Privacy Enhanced Sandboxes are fully out of function with SBIE2204 error code

[BuddyGL]

Describe what you noticed and did

Clicking "RUN" or "Run from start menu" or trying to run any program in clean "Privacy enhanced" sandbox.

Getting two errors:
Start.exe: SBIE2204 Cannot start sanboxed service RpcSs(C0000135)
Start.exe: SBIE2204 Cannot start sanboxed service DcomLaunch(-4)

How often did you encounter it so far?

on every run

Affected program

All

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Expected behavior

Should go further to coise of prgram to run or run the choosen program

What is your Windows edition and version?

Windows 11 23H2 22631.2861

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Symantec Endpoint Protection

What version of Sandboxie are you running?

Sndboxie Plus 1.12.6 x64bit

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

Sndboxie Plus 1.12.3 x64bit

In which sandbox type you have this problem?

In a sandbox with data protection (blue sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

no

Crash dump

No response

Trace log

https://we.tl/t-3TBNK7hXQs

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
Template=Edge_Fix
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsRasMan

[UserSettings_082601AD]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
BoxGrouping=:DefaultBox,New_Box

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10

[New_Box]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#f88501,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UsePrivacyMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y

[offhub]

Does it work with versions 1.12.4 or 1.12.5?

[wilders-soccerfan]

I see no such errors with v1.12.6 in a blue box on Win7x64. Could it be Win11 related?

[BuddyGL]

Does it work with versions 1.12.4 or 1.12.5?

Also didn't work. Tried several updates long, also a full re-install and full cleaning of all sandxoxes - nothing helps.
After hours of experiments the main test result is: just adding the "UsePrivacyMode=y" into the .ini of any working sanboxes (red, yellow..) causes the above mentioned issue.

[BuddyGL]

I see no such errors with v1.12.6 in a blue box on Win7x64. Could it be Win11 related?

there was a topic a couple of days ago, exactly with the same issue with W7, but that time a workaround was proposed and the topic was deleated afterwards...

[offhub]

1. Just to be sure, does version 1.12.3 still work properly?
2. Could you try adding the following rule to your configuration to see if this fixes your problem?
   NormalFilePath=*.dll

[BuddyGL]

2. NormalFilePath=*.dll

you are a magician! This helps! Thanks a lot! Do I have to keep something in mind, using this command?
It is just strange, that the box, created with Wizard is not having this... so, it should be something special, IMHO? Or I'm I wrong?
In Any case, I confirm this makes things working.

[offhub]

Status code C0000135 indicated that a DLL file could not be found, so I wanted to see if adding a blanket rule (*.dll) to the configuration would solve the problem.

Do I have to keep something in mind, using this command?

When privacy mode is enabled, sandboxed programs cannot access folders other than a few default allowed folders.
Windows
Program Files
Program Files (x86)
Sandboxie's installation folder

To run programs that are installed outside of the default folders, these folders must be opened with NormalFilePath. ****
This is most likely the cause of your problem.

By finding the location of this DLL, you can define a more specific NormalFilePath directive just for that location.

After removing the rule, you can use trace logging to view blocked locations. If you share the blocked locations with us, we will try to help you.

sbie3542c0000135.mp4

[DavidXanatos]

I have revived the log and I bet its this one causing the issues:

File		\Device\HarddiskVolume3\ProgramData\Symantec\Symantec Endpoint Protection\14.3.10148.8000.105\Data\Sysfer\x64\sysfer.dll	2

C:\ProgramData as it contains well program data is one of the by default protected locations

and I bet Symantec Endpoint Protection when it sees that a user process did not load its Dll assassinates it for "security reasons"

Please try to set only NormalFilePath=*\sysfer.dll and let us know if that solved your issue.

[BuddyGL]

C:\ProgramData as it contains well program data is one of the by default protected locations

and I bet Symantec Endpoint Protection when it sees that a user process did not load its Dll assassinates it for "security reasons"

Please try to set only NormalFilePath=*\sysfer.dll and let us know if that solved your issue.

You are perfectly right. The box is functional and there is no error message shown anymore. Thank you for your kind help!