Update Failed because installer couldn't terminate COM Surrogate

[Sloren]

Hi everyone, I have been having an issue since last update, 1.16.3. When I was doing 1.16.3 update at first time I tried updating without closing Sandboxie Plus off then it said something like we found an app called "Com Surrogate" and that I should need to close it off. It said do you want to try again and I clicked yes, installer tried again and it gave me an error that said we couldn't close the program so you should do it manually and I didn't bother so I clicked cancel the installation button this time. I restarted my PC and tried installing again and this time I got managed to update it succesfully. Although I didn't want to use Sandboxie so much because I didn't know if it installed properly or not. In the end I just waited for a new update.

After waiting for weeks or a month now with this new update(1.16.4) same thing happened again! I tried closing Sandboxie program off before installation/update process but it didn't work. I don't know what's wrong. I repeated the same thing what I did last update and it worked again but like I said I just don't know if it installed properly. What if I download some executable that has malware and it infects my PC? Simply uninstalling and installing the program should be enough but I don't want to do that every single time I update it.

Can you please help me? I think a program blocks the installation process but for some reason after restarting the PC it just works fine.

Two more questions, If i reinstall the Sandboxie Plus do I lose my settings? Both sandbox and global settings? Also is there a way to verify program files like you can do on Steam games so I make sure there is no vulnerability in sandboxes? Thank you!

 

[bastik-1001]

Hello,

what system are you on? E.g. Windows 10 22H2.

Normally, the installer should be able to close Sandboxie and proceed with the installation. Someone else reported the same issue in this forum.

I quote myself:

With a tool like Sysinternals ProcessExplorer or ProcessHacker or TaskExplorer among other tools, you can check, which process is the parent of each COM Surrogate (dllhost.exe) just so get a clue of what might be preventing the update procedure.

If that happens again and Sandboxie could not terminate a COM Surrogate, you can open the main interface, select "Sandbox > Maintenance > Stop All" trying to stop everything.

As long as you can open something under the control of Sandboxie, the installation itself was successful, since if required files would be missing, Sandboxie would complain or not function.

If i reinstall the Sandboxie Plus do I lose my settings?

If you uninstall Sandboxie-Plus and select to remove the sandboxes and the configuration of them, they won't be around. You can uninstall Sandboxie-Plus, while keeping the sandboxes (their files) and their configuration. Just in case, you better back up the relevant files.

I don't know if the installer offers to keep the Sandboxie-Plus.ini, but this file holds the user interface configuration of Sandboxie-Plus, like the dark-mode being enabled, column width, and so on. The Sandboxie.ini is the most important file, as it stores the sandbox configuration and the global configuration.

Also is there a way to verify program files like you can do on Steam games so I make sure there is no vulnerability in sandboxes?

Not in the sense that there is a way to check the files against something. For steam games, there is a reference list, files are validated against, but since there is no such thing for all files, Sandboxie can't verify it against some list. It also can't tell if a file is supposed to have changed or not. Steam, may also do this to make cheating harder.

If you install something into a sandbox, you can use any tool you like to create checksums (like CRC/MD5/SHA) of those files, save it to a text document and re-do that at a later stage to compare the checksums.

You might be interested in another project David has, which is called MajorPrivacy (hosted on GitHub). Here is the main website. It's in beta stage right now. One of its purposes is being a host intrusion prevention system (HIPS).

As for Sandboxie itself, the installer and the binary files inside the installer are signed (signee: Tonalio GmbH), so they can't be tampered with, while being downloaded and once they are on the drive, installed to the file system.

Edit: Main website added.

 

[Sloren]

Hello,

what system are you on? E.g. Windows 10 22H2.

Normally, the installer should be able to close Sandboxie and proceed with the installation. Someone else reported the same issue in this forum.

I quote myself:


If that happens again and Sandboxie could not terminate a COM Surrogate, you can open the main interface, select "Sandbox > Maintenance > Stop All" trying to stop everything.

As long as you can open something under the control of Sandboxie, the installation itself was successful, since if required files would be missing, Sandboxie would complain or not function.



If you uninstall Sandboxie-Plus and select to remove the sandboxes and the configuration of them, they won't be around. You can uninstall Sandboxie-Plus, while keeping the sandboxes (their files) and their configuration. Just in case, you better back up the relevant files.

I don't know if the installer offers to keep the Sandboxie-Plus.ini, but this file holds the user interface configuration of Sandboxie-Plus, like the dark-mode being enabled, column width, and so on. The Sandboxie.ini is the most important file, as it stores the sandbox configuration and the global configuration.


