Sandboxie under Windows XP

[modnar]

@Multibooter you should know that these fixes only get applied when you write/import them into registry and then restart Windows (these are really low level/near hardware system settings).

There is strong possibility the settings weren't even applied (applying them in a Sandbox - you can't restart such a system...).

NtfsDisableLastAccessUpdate_1 is not really appropriate for Windows XP - it causes more fragmentation of normal files (and I've used this tweak the longest time). To remove it from your system delete it from (Registry) HKeyLocalMachine/System/CurrentControlSet/Control/Filesystem so there are only 3 factory entries: NtfsDisable8dot3NameCreation (0), Win31FileSystem (0), Win95TruncatedExtensions (1) and reboot. If you have Diskeeper, lack of NtfsDisableLastAccessUpdate is not felt (speedwise) and Diskeeper protects the disk from unnecessary work.

Edited GroupOrderList values have to be as long as the factory ones, that means 03 entries for SCSI_Class and 0b entries for Filter otherwise internet browser crashes sometimes (observed). They are posted in my previous post on page 2 of this topic.

Nothing more to add - with factory XP filesystem settings, sbiedrv happily works without Load Order Group.

Edited March 9 by modnar
Update

[Multibooter]

Annoying Sandboxie error message "Invalid comand line parameter"
Many .rar etc downloads contain dubious stuff in nested subfolders with long path names. Very often, after having extracted a .rar and then, when trying to run a dubious file inside a long path name, Sandboxie does NOT run the file, but displays the annoying error message "Invalid command line parameter".

This error message occurs under Sandboxie v5.22 (WinXP, SSE-only) and v5.40 (WinXP, SSE2), when the total path length (excluding the filename and the drive letter) exceeds 122 characters. The error message "Invalid command line parameter" does not indicate that something is wrong with the file itself, only that the path length is too long. When running many dubious little files, maybe 60% of the error messages generated by Sandboxie are "Invalid command line parameter".

WORKAROUND: Copy the dubious little file into a temporary folder with a short path name, then run it sandboxed. I have attached a picture of this annoying error message, when you run notepad.exe sandboxed in a subfolder exceeding 122 characters. When the path length is reduced to 122 characters, notepad.exe runs OK in a sandbox.

Edited December 16, 2024 by Multibooter

[modnar]

@Multibooter Please also delete the "Group" (file system) reg. file for Sbiedrv - it is not needed when XP filesystem is factory (no NTFSLastAccessUpdate tweak). I sent you PM about this...

[Multibooter]

A program can be test-installed into a dedicated sandbox as an initial precautionary step. The screenshot below shows the Virus Total Report for my ancient version of Kaspersky, obtained by running VT Hash Check in a sandbox. I have examined VT Hash Check and it is OK, so I proceeded to a clean install, outside of a sandbox.

This posting shows several issues of VT Hash Check and tricks how to get VT Hash Check, installed into a sandbox, to run Ok in a sandbox.

1) A required .dll was missing in the install-to in the sandbox
If MS Internet Explorer 8 is not installed under WinXP (e.g. under WinXP SP2 upgraded with Service Pack SP3) VT Hash Check generates the error message "Unable to Locate Component" during the 1st and subsequent runs (see STEP 3).

2) The Settings window of VT Hash Check can be accessed by selecting it from the main program window. The settings are stored in a non-ASCII config.dat  A program bug, when a required .dll was missing, can change the default selection of the HTTPS mode ("Use SSL/TLS") to become de-selected. Subsequently, when I tried to run the program, an error message "Your virus total account is not allowed to perform that action" comes up instead of the main program window, and there is no more access to the Settings window to select again "Use SSL/TLS".

 

In short: How can the Settings window be displayed and run separately in the sandbox, for changing settings stored in the non-ASCII config.dat?  (see STEP 4)

3) VT Hash Check is started  by selecting "Check File Hash" from the context menu of a file of any file type
- BUT: there is NO context menu entry to start VT Hash Check because the program was installed into a sandbox
- VT Hash Check is not started by double-clicking on a file or desktop shortcut, but via the context menu

In short: The program installed into the sandbox could not be run (see STEP 5).

Below are the tricks used to get VT Hash Check, installed into a sandbox, to run Ok in the sandbox.

