Cannot run explorer.exe on emulate admin sandbox

[NRicode]

Describe what you noticed and did

I cannot start explorer.exe on my current sandbox, not sure what caused it.
exploerer.exe runs fine on a brand new sandbox

How often did you encounter it so far?

all the time

Affected program

explorer.exe

Download link

Where is the program located?

The program is installed both inside and outside the sandbox.

Expected behavior

not crash

What is your Windows edition and version?

windows 11 home

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

ms defender

What version of Sandboxie are you running?

1.12.5 5.67.4

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

My sandbox contains existing programs or data.

Did you previously enable some security policy settings outside Sandboxie?

no

Crash dump

https://file.io/3tPW7FGVs6LA

Trace log

no trace log

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
DefaultBox=DefaultBox
FileRootPath=C:\Program Files\Sandboxie-Plus\Sandboxes\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=7zipShellEx
Template=Edge_Fix
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsRasMan

[UserSettings_087C01BD]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
BoxGrouping=:DefaultBox

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,on,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileDeleteV2=y
UseRegDeleteV2=y
SeparateUserFolders=n
DropAdminRights=y
FakeAdminRights=y
BreakoutProcess=msedge.exe
EnableMiniDump=y

[NRicode]

Here is the Werfault.exe thing pops up, after it pops up, the explorer.exe just close itself.

[offhub]

Yes, on Windows 11, Windows Explorer does not work properly or does not open at all.

Can you try FakeAdminRights=n

According to my tests, the following two settings cause the crash.

FakeAdminRights=y

SysCallLockDown=y

[DavidXanatos]

fix in next build, workaround:
ApproveWinNtSysCall=LoadKeyEx

@NRicode
if other boxes/new boxes work then its had to sday whats broken, you could move parts of teh box content out of the way to find out which file causes your issue

[offhub]

[Only on Windows 11] Sometimes Windows Explorer crashes when it is closed.

UsePrivacyMode=n

1. Run sandboxed Windows Explorer
2. Navigate to C:\Program Files (x86)\Microsoft\Edge\Application
3. Run msedge.exe by double clicking
4. Close msedge.exe
5. Close sandboxed Windows Explorer
6. It crashes when closing

explorer.exe: SBIE2224 Sandboxed program has crashed: explorer.exe
WerFault.exe: SBIE2112 Object is not accessible: Unnamed object, call ConnectPort (C0000022) access=001F0000 initialized=1

sbie3516wecrsh.mp4

[isaak654]

@offhub The video says Sandboxie Plus v1.10.5, which is old, so you probably tried a wrong version.

[offhub]

@isaak654 No, I tried older versions to see if there was a regression. The latest CI build has the same problem. (1.10.5, 1.11.4 etc.)

[DavidXanatos]

hmm... any particular setting to set for me it does not crash in a default yellow box

[offhub]

@DavidXanatos This may be due to the Windows 11 version difference. It does not crash on closing in Windows 11 version 2428 (october), but it crashes in version 2861 (december).

[DavidXanatos]

hmm mv vm is insider 23606

[DavidXanatos]

mmh if this bug is so specific and only appears on close lets wait what the next windows 11 will do before investing more work into it

[e-t-l]

Not sure if this is the same bug, but I can't get Explorer to launch. It will appear briefly and then close.
Running Sandboxie-Plus v1.12.3 on Windows 11 Enterprise 23H2 (build 22631)

ini config for sandbox where this occurs:

Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
OpenPipePath=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*
ApproveWinNtSysCall=LoadKeyEx

[offhub]

Move the ApproveWinNtSysCall setting to [GlobalSettings] and then try after reloading the config.

[NRicode]

@DavidXanatos After the 12.6 release, this issue still persist

[offhub]

Can you try this:

FakeAdminRights=explorer.exe,n

[offhub]

[Only on Windows 11] Sometimes Windows Explorer crashes when it is closed.

UsePrivacyMode=n

1. Run sandboxed Windows Explorer

2. Navigate to `C:\Program Files (x86)\Microsoft\Edge\Application`

3. Run msedge.exe by double clicking

4. Close msedge.exe

5. Close sandboxed Windows Explorer

6. It crashes when closing

explorer.exe: SBIE2224 Sandboxed program has crashed: explorer.exe
WerFault.exe: SBIE2112 Object is not accessible: Unnamed object, call ConnectPort (C0000022) access=001F0000 initialized=1

sbie3516wecrsh.mp4

explorer.exe.6052.dmp.zip

[offhub]

As of version 1.12.6,

• SysCallLockDown=y (fixed)
• FakeAdminRights=y (not fixed)

[DavidXanatos]

1.12.6 with fix for #3517 seams to also work with FakeAdminRights=y

[offhub]

I tried with version 1.12.7 (on Windows 11 23H2 HyperV) and it still crashes. It would be better if someone who is not using Windows 11 in a virtual machine could try the following settings and report back.

1. crash?

FakeAdminRights=y

2. crash?

FakeAdminRights=y
NormalFilePath=%ProgramData%\Microsoft\*
UsePrivacyMode=y

3. This was the only configuration that didn't crash or cause navigation problems for me on VM.

FakeAdminRights=y
FakeAdminRights=explorer.exe,n
NormalFilePath=%ProgramData%\Microsoft\*
UsePrivacyMode=y

[NRicode]

I tried with version 1.12.7 (on Windows 11 23H2 HyperV) and it still crashes. It would be better if someone who is not using Windows 11 in a virtual machine could try the following settings and report back.

1. crash?

FakeAdminRights=y

2. crash?

FakeAdminRights=y
NormalFilePath=%ProgramData%\Microsoft\*
UsePrivacyMode=y

3. This was the only configuration that didn't crash or cause navigation problems for me on VM.

FakeAdminRights=y
FakeAdminRights=explorer.exe,n
NormalFilePath=%ProgramData%\Microsoft\*
UsePrivacyMode=y

I don't understand what you are trying to do here, the bug still persist.
VM or not VM it doesn't matter as sandboxie in the end is just a file system filter driver. sandboxie behaviour inside / outside VM should be exactly the same. It doesn't do anything fancy.

1 and 2 crash, ofc the third one won't crash because you turned off fakeadminrights for explorer.exe.

[isaak654]

The workaround suggested by @offhub has just been introduced with commit 5e321d4

It will be applied immediately after installing version 1.12.8 / 5.67.8 without any user intervention.