Tetranitrocubane

Hi Itman, I've tried adding the exception for Deep Behavior Inspection in ESET, but unfortunately the behavior seems to be persisting. I've seen the suggestion on the Sandboxie forums - but I am similarly worried that blocking ESET in Sandboxie will cause more problems than it will solve. Marcos, I'm currently using Sandboxie 5.31.2 64-bit on Windows 10. I recommend using the latest Sandboxie beta, as there are some lingering issues on the 5.30 build. The latest betas are here: https://community.sophos.com/products/sandboxie/sandboxie-beta-versions/f/sandboxie-beta-5-31/113038/sandboxie-beta-sandboxie-beta-5-31-latest-version-5-31-2

Temporarily disabling HIPS and rebooting does in fact allow me to empty the sandbox.

Hi Marcos. I have collected the requested logs and uploaded them here. I do want to note that since I posted this message that the issue has gotten worse - That is to say, I have been unable to delete the contents of the sandbox at all, even after multiple reboots. This means that if the HIPS issue is happening at the initiation of the Sandbox population, the logs won't capture this. I switched my logging options as you indicated, then tried to close all programs in the sandbox. This initiated the access denied error. I then disabled that logging option, and exported the log files through the ESET log collector. I've uploaded those logs here, at your request. I hope that this will not be publicly accessible. I've also included a screenshot of Process Explorer showing EKRN holding on to the registry key, just to give you a better glimpse of what I'm seeing on my end. Thanks much. eav_logs_1.zip

Hi Marcos, I will do my best to enable logging and get the files upload here when I'm able. Before I do that, is there any risk of personal information being included with the log, since I'll be uploading it to a public location? I admit that I don't know what the logging will record. At present, even a reboot of my machine doesn't let me clear out the sandbox - or even manually delete the files in the sandbox. Even uninstalling Sandboxie isn't an option now, as the files in the sandbox (specifically the RegHive files) are still being opened and constantly accessed. EKRN.EXE is the process responsible, and it seems to be opening and accessing this file as soon as the computer boots. I'll try my best to get the logs generated once I know it's safe to do so. Thanks very much for your help on this matter! I really do appreciate it. This has been tricky to get tracked down.

Thanks very much for your insight and advice, Itman! I'll try reaching out to ESET via their official support channels. In the event that I find a reasonable resolution, I'll report back here for sure.

No, nothing of the sort. In fact, I made no changes whatsoever. On the 2nd of July, everything was fine. Suddenly on the 3rd, this started happening - Despite my not installing any software, updates, or changing settings between those two times. That being said, I do agree that it's rather odd. Some other folks on other forums have observed this behavior before - apparently it's not the first time that it's been happening. When I asked in the Sandboxie realm, the advice was to uninstall ESET to get Sandboxie working. I'm hoping that the advice from ESET isn't to uninstall Sandboxie! I rather like having both pieces of software working together, and they lived harmoniously for so many years.

Hello, Recently, changes to either ESET's definitions or modules have caused a problem with the program Sandboxie. Everything was working splendidly until yesterday morning (03July2019, ~7:00AM Pacific Standard Time). I have a Sandbox set up so that Chrome will launch within it automatically, and upon closure of Chrome, the sandbox is purged via an auto-delete command. The autodelete command is now failing due to the fact that ESET is keeping files within the sandbox open, even after all processes in the sandbox are closed. Tracking the issue with Process Explorer reveals that, even after shutting down and terminating all other programs, EKRN.EXE maintains interaction with the registry key "HKU\Sandbox_(UserName)_(SandboxName)". This prevents deletion of the REGHIVE file in the sandbox root, and causes Sandboxie to throw an "Access Denied" error as a result. Other users of Sandboxie and ESET are reporting the same issue on other forums. Is there a possibility to resolve this issue, or revert the change that caused this sudden shift in behavior? Thank you.

Hello, My ESET Cyber Security for OSX License was set to expire very shortly, so I renewed the license in order to maintain protection. Despite the charge for the purchase showing up on my credit card just fine, and despite re-entering my license key, ESET is still telling me that I'm about to expire in less than a day. Is there a way to remedy this, since I have been charged already?

Thanks very much! I've sent along the ESET Log Collector logs in a private message. Any help you can provide would be greatly appreciated. Should it happen again, I'll do my best to collect a Procmon log for certain.

Hi All, Recently, ESET auto-updated its modules (just a few minutes ago). I'm currently on the latest version of Windows 10 (NOT in the insider program). I only noticed the modules were updated, because ESET started throwing errors. The following error popped up in the lower right of my screen: Afterward, ESET said to reboot, so I did. After rebooting, everything seemed fine, but ESET took a while to fully load. Then, once loaded, I noticed these errors in the Event log: Is this a problem? Is ESET working appropriate now, or is something broken? It appears to be functioning as expected, and isn't throwing any errors at me now. But if there were errors with driver installations, doesn't that mean ESET is just broken now? Any help would be greatly appreciated. Thanks much!

Hi All. Seeing some strange behavior this morning, and I wanted to check here about what's been happening. Currently running the latest version of Windows 10 Pro. This morning I was notified by ESET that a product update was available, so I went ahead and moved forward with the update. During the update, three notifications popped up, alerting me that driver installation had FAILED. The message was shown for three different instances: ehdrv, eamonm, and a firewall module who's name escapes me at the moment. Eventually the update then asked me to reboot, which I did. Upon loading into Windows, ESET said it was waiting to be associated with the Windows Security Center. Windows Security Center then took a long, long while to look for any antivirus solution, and eventually presented a button to restart ESET. After clicking that, everything looked okay? I'm not sure. These errors make me think that ESET is now broken. Is there a way to verify that everything is okay? Should I be worried about these error messages? Should I be concerned that Windows Security Center apparently didn't see ESET at all? Any help would be greatly appreciated. Thanks very much.