Using WinXP SP2, with registered Sandboxie 3.38.

I was playing some old-school games and came across a situation where an executable file was able to run outside the sandbox. You can access the files (SimTower) in question by clicking the red Get It button here:

http://www.abandonia.com/en/downloadgame/341

After extracting the zip, I attempted to launch setup.exe sandboxed. I tried right-clicking the file and selecting Run Sandboxed and I also tried opening Sandboxie Control, right-clicking the sandbox, selecting Run Sandboxed then Run Any Program and selecting the setup file that way. Regardless of which way I tried, Sandboxie would give me the following error:

Could not invoke program:
"C:\0000\temp\SETUP.EXE"
System Error Code:
The system cannot find the file specified.
(2)

The error dialog box was immediately covered by the splash screen of the setup program. The setup program was now running unsandboxed. While leaving the setup program open, I clicked the ok button on the Sandboxie error dialog and my tray icon went back to solid yellow. Meanwhile, the setup screen was still running unsandboxed and didn't have the [#] symbol in its title bar. Additionally, there was another error box stating "Can run only one copy of Setup at a time." I decided to continue on to see if maybe the setup program was sandboxed but just not showing it. After finishing the setup program, I had new files on my machine outside the sandbox.

I next copied the setup files directly into the sandbox. I did a quick test by double-clicking the setup.inf file and it opened up in a sandboxed notepad. I then double-clicked the setup.exe file and there were no error dialogs but the setup program was running unsandboxed. Going through the setup again left me with new files outside the sandbox.

The behavior I'm encountering is similar to what's described in this post:

http://sandboxie.com/phpbb/viewtopic.php?p=39027

but the resolution offered did not resolve my issue. I'm not looking for guidance on getting the game up and running, I'm just detailing everything so the behavior can be fixed if possible.

For anyone who tries this, here are the files that get created outside the sandbox using the default installation location:

c:\simtower\info.exe
c:\simtower\readme.wri
c:\simtower\simtower.exe
c:\simtower\simtower.hlp
c:\simtower\univbe.exe
c:\windows\system\dva.386
c:\windows\system\wavmix16.dll
c:\windows\system\wing.dll
c:\windows\system\wing32.dll
c:\windows\system\wingde.dll
c:\windows\system\wingdib.drv
c:\windows\system\wingpal.wnd
c:\windows\wavemix.ini

I couldn't reproduce the problem with the 16-bit installer last time it was reported, I don't expect I would be able to now, but I'm moving this topic here to look into it again at some point. Thanks.

My plot thickens. I decided to start from scratch and see if I could find anything new. I deleted the sandbox, rebooted and created a new fresh sandbox. From windows explorer, outside the sandbox, I right-clicked the setup.exe and selected Run Sandboxed. I got the following error:

Title bar: Can't run 16-bit Windows program
Message: Access to the specified device, path or file is denied.

The style of the dialog box leads me to believe it was generated by the setup program and not by Sandboxie. The error dialog appeared to be sandboxed according to the tray icon but the error dialog did not have the [#] symbol. After closing the error dialog, I noticed the tray icon still showed a sandboxed state. The file ntvdm.exe was lingering. I killed the process and next noticed that setup.exe was read-only. I unchecked the read-only property and again right-clicked the file and selected Run Sandboxed.

This time, the setup program launched with no errors but neither the window nor the taskbar button showed the [#] symbol. My tray icon this time showed I was sandboxed. I followed through with the setup and got the following error towards the end:

Title bar: Setup Message
Message: Unable to start DDE communication with Program Manager.

Again, this appeared to be a setup error dialog, not a Sandboxie dialog. I'm guessing that error came up while setup was trying to create the program group but it was running through Sandboxie instead of the windows shell. Please set me straight if I'm wrong. The DDE error dialog gave me Abort, Retry and Ignore buttons. Retry and Ignore just repeated the error dialog so the only option was to abort. There was another error related to the setup program not being able to display a non-existent program group and getting to the end, I was told setup failed. Meanwhile, Sandboxie performed flawlessly. All the files were created in the sandbox and the game operates just fine with only ntvdm.exe lingering after you exit the game.

What's weird was when I was playing around with the read-only property. In the beginning, when it was read-only, I always got the access denied error. After playing around with this for some time, the read-only property had no effect and regardless of the setup file being read-only or not, I was able to successfully launch the program. After some more testing, I think I found how to replicate the issue.

If you start with a fresh empty sandbox and turn read-only off on setup.exe, everything launches fine. If you start with a fresh empty sandbox and have setup.exe set to read-only, the sandbox gets created and some windows system files are copied into it, but not setup.exe, and you get the error.

Now manually copy setup.exe into the sandbox at the same location you've been trying to launch it from. Leave this manually copied setup.exe as read-only. Launch setup.exe from the original location outside the sandbox and you should still get the error. Next remove the read-only flag from the manually copied setup.exe in the sandbox but leave the original setup.exe as read-only. Now when you launch the setup.exe that is outside the sandbox, it should fire off normally with no errors.

Interestingly enough, I can no longer reproduce my original error. I tried running setup.exe sandboxed and the cancelling the installation. That would leave ntvdm.exe lingering. I then tried running setup.exe again and I got the same two dialogs from my original post, but this time, Sandboxie still had control and all the files were properly created in the sandbox.

Just a comment ...
I never saw anything running outside of the sandbox when I tried the program.
Initially, I got the same error message, about not being able to run a 16 bit Windows program.
I was able to identify some Sandbox exclusions, that let me nearly complete the installation in a sandbox.
I say nearly, because the installer always bombed out at the end, when it couldn't create Program Group entries.

So, although I didn't complete an install, my main concern was to check if anything ever ran unsandboxed - and it didn't.
I think I was using Sandboxie 3.39.18, at the time.

I can confirm this happens on version 3.40. I am running WinXP, and executing an InstallShield 16-bit installer.

Actually there was some registry setting/tweak to run Explorer process and 16-bit apps separately 'to increase stability in cost of memory'. As far as I remember it was XP Pro feature...

On the other hand I don't get why you guys run dos-apps under NT5+ ?
There's DosBox emulator which really likes SandBoxIE))