Registry not unloaded before deleting sandbox causing error #4985
Description
Describe what you noticed and did
In 1.16.2, when trying to delete a Sandbox, Sandboxie sometimes reports there was an error when deleting. When this happens, I navigate to C:\sandboxie\user<sandbox> and then attempt to remove the files manually in the filesystem. The erroneous files are the registry/reghive files. They say they are in use by "System".
To work around this issue, I open regedit and then navigate to HKEY_USERS\Sandbox_User_SandboxName and then go to File->Unload Hive. After doing this, Sandboxie is able to delete the reghive files without any issue.
It seems there is some issue with unloading the reghives when attempting to delete the content in some cases. I haven't found a sure way to trigger it but I have encountered it multiple times with my Firefox sandboxes. I have to manually unload the reghive before I can delete the content.
Worth noting that I also "Terminate All Programs" prior to trying to delete the content and there are no applications showing the the file tree in sandboxie under the sandbox.
Since I can manually unload the hive through regedit, I am able to work around the issue, but it would be ideal if there was some sort of automatic way of ensuring the registry hive of the sandbox is unloaded prior to performing delete content to ensure it does not fail.
How often did you encounter it so far?
Every few weeks after running the same sandbox over a few days
Expected behavior
When deleting content, the registry should automatically be unloaded properly so the files can be deleted.
Affected program
Firefox (all versions), Brave, possibly other browsers/apps
Download link
not relevant
Where is the program located?
The program is installed only inside a sandbox (NOT in the real system anyway).
Did the program or any related process close unexpectedly?
No, not at all.
Crash dump
No response
What version of Sandboxie are you running now?
1.16.2
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression from previous versions?
Have encountered this over several versions.
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
My sandbox contains existing programs or data.
What is your Windows edition and version?
Windows 11 23h2 10.0.22631.5768
In which Windows account you have this problem?
A Microsoft account (Administrator).
Please mention any installed security software
Microsoft Defender for Endpoint
Did you previously enable some security policy settings outside Sandboxie?
No manual configuration of the security policy. Default yellow sandbox.
Trace log
No response
Sandboxie.ini configuration
#
# Sandboxie configuration file
#
[GlobalSettings]
Template=7zipShellEx
Template=Edge_Fix
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
[UserSettings_2DA80421]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
SbieCtrl_EnableAutoStart=y
BoxGrouping=:DefaultBox,Brave,Firefox
[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%Desktop%
RecoverFolder=%Personal%
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
BorderColor=#00FFFF,ttl
Template=AutoRecoverIgnore
Template=LingerPrograms
Template=BlockPorts
Template=qWave
Template=FileCopy
Template=SkipHook
Template=OpenBluetooth
ConfigLevel=10
[Brave]
AllowSpoolerPrintToFile=y
AutoRecover=y
BlockNetworkFiles=y
BorderColor=#00ffff,ttl,6
BoxNameTitle=n
ClosedFilePath=firefox.exe,*\MpDetours.dll
ConfigLevel=9
CopyLimitKb=-1
CopyLimitSilent=n
DropAdminRights=y
Enabled=y
FakeAdminRights=y
ForceProcess=firefox.exe
LeaderProcess=firefox.exe
OpenFilePath=*\MpDetours.dll
BreakoutProcess=ncplayer.exe
OpenPipePath=C:\Users\<user>\Downloads
[Firefox]
AllowSpoolerPrintToFile=y
AutoRecover=y
BlockNetworkFiles=y
BorderColor=#00ffff,ttl,6
BoxNameTitle=n
ClosedFilePath=firefox.exe,*\MpDetours.dll
ConfigLevel=9
CopyLimitKb=-1
CopyLimitSilent=n
DropAdminRights=y
Enabled=y
FakeAdminRights=y
ForceProcess=firefox.exe
LeaderProcess=firefox.exe
OpenPipePath=C:\Users\<user>\Downloads