JerryG 4 Posted October 5, 2018 Posted October 5, 2018 (edited) Chrome 68 worked fine, but once chrome updated to 69 I started to get 0xC0000005 execution error when trying to run the sandboxed browser in Sandboxie. Other browsers work fine, it is just effecting Chrome. I have gone through disabling and enabling settings in ESET and the only thing that allows chrome.exe to run sandboxed is Disabling ESET Protocol Filtering. A post to the ESET forums got a reply that i could (although not advised) exclude chrome.exe from filtering within ESET ie "You can exclude chrome from protocol filtering as shown here: https://help.eset.com/eis/11.2/en-US/idh_config_epfw_ssl_app.html?idh_config_epfw_content_scan_exclude.html" I tried that too and it didn't work either. Any other ideas Edited October 5, 2018 by JerryG
itman 1,801 Posted October 5, 2018 Posted October 5, 2018 (edited) 2 hours ago, JerryG said: Any other ideas Exclude Chrome from Sandboxie protection. Leave Chrome's sandboxing feature enabled. Re-enable Eset protocol filtering. Retest. If the above allows Chrome 69 to run w/o issue, your problem is Sandboxie. -EDIT- Here is an article on Chrome's sandboxing feature: https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/ . The point to note is Chrome will open a new instance of itself for each domain visited. IE11 for example works similar when advanced Enhanced Protected Mode has been enabled on Win x(64) OS versions. Edited October 5, 2018 by itman
itman 1,801 Posted October 6, 2018 Posted October 6, 2018 (edited) Another possible reason for Chrome 69 abending is that its internal validation and resultant warning about AV .dll injection is getting "confused" when the Sandboxie element is introduced. As has been frequently recently posted in the forum, Chrome is now warning about any browser attempted memory modification activities and by default, blaming whatever AV solution is installed as the source whether or not this is the case. Sandboxie uses a low-level kernel mode driver to accomplish its sandboxing and resultant deletion of any browser download activity. I suspect Chrome 69 cannot properly handle Eset's attempted .dll injection activity due to Sandboxie's presence and is abending itself instead for self-protection reasons. Disabling Eset's protocol scanning will cause Eset to no longer perform any .dll injection into the browser. Hence, the Chrome 69 abending issue no longer applicable. Edited October 6, 2018 by itman
JerryG 4 Posted October 6, 2018 Author Posted October 6, 2018 22 hours ago, itman said: Exclude Chrome from Sandboxie protection. Leave Chrome's sandboxing feature enabled. Re-enable Eset protocol filtering. Retest. If the above allows Chrome 69 to run w/o issue, your problem is Sandboxie. -EDIT- Here is an article on Chrome's sandboxing feature: https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/ . The point to note is Chrome will open a new instance of itself for each domain visited. IE11 for example works similar when advanced Enhanced Protected Mode has been enabled on Win x(64) OS versions. Thank you itman, Chrome does run outside sandboxie
Administrators Marcos 5,452 Posted October 8, 2018 Administrators Posted October 8, 2018 It appears there's a clash between eOppMonitor.dll and SbieDll.dll. The issue is being investigated. For now we can't tell if we could do something about it or if it's Sandboxie that will need to fix something. Disabling Banking and payment protection works as a workaround while keeping the browser protected from malware by Web access protection.
JerryG 4 Posted October 9, 2018 Author Posted October 9, 2018 On 10/9/2018 at 1:52 AM, Marcos said: It appears there's a clash between eOppMonitor.dll and SbieDll.dll. The issue is being investigated. For now we can't tell if we could do something about it or if it's Sandboxie that will need to fix something. Disabling Banking and payment protection works as a workaround while keeping the browser protected from malware by Web access protection. Yep that fixed it alright, thanks so much Marcos. Amazes me how you worked that out. For anyone else, you must select Permanently disable Banking and Payment protection for this to work.
Administrators Marcos 5,452 Posted October 10, 2018 Administrators Posted October 10, 2018 The issue will be fixed in the Banking and payment protection module 1140 soon.
JerryG 4 Posted November 4, 2018 Author Posted November 4, 2018 I can confirm that the issue was fixed with the 1140 update . Thanks @Marcos
Recommended Posts