A Monitor Program Has Been Found Sandboxie

Sandboxie - Sandbox security software for Windows. Install and run programs in a virtual sandbox environment without writing to the hard drive.

Here is a copy of a Word 2010 file that details how I proved Sandboxie leaks pictures ...

Quote: Sandboxie Sandboxie v0.6.5 / 5.47.0 Changes in Sandboxie 5.47.0: Added. Added detection for waterfox.exe, Palemoon.exe, basilisk.exe and brave.exe firefox forks; added bluetooth API support, IPC port can be opened with “OpenBluetooth=y”. Dec 04, 2008 'A monitor program has been found running in your system. Please, unload it from memory and restart your program.' I get this message randomly and Traktor Pro won't start. Once I get it the only way to get Traktor to run again is to log off and log back in. Doesn't happen with Traktor Studio or Traktor Scratch, only Pro. If the program has been added to the sandbox and its icon appears in the window, it will always automatically run sandboxed. Right click on the program/shortcut and select “Remove an application from Shade” or remove it from the Shade window by selecting the icon and pressing the remove button.


USING PIRIFORM’S RECUVA IN THUMBNAIL VIEW, I SCANNED EACH OF THE FOLDERS IN MY C: DRIVE.
This scan was performed outside of Sandboxie. I was looking for any pictures (*.jpg|*.png|*.raw|*.gif|*.jpeg|*.bmp|*.tif) in Recuva’s parlance that were produced on screen while operating under the supervision of Sandboxie while cruising the Internet. These pictures, that I did not expect to find outside of Sandboxie after Sandboxie’s files were deleted, appeared in Recuva’s scans
I refer to these pictures as my “the watch criteria” below. None of the watch criteria files were user saved. They were only displayed within the Sandboxie 'enclosed' browser (Firefox in my case).
The computer used for this work has only one hard drive naturally named the C: drive. This drive (C:) contained many folders. I scanned each of these folders separately using Recuva. The results of these scans produced only six files as matching my watch criteria. Here they are as Filename and Path. The duplicate was indeed a duplicate.
Scanning C:Users*
Found 1,638 files 3 of which satisfy the watch criteria.
Filename: tree_view[1].jpg
Path: C:UsersRodger A SandersAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5E5UVIAZV
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:UsersRodger A SandersAppDataLocalMozillaFirefoxProfiles86nikl3x.default-1444703085006cache2entries
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Path: C:UsersRodger A SandersAppDataLocalMozillaFirefoxProfiles86nikl3x.default-1444703085006cache2entriesBeen
Scanning C:Program Data*
Found 44 files 2 of which satisfy the watch criteria.
Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Path: C:ProgramDataMicrosoftWindows DefenderScansHistoryResultsResource
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Path: C:ProgramDataMicrosoftWindows DefenderScansHistoryResultsResource
Scanning C:Program Files*
Found 120 files 1 of which satisfies the watch criteria.
Filename: CrtCheck.exe
Path: C:Program FilesAVAST SoftwareAvastx64
Having scanned EACH of the folders in C:, the above are the only files that fit the watch criteria.
I then scanned the complete C: “folder” as reported below…
Scanning C:*
Found 11030 files 756 of which satisfies the watch criteria.
Which means that 756 – 6 = 750 lay outside of the subdirectories on the C: folder.
I selected all of the 11030 files and requested that Piriform Recuva secure overwrite them all.
Recuva overwrote 5825 files in 10 minutes 36 seconds. File types not overwritten were…
File is resident in the MFT
A Monitor Program Has Been Found Sandboxie File is already overwritten by existing files(s)
As reported by Recuva. I then ran a scan on C: to verify the result of the overwrite. It bombed.
Scanning C:*
Found 10995 files of which a large number satisfies the watch criteria many of which were recognizable from the scan of C:* prior to the secure overwrite. I did not count each hit on my watch criteria. Piriform – you are not doing what you claim.
I am running Eraser on unused space on C:* to see if that program will get the job that Sandboxie should have been doing done. Eraser completed in 3 hrs. 7 min. with warnings. What warnings? Here is the entire log…
Session: Monday, January 09, 2017 7:01:26 AM
Monday, January 09, 2017 7:01:26 AM Information Session started
Monday, January 09, 2017 7:01:27 AM Warning This computer has had System Restore or Volume Shadow Copies enabled. This may allow copies of files stored on the disk to be recovered and pose a security concern.
Monday, January 09, 2017 11:08:49 AM Information Session ended
I then ran Recuva on C: again to see if Erase had done its job. It did.

A Monitor Program Has Been Found Sandboxie Game

Running Recuva on C: after the erase. 1/9/2017 11:36 AM.
This scan found 1419 files of which 0 satisfied the watch criteria.
I searched the 1419 files found for each of the file names found earlier….
Filename: tree_view[1].jpg
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145
Filename: B7FB31AD0A4575EADE23D14B226DEFA97951E145

Free Program Sandboxie


Filename: {CCFFD13D-C418-4AFB-83FA-E9CEACE148BC}
Filename: {3264B22E-2E72-4134-9FCA-D0F263D9F448}
Filename: CrtCheck.exe
Yes, there were two identical files (names) found. None of these files were found.
NOTE: The filenames did not represent the content of the six files.
Bottom Line: Sandboxie leaks pictures that Recuva can find and restore. I did not restore any of the files. If you are serious about using Sandboxie as a privacy program for photographic content – FORGET IT. After you “delete” Sandboxie’s files, run Eraser on all drives that Sandboxie can touch to finish the job.
I did not test for the other file types that Recuva can find BUT as far as Sandboxie’s privacy claims go – be careful.This has to be machine specific rather than a Sandboxie problem but I'm hoping shared experience might point to a clue.
I have a number of workstations and laptops and Sandboxie performs brilliantly on all - even including the one I've got a problem with, up till yesterday. On that one, anything using the Chromium Engine (Chrome and Iron) have suddenly stopped functioning as normal. I can still run Firefox or IE but any attempt to run Chrome produces multiple instances of the error:
'SBIE2101 Object name not found: , error OpenProcess (C0000022) access=001FFFFF initialized=1'
no less than 16 times on opening the browser and then another 2 or 3 for every tab I open. The browser is actually working but the constant error reports make it unusable.
As this is not happening on any other machine I know it can't be a Sandboxie or Chrome problem. But even after scrubbing the installations (with Revo advanced) of Chrome, Iron AND Sandboxie, and then reinstalling them, the problem remains.
If I could find any clue as to what the error message ('SBIE2101 Object name not found: , error OpenProcess (C0000022) access=001FFFFF initialized=1') means, I might be able to troubleshoot it, but as of now, I haven't a clue where to begin.
Obviously the first thought is 'what's changed'. But I haven't allowed a windows Update in the past few days, so it can't be that. I did make a minor modification to my Zonealarm firewall (stopped it locking the hosts file - to prevent its conflict with Spybot Antibeacon) but I repeated that on nearly 20 other machines yesterday and none of them are exhibiting this behaviour, so it's unlikely to be related to that. I did update SRWare Iron to the 64 bit version 2 days ago (partly because the 32 bit version stopped working in SB on the affected laptop), but didn't touch the Chrome installation (and both were working normally for the rest of that day), so it's unlikely to be that. And no other changes (that I'm aware of) have taken place in the last 48 hours.
Suggestions?