Chrome inside sandbox fails to check for updates: 0X8007042D

Laciqs

New member
Chrome's update checking process begins with COM service activation, which relies on its updater services.
I've found chrome running in a sandbox cannot find its updater services outside the sandbox via COM service activation, displaying HRESULT 0x80070424 due to Sandboxie's isolation mechanism.
1726506248490.png

Therefore, to update chrome running in a sandbox, I manually installed chrome and its relevant services inside a Sandbox and added these services into SandboxedServices:
1726505409249.png
However, Chrome still fails to check for updates, displaying HRESULT: 0X8007042D, which means ERROR_SERVICE_LOGON_FAILED.
1726505618987.png


I have wrriten a simple COM client and a COM server, and they can communicate with each other in the same Sandbox via COM service activation, but Chrome fails to start its update service. This really confuses me.
Is there any method to fix this, or to update Chrome in a sandbox without disabling isolation?
Thanks!
 
Hello,

I don't know if this is of any help. It's related, but about Vivaldi.

Personally, I don't have software that updates itself installed into a sandbox. And for software that is installed to the system, I update outside Sandboxie. I also don't know about COM interaction and Sandboxie.

Code:
"C:\Program Files\Sandboxie-Plus\Templates.ini"
contains a template to prevent updaters from starting. The template is named [Template_BlockSoftwareUpdaters] and contains:
Code:
#Tmpl.Title=#xxxx
#Tmpl.Class=Misc
#BlockSoftwareUpdaters=y

SoftwareUpdater=firefox.exe,*\mozilla firefox\updater.exe
SoftwareUpdater=firefox.exe,*\mozilla*\updates\*updater.exe
SoftwareUpdater=waterfox.exe,*\Waterfox\updater.exe
SoftwareUpdater=palemoon.exe,*\Pale Moon\updater.exe
SoftwareUpdater=seamonkey.exe,*\SeaMonkey\updater.exe

SoftwareUpdater=GoogleUpdate.exe,*\google\update\*chrome_installer.exe
SoftwareUpdater=msedge.exe,*\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
SoftwareUpdater=msedge.exe,*\Microsoft\EdgeUpdate\*MicrosoftEdgeUpdateBroker.exe
SoftwareUpdater=vivaldi.exe,*\Vivaldi\Application\update_notifier.exe
SoftwareUpdater=brave.exe,*\BraveSoftware\Update\BraveUpdate.exe
SoftwareUpdater=brave.exe,*\BraveSoftware\Update\*BraveUpdateBroker.exe
SoftwareUpdater=opera.exe,*\Opera\*opera_autoupdate.exe
SoftwareUpdater=launcher.exe,*\Opera\*opera_autoupdate.exe
SoftwareUpdater=yandex.exe,*\Yandex\YandexBrowser\Application\*service_update.exe
SoftwareUpdater=maxthon.exe,*\Maxthon\Application\*mxupdater.exe
SoftwareUpdater=dragon.exe,*\Comodo\Dragon\dragon_updater.exe
SoftwareUpdater=osiris.exe,*\Osiris\update.exe
SoftwareUpdater=app_launcher.exe,*\Osiris\update.exe
SoftwareUpdater=slimjet.exe,*\Slimjet\updater.exe

SoftwareUpdater=thunderbird.exe,*\mozilla*\updates\*updater.exe

which might also apply in your case. You could remove the template or the entries for Chrome to see if that has any effect.
 
Hello,

I don't know if this is of any help. It's related, but about Vivaldi.

Personally, I don't have software that updates itself installed into a sandbox. And for software that is installed to the system, I update outside Sandboxie. I also don't know about COM interaction and Sandboxie.

Code:
"C:\Program Files\Sandboxie-Plus\Templates.ini"
contains a template to prevent updaters from starting. The template is named [Template_BlockSoftwareUpdaters] and contains:
Code:
#Tmpl.Title=#xxxx
#Tmpl.Class=Misc
#BlockSoftwareUpdaters=y

SoftwareUpdater=firefox.exe,*\mozilla firefox\updater.exe
SoftwareUpdater=firefox.exe,*\mozilla*\updates\*updater.exe
SoftwareUpdater=waterfox.exe,*\Waterfox\updater.exe
SoftwareUpdater=palemoon.exe,*\Pale Moon\updater.exe
SoftwareUpdater=seamonkey.exe,*\SeaMonkey\updater.exe

SoftwareUpdater=GoogleUpdate.exe,*\google\update\*chrome_installer.exe
SoftwareUpdater=msedge.exe,*\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
SoftwareUpdater=msedge.exe,*\Microsoft\EdgeUpdate\*MicrosoftEdgeUpdateBroker.exe
SoftwareUpdater=vivaldi.exe,*\Vivaldi\Application\update_notifier.exe
SoftwareUpdater=brave.exe,*\BraveSoftware\Update\BraveUpdate.exe
SoftwareUpdater=brave.exe,*\BraveSoftware\Update\*BraveUpdateBroker.exe
SoftwareUpdater=opera.exe,*\Opera\*opera_autoupdate.exe
SoftwareUpdater=launcher.exe,*\Opera\*opera_autoupdate.exe
SoftwareUpdater=yandex.exe,*\Yandex\YandexBrowser\Application\*service_update.exe
SoftwareUpdater=maxthon.exe,*\Maxthon\Application\*mxupdater.exe
SoftwareUpdater=dragon.exe,*\Comodo\Dragon\dragon_updater.exe
SoftwareUpdater=osiris.exe,*\Osiris\update.exe
SoftwareUpdater=app_launcher.exe,*\Osiris\update.exe
SoftwareUpdater=slimjet.exe,*\Slimjet\updater.exe

SoftwareUpdater=thunderbird.exe,*\mozilla*\updates\*updater.exe

which might also apply in your case. You could remove the template or the entries for Chrome to see if that has any effect.
I removed the template but it doesn't work.
"/disable_force" works but I need Chrome to be updated when it is sandboxlized.
Thanks for your reply, anyway.
 
Back
Top