Not in the sense that there is a way to check the files against something. For steam games, there is a reference list, files are validated against, but since there is no such thing for all files, Sandboxie can't verify it against some list. It also can't tell if a file is supposed to have changed or not. Steam, may also do this to make cheating harder.

If you install something into a sandbox, you can use any tool you like to create checksums (like CRC/MD5/SHA) of those files, save it to a text document and re-do that at a later stage to compare the checksums.

You might be interested in another project David has, which is called MajorPrivacy (hosted on GitHub). Here is the main website. It's in beta stage right now. One of its purposes is being a host intrusion prevention system (HIPS).

As for Sandboxie itself, the installer and the binary files inside the installer are signed (signee: Tonalio GmbH), so they can't be tampered with, while being downloaded and once they are on the drive, installed to the file system.

Edit: Main website added.

Hi, thank you for help.

I'm on Windows 11 24H2. I explained myself wrong so I apologize about that. I wanted to say I didn't close the Sandboxie off when the first update(1.16.3) released. However on the second and the most recent update I did close Sandboxie to try if it was going to work, to see if that was the issue or not but it did not work unfortunately.

So you mean when the next update releases I should try installing the update using "Sandbox > Maintenance > Stop All" method? I doubt it's going to work because Sandboxie was not running when I was installing the update. I will try it regardless though so thank you. I'm also using Kaspersky so could it be that my AV interfere with something when I'm installing the update? It was not a problem when I installed the program first time though and like I said when I restart the system it installs just fine(Kaspersky automatically opens itself on).

Also there was more than one COM Surrogate process on Task Manager so how am I going to know which one was giving me the issue? I went to the directory of one of them and it sent me to dllhost.exe on System32 folder.

I can open any games or programs in all of the Sandboxes I created just fine but it still doesn't help knowing that how does it install the program. The installer deleted half of the files when it showed me that error and I couldn't do anything on Sandboxie like it was so glitchy same as you remove System32 folder. After restarting the system and doing installation from start it was fine though.

Sorry about my English by the way. It's not my native language.

 

[bastik-1001]

My idea was that you try updating like you normally would, but if it fails for the same reason, that you have a look with a task manager that supports a tree view to see if some Sandboxie component is the parent of some COM surrogate that was not terminated.

• SandboxieCrypto.exe
• SandboxieDcomLaunch.exe
• SandboxieRpcSs.exe
• SandboxieBITS.exe
• SandboxieWUAU.exe
• SbieSvc.exe
• SandMan.exe

Five of those (the first five) are COM Services. I am not sure if the Sandboxie service itself would be a parent of a COM surrogate. Some component of Sandboxie should have it open, and could not close it. If David knows which, he can look into the problem.

And if you have the issue with updating it normally and some Sandboxie component being unresponsive, it would be interesting if the maintenance approach helps with that.

1) Update normally
2) If it fails due to a COM issue, please check if some Sandboxie component is a parent of a COM surrogate
3) Whenever or not you could find something, try Maintenance > Stop All and try updating again

Sandboxie was not running when I was installing the update.

Maybe some or one of its services was still running, because it did not terminate properly.

could it be that my AV interfere with something when I'm installing the update?

Possible, while I think it's unlikely as the AV should at least log something. It may even report it to the user if it prevented something. It can happen that some AV does not like some components due to changes in what the AV is looking for. It seems unlikely that AV is the cause of it, since it lets you install it anyway, which it should prevent more than once.

there was more than one COM Surrogate process on Task Manager so how am I going to know which one was giving me the issue?

Windows uses that quite often and it can be hard to tell them apart. My idea is to look for the process who started the COM Surrogate (e.g. what's the parent process of it.) If there is a Sandboxie component that has opened a COM Surrogate and did not close it when you install the update, then David can look into why that is the case.

I can open any games or programs in all of the Sandboxes I created just fine but it still doesn't help knowing that how does it install the program. The installer deleted half of the files when it showed me that error and I couldn't do anything on Sandboxie

Do you refer to the installer of Sandboxie? Or some installer you ran inside a sandbox?

Sorry about my English by the way. It's not my native language.

Never mind, it's not my native language either.

 

[Sloren]

My idea was that you try updating like you normally would, but if it fails for the same reason, that you have a look with a task manager that supports a tree view to see if some Sandboxie component is the parent of some COM surrogate that was not terminated.

