HPScan.exe dose not work

robotman

New member
I have an HP printer that supports scanning, model HP LaserJet MFP M227-M231, which has a scanning program called HPScan.exe.
On the Windows 11 system, it works properly when run directly, but it cannot even start when launched with Sandboxie.
after Modify sandboxie.ini
OpenClsid={B6C292BC-7C88-41EE-8B54-8EC92617E599}
OpenClsid={F5078F32-C551-11D3-89B9-0000F81FE221}
OpenClsid={A1F4E726-8CF1-11D1-BF92-0060081ED811}
OpenClsid={9E175B6D-F52A-11D8-B9A5-505054503030}
OpenClsid={5E1395B2-B685-44E3-8AED-E2304D85ACD1}
OpenClsid={D13E3F25-1688-45A0-9743-759EB35CDF9A}
HPScan.exe can start when launched with Sandboxie, but can not scan

Modify sandboxie.ini go on
Template=OpenCOM
HPScan.exe can not launched with Sandboxie again, What can I do to get HPScan.exe to run in Sandboxie?

I download wia sample https://github.com/microsoft/Window...n/Samples/Win7Samples/multimedia/wia/wiassamp
the sample code
hr = pWiaDataTransfer->idtGetData( &stgMedium, pWiaDataCallback );
show me error 0x80070776
 
Last edited:
You may try to run the software in an application compartment box, to check if it is going to work. This is just for testing, as it can only be properly used with a supporter certificate. If it works in that mode, some restrictions need to be lifted in the standard box.
 
You may try to run the software in an application compartment box, to check if it is going to work. This is just for testing, as it can only be properly used with a supporter certificate. If it works in that mode, some restrictions need to be lifted in the standard box.
I try application compartment box, If set Template=OpenCOM, it works!!!
compare sandboxie.ini, the application compartment box set
Template=RpcPortBindingsExt
NoSecurityIsolation=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
I guess the key point is
Template=RpcPortBindingsExt
NoSecurityIsolation=y
Will this lead to a decrease in security ?
 
NoSecurityIsolation=y
Will this lead to a decrease in security ?

This disables the driver based filters, and is therefore less secure. Apps that run under Sandboxie's control will still be sandboxed. An app that is aware of it being sandboxed, could make break out. It would take malicious intent to break out of the sandbox. David, might be able to give you more technical details.
 
This disables the driver based filters, and is therefore less secure. Apps that run under Sandboxie's control will still be sandboxed. An app that is aware of it being sandboxed, could make break out. It would take malicious intent to break out of the sandbox. David, might be able to give you more technical details.
Is NoSecurityIsolation=y can set to only one exe?
 
NoSecurityIsolation=y is per sandbox. I assume that this is for technical reasons. I don't know if that could be changed. (For comparison, there is NoSecurityFiltering=y, which disables file and registry filtering, what should be avoided.)

In "Program Control > [Start Restrictions]" you could limit what can start in this box.
 
Back
Top