STEP 1: create a dedicated sandbox
-> right-click on the Sandboxie Control icon in the System Tray -> Show Window -> Sandbox
-> Create New Sandbox, e.g. VT_Hash_Check,
A program installed into a dedicated sandbox can be easily and completely removed later on by simply deleting the dedicated sandbox.

STEP 2: install the program into the sandbox
-> right-click on setup.exe, the installer of VT Hash Check -> Run sandboxed
-> select the just created sandbox VT_Hash_Check, then install the program.
NOTE: the Completing window of the installer of VT Hash Check does not contain a usual selection like "Run the program", because the program is run by right-clicking on a file to be checked

STEP 3: add a missing .dll into the sandbox [if Internet Explorer 8 is not installed]
- manually copy normaliz.dll into the install-to folder in sandbox VT_Hash_Check,
  e.g. into M:\Sandbox\VT_Hash_Check\drive\I\VT Hash Check\,
- normaliz.dll can be extracted from the subfolder \support\ in IE8-WindowsXP-x86-ENU.exe, the installer of MS Internet Explorer 8 for WinXP

STEP 4: create a special desktop shortcut to display the hidden Setttings window, using a command line parameter

- with this special desktop shortcut you can access the Settings window, shown above, before the 1st run and enter your API key and verify the "Use SSL/TLS" setting
- you can create this special desktop shortcut into the sandbox as follows:
  -> right-click on the Sandboxie Control icon in the System Tray -> Show Window -> Configure
  -> Windows Shell Integration -> click on Add Shortcuts button
  - in window Windows Shell Integration -> OK
  - in window Run sandboxed -> select the sandbox VT_Hash_Check -> OK
  - in the next, untitled window -> click on All Files and Folders, then browse to VTHash.exe in M:\Sandbox\.
    NOTE: in Sandboxie v5.22 (for SSE-only) there seems to be a bug if the screen fonts/DPI Setting is set to "Large Size (120 DPI)",  I had to keep the left-click button of the touchpad pressed while browsing
  - miraculously this special shortcut into the sandbox will appear on the desktop, with strange double backward slashes in "Start in:", e.g. "M:\\Sandbox\....."
- then, IMPORTANT: append --prefs to the Target -> Apply -> OK [the command line parameter --prefs will load the Settings window]

- the created special desktop shortcut, shown above, was renamed to, for example, [Virus Total] Hash Check

STEP 5: edit the registry to run VT Hash Check, installed into the sandbox, via the context menu
- in order to start VT Hash Check, installed into a sandbox, you have to manually create registry keys for it
- the registry entries will run VT Hash Check, installed in a sandbox, just as if you were running
  VT Hash Check normally installed, outside a sandbox, for all file types
- here are the instructions:
  -> in HKLM\*\shell create a new key vthash
  -> Modify the Default value to Check File Hash...
  -> in key vthash: -> create a new Key and rename the new key to command
  -> Modify the default value as follows:
      -> paste the Target of the special desktop shortcut, created in STEP 4, into the Value data field
      -> in the Value data field replace the parameter --prefs with "%1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\vthash]
@="Check File Hash..."

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\vthash\command]
@="I:\\Sandboxie\\Start.exe /box:VT_Hash_Check \"M:\\\\Sandbox\\VT_Hash_Check\\drive\\I\\VT Hash Check\\VTHash.exe\" \"%1\""

Following the instructions in STEP 5 above may be easier than creating a modified .reg file

BTW, it is very easy to create in HKLM\*\shell a new context menu entry for other programs, for all file types, in analogy to the instructions above. I have, for example, created a context menu selection "Hex Workshop" for all file types which will open the selected file in Hex Workshop. This is particularly useful when a lot of windows are already open, hiding the desktop shortcut to Hex Workshop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\HexWorkshop]
@="Hex Workshop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\HexWorkshop\command]
@="\"I:\\Hex Workshop\\hworks32.exe\" \"%1\""

 

Edited Monday at 04:53 PM by Multibooter

[modnar]

I found the optimal Filter group setting to be 06 (with default XP filesystem), win2003 has it at 07 (has another service at tag=7) but both contain a "dead" service at tag=b which doesn't count. System is faster and more responsive. Attached is the .txt / .reg file.

GroupOrderList_Filter_06_XP_USP4.txt