SBIE blocked - indepth registry help required

These forums are retired and read-only.
Forum rules
These forums are retired and read-only.
For support, please visit https://www.d7xtech.com/support/

SBIE blocked - indepth registry help required

Postby emmjay » Sat Jun 06, 2015 1:09 pm

My SBIE updates are sent to AppData as an exe file. Unfortunately whitelisting the file in CP does not allow the exec to run. C:\users\me\appdata\local\temp\sandboxieinstall\ The group policy is preventing the install.

I was running the highest level of CP protection prior to this, so it may have contributed to the problem. SBIE has always upgraded without problem in the past with the CP set to default, however I had set the protection to the highest level. I reset to default, but that did not help. I then chose to uninstall CP using the CP uninstaller but all the group policies remained in the registry. I ran regedit and located all the subtasks under 'path' and they do indeed belong to CP. I tried to delete the path, but was denied. I also tried to delete just one of the subtasks and that too was denied. I need info on how to delete all these subtasks in the registry. Tnx.

I will reinstall CP after SBIE installs the latest version. Also, need to know why the whitelist does not work in CP.
emmjay
 
Posts: 2
Joined: Sat Jun 06, 2015 12:45 pm

Re: SBIE blocked - indepth registry help required

Postby redwolfe_98 » Sat Jun 06, 2015 10:47 pm

emmjay wrote:My SBIE updates are sent to AppData as an exe file. Unfortunately whitelisting the file in CP does not allow the exec to run. C:\users\me\appdata\local\temp\sandboxieinstall\ The group policy is preventing the install

to work around the problem with not being able to update "sandboxie", instead of using the sandboxie program's updater, download the regular installer for the "sandboxie" program and run it, to update the sandboxie program..

I was running the highest level of CP protection prior to this, so it may have contributed to the problem

yep.. if you look at cryptoprevent's GUI, it clearly says that, when using the "maximum protection settings", cryptoprevent's protection may need to be temporarily disabled when installing software..

incidentally, i also recently started using the "maximum protection settings".. i am going to have to see how that works out..

I then chose to uninstall CP using the CP uninstaller but all the group policies remained in the registry

did you disable cryptoprevent's protection before uninstalling cryptoprevent? you probably should have disabled cryptoprevent's protection before uninstalling cryptoprevent..

i don't know if cryptoprevent's protection is suppose to be undone, automatically, as part of the uninstall-process, or not..

I ran regedit and located all the subtasks under 'path' and they do indeed belong to CP. I tried to delete the path, but was denied

if you are using one of the newer versions of windows, you have to run "regedit" with administrator-privileges in order to be able to delete regkeys.. did you remember to run regedit with administrator-privileges?

my advice would be to reinstall the "cryptoprevent" program, then use it to undo cryptoprevent's protection.. you might need to re-apply the protection before being able to undo the protection..

if you are using one of the newer versions of windows, remember to use administrator-privileges when installing programs, or when uninstalling programs, or when using "regedit" to delete regkeys..

for the record, i am not a long-time user of cryptoprevent.. i did start using CP around the time that it first came out, and i had it installed for several months, without any problems..

however, somewhere along the way, i quit using it, probably because i was frustrated with using the CP program's "software restricted policy editor"..

however, recently, i decided to reinstall CP.. and, yes, i was frustrated with using the "software restricted policy editor", so i uninstalled it, again.. then i reinstalled it.. then i uninstalled it.. finally, i decided to reinstall it and to leave it installed..

i did finally manage to get the CP program to do what i was trying to get it to do, which was to block all SCR files from running while still allowing my screensaver to run..

on my computer, the regkeys that are generated by CP are located at:

"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer"
win xpsp3, "windows firewall", avira antivirus pro, SSM, RegDefend
redwolfe_98
 
Posts: 4
Joined: Sat Jun 21, 2014 7:46 am
Location: South Carolina, USA

Re: SBIE blocked - indepth registry help required

Postby emmjay » Mon Jun 08, 2015 10:01 am

Thank you for such an in-depth response. Very much appreciated.

I expected the CP uninstaller to do a 'clean uninstall' and that is why I did not use Windows to uninstall CP or make any changes to CP prior to the uninstall. I also answered YES to the popup to remove all settings etc. on the uninstall.

I did download a fresh copy of the SBIE exe from their website to see if that would work but it too was blocked

Also I did open regedit with Admin Priv. I was denied delete on' Paths' as well as the individual CP subkeys

Yesterday I was directed to the website:Raymondcc where there was an excellent blog on registry editors. It was a discussion on why Admin priv, may not allow you to delete certain registry entries and there was a list of products recommended that would do the job. I chose PCHunter and it allowed me to delete the entire Paths folder. After that I clicked on SBIE and it installed. So all OK with SBIE for now.

I guess the CryptoPrevent uninstaller needs some work. It would be a good idea if the popup recommended resetting the protection layer before proceeding with the uninstall as a required step. Not too many users will venture into the registry and make changes. I too have great reservations when it comes to doing this.
emmjay
 
Posts: 2
Joined: Sat Jun 06, 2015 12:45 pm

Re: SBIE blocked - indepth registry help required

Postby redwolfe_98 » Mon Jun 08, 2015 9:40 pm

emmjay, i am glad you were able to work things out..

i ran across the same "raymond.cc" article and was going to post it for you :)

https://www.raymond.cc/blog/full-control-permission-to-delete-or-edit-restricted-windows-registry/
win xpsp3, "windows firewall", avira antivirus pro, SSM, RegDefend
redwolfe_98
 
Posts: 4
Joined: Sat Jun 21, 2014 7:46 am
Location: South Carolina, USA


Return to CryptoPrevent for Home Users