Apps just open in background

[AlexLohrer]

Describe what you noticed and did

Since the recent Windows update (2 weeks ago), almost all of my sandboxed apps, no matter if installed inside or outside Sandboxie, open in the background. Just MS Office apps still open in the foreground, no matter if I open the app or if I open a file with such an app. All other apps open in background, even tools that are installed in the system, like WinRAR. The task symbol of that app mostly flashes orange then.

How often did you encounter it so far?

Whenever opening sandboxed apps or opening files with sandboxed apps

Affected program

All programs (except MS Office 2019), e.g. AIMP 5.11.2435 64bit

Download link

https://www.aimp.ru/?do=download&os=windows

Where is the program located?

The program is installed both inside and outside the sandbox.

Expected behavior

Apps open in the foreground, even if sandboxed

What is your Windows edition and version?

Windows 11 Pro 22H2 Build 22621.2134

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Microsoft Defender Antivirus

What version of Sandboxie are you running?

Sandboxie Plus 1.10.5. 64-bit

Is it a new installation of Sandboxie?

I just updated Sandboxie from a previous version (I remember which one it is).

Is it a regression?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No

Crash dump

No response

Trace log

https://drive.google.com/file/d/1col3QYvT8E4ShClMErkytX2Np9RnJxk7/view?usp=sharing

Sandboxie.ini configuration

[GlobalSettings]
FileRootPath=\??\%SystemDrive%\Sandbox\%SANDBOX%
SeparateUserFolders=n
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
Template=OfficeClickToRun
Template=LogitechSetPoint
DefaultBox=DefaultBox
EnableWin32kHooks=n
NetworkEnableWFP=y
SandboxieLogon=y

[UserSettings_11E40282]
SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=y
SbieCtrl_RecoverTarget=C:\Users\Alex\Desktop
BoxDisplayOrder=AIMP,DefaultBox,Firefox,FoxitReader
BoxGrouping=:AIMP,DefaultBox,Firefox,FoxitReader

[AIMP]
Enabled=y
AutoRecover=n
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,off,2
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
CopyLimitKb=81920
DropAdminRights=y
FakeAdminRights=y
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ReadFilePath=C:\ProgramData\WindSolutions
ReadFilePath=C:\Windows\System32\catroot2
ReadFilePath=C:\ProgramData\Microsoft\Windows\WER
ReadFilePath=C:\Users\Alex\AppData\LocalLow\Intel
ReadFilePath=C:\Users\Alex\AppData\LocalLow\Microsoft
ReadFilePath=C:\Users\Alex\AppData\Local\CrashDumps
ReadFilePath=C:\Users\Alex\AppData\Local\D3DSCache
ReadFilePath=C:\Users\Alex\AppData\Local\Microsoft\Internet Explorer
ReadFilePath=C:\Users\Alex\AppData\Local\Microsoft\Windows\1031
ReadFilePath=C:\Users\Alex\AppData\Local\Microsoft\Windows\Explorer
ReadFilePath=C:\Users\Alex\AppData\Local\Microsoft\Windows\INetCache
ReadFilePath=C:\Users\Alex\AppData\Roaming\Microsoft\Crypto
ReadFilePath=C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer
ReadFilePath=C:\Users\Alex\AppData\Roaming\Microsoft\Windows
ClosedIpcPath=<StartRunAccess>,*
NotifyInternetAccessDenied=n
ProcessGroup=<StartRunAccess>,wmplayer.exe,winword.exe,thunderbird.exe,powerpnt.exe,notepad.exe,msedge.exe,FoxitPDFReader.exe,firefox.exe,explorer.exe,excelcnv.exe,excel.exe
AllowNetworkAccess=<BlockNetAccess>,n

[offhub]

Does the apps open correctly after adding the NoRestartOnPAC=y setting to the sandbox configuration?

Important

This setting is going to be changed to NoRestartOnPCA=y starting from version 1.11.4 / 5.66.4.

[AlexLohrer]

Thanks a lot @offhub! 👍😃 That solved the problem for all affected apps.
I saw that there's another issue where you proposed this setting as workaround (#3198). As reported in those issue, I'm using Win11 with Intel graphics as well, so maybe there's a connection between the issues.

[e-t-l]

I have added NoRestartOnPCA=y and restarted the sandbox, but it still does this. My specific use case is using sandboxed Firefox to launch unsandboxed Explorer. I have NoRestartOnPCA in Firefox's sandbox, but Explorer still opens in the background, with its toolbar icon flashing. Is there anything else I can try?
(I'm using Sandboxie-Plus v1.12.6 on Windows 11)

[offhub]

@e-t-l
The situation you describe may be related to the Breakout feature. It would be better to open a new feature request for this.

[e-t-l]

The situation you describe may be related to the Breakout feature

Ah ok I thought it was the same issue as the one described. I can do that.

Btw, what makes you say "feature request" rather than "bug report"? Is the behavior I described (i.e. breakout programs launching in the background, with a flashing taskbar icon) the normal/expected behavior?

[offhub]

After this change, Breakout processes open in the background when they are run. This could be a limitation in the way processes are launched, a feature that wasn't added, or a bug in the code.

reworked breakout mechanism to be service based and not allowing the parent process to access the broken out child process

[e-t-l]

Good to know, thanks. If it's a limitation, I think devs have enough real stuff they're working on, so I'm not going to both opening a FR right now.

I did make a short script using AutoHotKey that solves the problem nicely, for anyone else who was getting bugged by the breakout process behavior. (AHK can even be installed in the sandbox to make it safer.) See #3653