• SandboxieCrypto.exe
• SandboxieDcomLaunch.exe
• SandboxieRpcSs.exe
• SandboxieBITS.exe
• SandboxieWUAU.exe
• SbieSvc.exe
• SandMan.exe

Five of those (the first five) are COM Services. I am not sure if the Sandboxie service itself would be a parent of a COM surrogate. Some component of Sandboxie should have it open, and could not close it. If David knows which, he can look into the problem.

And if you have the issue with updating it normally and some Sandboxie component being unresponsive, it would be interesting if the maintenance approach helps with that.

1) Update normally
2) If it fails due to a COM issue, please check if some Sandboxie component is a parent of a COM surrogate
3) Whenever or not you could find something, try Maintenance > Stop All and try updating again


Maybe some or one of its services was still running, because it did not terminate properly.



Possible, while I think it's unlikely as the AV should at least log something. It may even report it to the user if it prevented something. It can happen that some AV does not like some components due to changes in what the AV is looking for. It seems unlikely that AV is the cause of it, since it lets you install it anyway, which it should prevent more than once.


Windows uses that quite often and it can be hard to tell them apart. My idea is to look for the process who started the COM Surrogate (e.g. what's the parent process of it.) If there is a Sandboxie component that has opened a COM Surrogate and did not close it when you install the update, then David can look into why that is the case.


Do you refer to the installer of Sandboxie? Or some installer you ran inside a sandbox?


Never mind, it's not my native language either.

I just downloaded Process Explorer from Sysinternals site(learn microsoft). I checked every name to find COM Surrogate but I couldn't find anything. I think they all called as dllhost.exe. There is only one dllhost.exe with its parent(it says package but I think that means parent, right?) as Sandboxie and its SandboxieShell_1.0.0.0_neutral_8tm... something something. There are lots of numbers and words at the end of the name. I can provide if needed.

I will tell you the other dllhost.exe processes and their package names right now. One of them is Winrar, the other one is from NotepadPlusPlus and of course there is one package from Kaspersky and Microsoft.WindowsNotePad.

Also there is one more dllhost.exe process but it says [Error opening process] in its Path description.

Do you refer to the installer of Sandboxie? Or some installer you ran inside a sandbox?

I meant installer of Sandboxie. I never install something in Sandboxes only run apps(mostly games). I set a forced folder that just opens the app(.exe) in the folder in Sandbox.


Edit: Oh, their description is called "Com Surrogate" not their process name. Which is weird because on Task Manager they are all called as "Com Surrogate" in their name.

Edit 2: I also told you these without doing any update or installation. I have my Sandboxie program open right now and it was open while I was giving these informations. I can do the same thing in next update 1.16.5 like when I'm doing the update to tell you exactly what dllhost.exe processes are open and not closing.

 

[bastik-1001]

The COM surrogate should only become relevant, when the update process fails.

I meant installer of Sandboxie.

If the installer detects an error or state in which it can't perform the update, it shall return to the state before it was attempting the update. Only if the updater/installer is crashing (or the whole computer got powered off or crashed) it can happen that the state is inconsistent.

 

[Sloren]

The COM surrogate should only become relevant, when the update process fails.



If the installer detects an error or state in which it can't perform the update, it shall return to the state before it was attempting the update. Only if the updater/installer is crashing (or the whole computer got powered off or crashed) it can happen that the state is inconsistent.

Installer of Sandboxie deleted half of the files during update, showed the error that saying it can't close COM Surrogate program, after that I pressed try again button 5 or 6 times but it always said the same thing, it can't close the program so I cancelled the installation(update) by clicking the other button and it didn't revert anything like you said, Sandboxie just stayed in a broken state as half of the files are gone and it didn't reinstall them. Then I restarted the system, it showed me this time something about portable mode is active you need to give permission blah blah I don't really remember and ran the installer of Sandboxie again. This time everything went smoothly and Sandboxie started with no issue.

Thanks for the help again, I'm going to post here the packages that created COM Surrogate processes when the next update releases if this issue happens.

I want to ask how will I or you know which COM Surrogate is blocking the installation happening if there is more than one process again? Is there something I can do now or do I need to wait until next update?

 

[bastik-1001]

It appears that something went totally wrong with your installation. Probably the developer should take a look at this. He often recommends a clean installation if there were issues with an update.

I want to ask how will I or you know which COM Surrogate is blocking the installation happening if there is more than one process again? Is there something I can do now or do I need to wait until next update?

I don't know how to tell exactly which COM Surrogate it is. Maybe the developer has some technical insight to this.

Right now, I don't think something can be done, until it is time to update again, but if you say Sandboxie failed to install properly, maybe it is not going to work well.