sbiedrv.sys can't be stopped

[mingya]

I tried updating my portable installation with the latest version 1.16.9, then sbiedrv.sys cannot be stopped appeared, tried method posted here, does not work, problem remains. How do I proceed with the update?

Also, ever since the last fixed installation with one of the 1.15 version as discussed in this post, my device had been encountering the following issue that cause restart or network staggering. Prior to that fixed installation, instead of using portable, I had no such issue, but this happened ever since that installation, even I have been using portable. Is there anyway to check if any remnants of that installation in registry and clean it?

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{**}
and APPID
{**}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

[bastik-1001]

Did you uninstall the version you had been using, before you tried to start the portable instance?

 

[mingya]

Yes I did. I asked you then if it's a clean uninstall

 

[bastik-1001]

I don't know of a sure way to tell, if everything was correctly uninstalled, other than checking the installation folder and if the registry is still referring to it.

Was something running in a sandbox, when you tried to update?

Since the driver was running, at least SandMan itself seems to have been started. Was that still running, while you tried to use the installer to extract it?

 

[mingya]

I made sure several times, nothing was running. I tried tracing the registry, saw entries of sandbox-plus, but not linked to anywhere, there was an empty folder in program files. I deleted it, shutdown and reboot a few times. So far so good. I hope it was the cause.

LATEST UPDATE: it's rebooting again, more frequently this time. Any suggestion on how to trace the registry deeper, is there a tool that can check for app not installed but leftover reg entries?

 

[mingya]

I tried extracting the latest version 1.17.2, still having the same SbieDrv cannot be deleted issue. It seems this is the old problem culprit that had been making sandboxie unstable. I also tried using Kmdutil to uninstall, it's sticking. It took many restart of windows and windows explorer, to finally remove this sbiedrv.sys file. I tried changing file security properties, using filelocksmith, even on dos prompt, it bites. This is the file that requires administrator privileges to start sandboxie-plus. Anyway, I could rid of this problem on next version update?

 

[mingya]

When I reinstall, the following happened. I can no longer start sandboxie.
I install it and run it as portable, but unlike previous version, it does not ask if I want to run it as portable or not.

The most weird thing is, I cannot even remove "portable sandboxie" once it's extracted (see screenshot below)

This is urgent. Please help asap.

 

[bastik-1001]

Has someone else seen this issue?

I don't even know where to begin.

 

[mingya]

I figured out what happened, somehow registry retains every bit of path that the app ever created. In other words, if I moved it to a different directory, it will retain that path as well, and that ControlService Start issue was caused by that, almost similar to the post that was previously reported on a fixed path for Sbiedrv.sys a long while ago.

I have to manually search for any Sandboxie registry, cache or no cache, removed everything with the keyword. Also uninstall IMdisk and remove all registry. Finally I was able to extract one without installing IMdisk, and continue using it.

Question is, why is sbiedrv.sys became an issue, and the path for kmdutil is also an issue for a portable setup? Should they simply be a temporary entry, not a fix one? Something that will be removed when the perform a cleanup exit?

 

[mingya]

The new 1.1.75 is having the same issue on Sbiedrv.sys reported above. I understand it's a regression release, but portable version means it should be green installation, not a fix registry that can't be cleaned when exiting sandboxie-plus, should be removed after a cleaned up exit?