Jump to content

0xC0000005 execution error Sandboxie ESET Protocol Filtering


Recommended Posts

Chrome 68 worked fine, but  once chrome updated to 69 I started to get 0xC0000005 execution error when trying to run the sandboxed browser in Sandboxie.  Other browsers work fine, it is just effecting Chrome. I have gone through disabling and enabling settings in ESET and the only thing that allows chrome.exe to run sandboxed is Disabling ESET Protocol Filtering.

A post to the ESET forums got a reply that i could (although not advised) exclude chrome.exe from filtering within ESET ie "You can exclude chrome from protocol filtering as shown here: https://help.eset.com/eis/11.2/en-US/idh_config_epfw_ssl_app.html?idh_config_epfw_content_scan_exclude.html"

I tried that too and it didn't work either.

Any other ideas
 

Edited by JerryG
Link to comment
Share on other sites

2 hours ago, JerryG said:

Any other ideas

Exclude Chrome from Sandboxie protection. Leave Chrome's sandboxing feature enabled. Re-enable Eset protocol filtering. Retest.

If the above allows Chrome 69 to run w/o issue, your problem is Sandboxie.

-EDIT- Here is an article on Chrome's sandboxing feature: https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/ . The point to note is Chrome will open a new instance of itself for each domain visited. IE11 for example works similar when advanced Enhanced Protected Mode has been enabled on Win x(64) OS versions.

Edited by itman
Link to comment
Share on other sites

Another possible reason for Chrome 69 abending is that its internal validation and resultant warning about AV .dll injection is getting "confused" when the Sandboxie element is introduced. As has been frequently recently posted in the forum, Chrome is now warning about any browser attempted memory modification activities and by default, blaming whatever AV solution is installed as the source whether or not this is the case.

Sandboxie uses a low-level kernel mode driver to accomplish its sandboxing and resultant deletion of any browser download activity. I suspect Chrome 69 cannot properly handle Eset's attempted .dll injection activity due to Sandboxie's presence and is abending itself instead for self-protection reasons. Disabling Eset's protocol scanning will cause Eset to no longer perform any .dll injection into the browser. Hence, the Chrome 69 abending issue no longer applicable.

Edited by itman
Link to comment
Share on other sites

22 hours ago, itman said:

Exclude Chrome from Sandboxie protection. Leave Chrome's sandboxing feature enabled. Re-enable Eset protocol filtering. Retest.

If the above allows Chrome 69 to run w/o issue, your problem is Sandboxie.

-EDIT- Here is an article on Chrome's sandboxing feature: https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/ . The point to note is Chrome will open a new instance of itself for each domain visited. IE11 for example works similar when advanced Enhanced Protected Mode has been enabled on Win x(64) OS versions.

Thank you itman, Chrome does run outside sandboxie

Link to comment
Share on other sites

  • Administrators

It appears there's a clash between eOppMonitor.dll and SbieDll.dll. The issue is being investigated. For now we can't tell if we could do something about it or if it's Sandboxie that will need to fix something.

Disabling Banking and payment protection works as a workaround while keeping the browser protected from malware by Web access protection.

Link to comment
Share on other sites

On 10/9/2018 at 1:52 AM, Marcos said:

It appears there's a clash between eOppMonitor.dll and SbieDll.dll. The issue is being investigated. For now we can't tell if we could do something about it or if it's Sandboxie that will need to fix something.

Disabling Banking and payment protection works as a workaround while keeping the browser protected from malware by Web access protection.

Yep that fixed it alright, thanks so much Marcos. Amazes me how you worked that out. For anyone else, you must select Permanently disable Banking and Payment protection for this to work.

Link to comment
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...