Could this be the one SIW is seeing, or are neither of these showing up in Task Manager?
I had specifically killed the service before running SIW, so neither are currently showing up in Task Manager (or ProcessExplorer). However, the error doesn't directly say "sandboxie", but rather says "A virtual machine (like SANDBOX) is running". I wonder if it could be referring to something else? I have no other VMs intentionally running or even installed at this time.
A virtual machine makes more sense. That will be Windows "Volume Shadow Service", Shadowservice.exe, which is used in the making of Backups or Disk Images of your system. It can make Backups of your system without everything having to be shut down.
Windows Backup uses it as do third party applications like Macrium Reflect.
What Is Volume Shadow Copy Service?:
No file with that name is running, directly or as svchost.
Might it run with a different name? I never noticed this error when running SIW before, but 2008-12-16 is a new version.
Are you guys getting this error as well? If it is a default service I would expect so.
Hmmm... I don't get it when I run an earlier version.
Damn, you've got me then. Offhand I don't know of another service or process apart from the Apps we know about, that would be designated as a Virtual Machine.
Could it be running under a different name? I don't know, sorry, but I'll have a poke around, and in the meantime minds infinitely greater than mine may be watching this thread with envious eyes, and slowly but surely they're making plans to post an answer.
(Who said that, or something very similar? And I haven't touched a drop)
After poking around, I think your Virtual Machine could be another "Volume Shadow Copy" process used in backing up without shutting everything down.... "vssvc.exe".
That service is set to manual, and is currently not running.
Is anyone else getting this error in SIW? It does seem to be something new with this version.
You've got me.
Running the same version, and I don't get that message, although I have seen it before. Maybe a screenshot of your Task Manager.
I'd be a lot more comfortable if I knew what was causing the error. Is there another forum you are aware of where the authors answer questions? I can't be the only user experiencing this...
I sent the author an email.
Apparently, there used to be a small SIW forum, but it isn't around anymore. You could try contacting the SIW people.
There's a "Contact Us" button under the "About" menu button.
From the author...
The message is too generic. I will change it to "A sandbox was detected!"
http://en.wikipedia.org/wiki/Sandbox_(software_development)
SIW checks if some Kernel's functions are intercepted by other processes.
The warning is generated if, for example, the CreateProcess function
(http://msdn.microsoft.com/en-us/library/ms682425.aspx ) is not pointing to
kernel32.dll
-----------------------
He thinks it's probably the unloaded SandBoxie.
Thanks for your help.