HIPS and rebooting does in fact allow me to empty the sandbox.
  4. Hi Marcos. I have collected the requested logs and uploaded them here. I do want to note that since I posted this message that the issue has gotten worse - That is to say, I have been unable to delete the contents of the sandbox at all, even after multiple reboots. This means that if the HIPS issue is happening at the initiation of the Sandbox population, the logs won't capture this. I switched my logging options as you indicated, then tried to close all programs in the sandbox. This initiated the access denied error. I then disabled that logging option, and exported the log files through the ESET log collector. I've uploaded those logs here, at your request. I hope that this will not be publicly accessible. I've also included a screenshot of Process Explorer showing EKRN holding on to the registry key, just to give you a better glimpse of what I'm seeing on my end. Thanks much. eav_logs_1.zip
  5. Hi Marcos, I will do my best to enable logging and get the files upload here when I'm able. Before I do that, is there any risk of personal information being included with the log, since I'll be uploading it to a public location? I admit that I don't know what the logging will record. At present, even a reboot of my machine doesn't let me clear out the sandbox - or even manually delete the files in the sandbox. Even uninstalling Sandboxie isn't an option now, as the files in the sandbox (specifically the RegHive files) are still being opened and constantly accessed. EKRN.EXE is the process responsible, and it seems to be opening and accessing this file as soon as the computer boots. I'll try my best to get the logs generated once I know it's safe to do so. Thanks very much for your help on this matter! I really do appreciate it. This has been tricky to get tracked down.
  6. Thanks very much for your insight and advice, Itman! I'll try reaching out to ESET via their official support channels. In the event that I find a reasonable resolution, I'll report back here for sure.
  7. No, nothing of the sort. In fact, I made no changes whatsoever. On the 2nd of July, everything was fine. Suddenly on the 3rd, this started happening - Despite my not installing any software, updates, or changing settings between those two times. That being said, I do agree that it's rather odd. Some other folks on other forums have observed this behavior before - apparently it's not the first time that it's been happening. When I asked in the Sandboxie realm, the advice was to uninstall ESET to get Sandboxie working. I'm hoping that the advice from ESET isn't to uninstall Sandboxie! I rather like having both pieces of software working together, and they lived harmoniously for so many years.
  8. Hello, Recently, changes to either ESET's definitions or modules have caused a problem with the program Sandboxie. Everything was working splendidly until yesterday morning (03July2019, ~7:00AM Pacific Standard Time). I have a Sandbox set up so that Chrome will launch within it automatically, and upon closure of Chrome, the sandbox is purged via an auto-delete command. The autodelete command is now failing due to the fact that ESET is keeping files within the sandbox open, even after all processes in the sandbox are closed. Tracking the issue with Process Explorer reveals that, even after shutting down and terminating all other programs, EKRN.EXE maintains interaction with the registry key "HKU\Sandbox_(UserName)_(SandboxName)". This prevents deletion of the REGHIVE file in the sandbox root, and causes Sandboxie to throw an "Access Denied" error as a result. Other users of Sandboxie and ESET are reporting the same issue on other forums. Is there a possibility to resolve this issue, or revert the change that caused this sudden shift in behavior? Thank you.
×
×
  • Create New...