[Bug] SbieDrv stuck at stop_pending after running a sandboxed program and exiting portable Sandman.exe v0.5.0 / 5.45.0

[ghost]

OS: Windows 10 x64 Build 20H2
Application: Sandboxie-Plus x64 [Portable Mode], v0.5.0 / 5.45.0

After spending hours of diagnosing the cause, this is my finding. I hope there'll be a fix.

The problem 1: The SbieDrv gets stuck at stop_pending after exiting Sandman.exe portable (clean-up of created services) once I ran program, either by within sandbox folder, open a program, or through drag & drop into SbieCtrl.exe. Although I am uncertain of every program, it happens most of the time. For example running the cmd sandboxed doesn't seems to cause stop_pending. It also does not happen if I just start and exit Sandman.exe without sandboxing anything.

Note: Windows defender realtime-protection is off every time I tested this. Otherwise SbieDrv.sys will just get blocked upon granting admin permission to Sandman.exe
Note 2: Sandboxed applications are always terminated before closing Sandman.exe and perform clean-up of created services.

The only solution so far: Restart OS.

Unrelated but Problem 2: Sandbox services are not connected upon launching Sandman.exe portable (sandbox folders are not listed while disconnected), also shows Error code 2, I don't know if the service connection is related with the displayed error code 2. I've not tested anything else.

Note: Sandboxie.ini and Sandboxie-Plus.ini is present in the folder with the executable.

Solution so far: Manually connect via context menu Sandbox > Maintenance > Connect.

...

Previously:

The first time I uninstalled Sandboxie, downloaded Sandboxie-Plus, and launch it gives me ControlService error 1061. I rebooted my PC and it went away. After playing around with it, running sandboxed programs, etc, I shut down Sandman.exe and its services.

However, launching Sandman.exe gives me ControlService error 1061 again. I couldn't do anything but to restart the OS to get it working again.

Even shutting off windows defender didn't help. Do I have to restart every time, or is there an underlying issue that can be fixed without restarting

Thanks.

[bjm234]

Sometimes you may need to briefly stop running Microsoft Defender Antivirus real-time protection. However, real-time protection will soon turn on automatically again to protect your device.
You may need 3rd party tool to disable Microsoft Defender.

[ghost]

I updated my post. Windows Defender has nothing to do with this.

[DavidXanatos]

Can it be that you try to stop the driver while there are still sandboxed processes running?

[ghost]

Right, I mean no I don't think so. Here are two tests I performed to reproduce the stop_pending...
Which I ended up discovering another a new bug after testing differently...
I don't know if I should submit these as separate bugs here.
Should I?
Total of three bugs now.

Pre-steps before the tests:

1. Disable all antivirus. (disable realtime protection in windows defender)
2. Make sure Sandboxie.ini is deleted in Windows Folder.
3. Make sure Sandboxie-Plus.ini is deleted in %LocalAppData% folder
4. SbieDrv and SbieSvc are deleted. If SbieDrv is at stop_pending, restart and it'll be deleted.

Test 1 - Portable mode, reproducing stop_pending outside of uac protected folders:

1. Extract Sandboxie-Plus 0.4.4 pre into a folder outside of uac protected directories, I chose another drive.
2. Create Sandboxie.ini and Sandboxie-Plus.ini inside the folder.
3. Launch Sandman.exe
   3a. Error code 2.
   3b. Manually connect to show the Default Sandbox.
4. Right click Default Sandbox > Run a program > Run MsPaint.exe sandboxed.
5. Close MsPaint.
   5a. Right click Default Sandbox > Terminate all programs
6. Exit Sandman.exe, the presence of the ini files in the directory will prompt a clean-up of created services.
7. Launch Sandman.exe again.
   7a. ServiceControl error 1061.
   7b. Cmd > Input "sc queryex SbieDrv" returns stop_pending.

Test 2 - Installed. reproducing stop_pending inside of uac protected folders:

1. Install Sandboxie-Plus 0.4.4 pre into Program FIles.
2. Launch Sandman.exe.
3. Right click Default Sandbox > Run a program > Run MsPaint.exe sandboxed.
4. Right click Default Sandbox > Terminate all programs.
5. Context menu Sandbox > Maintenance > Stop All
6. Exit Sandman and relaunch.
   6a. ControlService error 1061.
   7b. Cmd > Input "sc queryex SbieDrv" returns stop_pending.

Test 3 - Discovering ControlService Error 123:

1. Extract Sandboxie-Plus 0.4.4 pre into a folder anywhere.
2. Launch Sandman.exe with admin priviledge
   2a. ControlService error 123, "The filename, directory name, or volume label sytax is incorrect"
   2b. Error code 2
3. Exit and relaunch Sandman.exe without admin
   3a. ControlService error 123
   The problem: No matter what you do, it will always cause ControlService errorr 123 until the SbieDrv is deleted via "sc delete SbieDrv", "Kmdutil delete SbieDrv", or via the Sandbox context menu > Maintenance > Advanced > Uninstall Driver.

Test 4 - Reproducing error code 2:

1. Extract Sandboxie-Plus 0.4.4 pre anywhere.
2. Launch Sandman.exe
   2a. Error code 2 (only once, it won't happen again even after closing Sandman.exe, because it did not prompt clean-up).
3. Perform clean-up and delete the extracted folder, then redo step 1.
4. Create Sandboxie.ini and Sandboxie-Plus.ini inside the folder.
5. Launch Sandman.exe
   5a. Error code 2
6. Exit Sandman.exe to perform clean-up, relaunch Sandman.exe.
   6a. Error code 2
   My guess: Error code 2 occurs on portable mode 100% of the time. But if installed instead of extracting, it won''t happen.

The amount of times that I've restarted just to test these...
Sandboxie-Plus is love and life. As a portable user, it is very useful.

Thanks.

[DavidXanatos]

I think i have found the cause of this issue, it should be fixed in the next build

[ghost]

Lovely! Thank you kindly for your work!