credentials dialog does not display when connecting to rdp server by mstsc.exe in encrypted box

[hbzhang3]

Describe what you noticed and did

1. install sandboxie-plus v1.15.1
2. create standard box with encryption enabled
3. run mstsc.exe in box
4. fill ip address of rdp target
5. click connect
6. username/password dialog is not displayed, CredentialUIBroker.exe ALWAYS crashes (Win11), username/password dialog is displayed but if i input wrong password, CredentialUIBroker.exe SOMETIMES crashes (Win10)

How often did you encounter it so far?

always

Expected behavior

username/password dialog is displayed in step 6

Affected program

mstsc.exe

Download link

none

Where is the program located?

The program is installed only outside the sandbox.

Did the program or any related process close unexpectedly?

Yes, it did, but I don't want to share the .dmp file(s) for privacy reasons.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie Plus 1.15.1

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

i did not try previous releases

In which sandbox type you have this problem?

In an encrypted sandbox (black sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 11 23H2

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

No security software installed

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
Template=Edge_Fix
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsRasMan

[UserSettings_0BFE0204]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
SbieCtrl_EnableAutoStart=y
BoxGrouping=:DefaultBox,New_Box,aaaaaa,1111

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10

[New_Box]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00fd00,ttl
Template=RpcPortBindingsExt
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
NoSecurityIsolation=y
UseFileImage=y
ConfidentialBox=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y

[aaaaaa]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseFileImage=y
ConfidentialBox=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y

[offhub]

Try mounting the sandbox without enabling root protection.

sbie4389rdp01.mp4

[hbzhang3]

mounting the sandbox without enabling root protection solves win11 problem, it does not solve win10 problem.
btw, adding OpenFilePath=CredentialUIBroker.exe,*\ActivationStore.dat solves win11 problem too, is it possible to fix it without configuration change?

[offhub]

For Win11, you can use ReadFilePath if you don't want to use OpenFilePath.

ReadFilePath=CredentialUIBroker.exe,*\ActivationStore.dat

Crash dump for Win10 wrong password crash:
CredentialUIBroker.exe.1224.dmp.zip

is it possible to fix it without configuration change?

I don't know... Maybe @DavidXanatos will investigate the issue causing the crash in detail when he has time. Until then, if we put this setting in the template file, there will be no need for configuration changes in the future. This setting also prevents explorer.exe from crashing with the same settings.

ReadFilePath=%ProgramData%\Microsoft\Windows\AppRepository\Packages\*\ActivationStore.dat

OR

ReadFilePath=CredentialUIBroker.exe,*\ActivationStore.dat
ReadFilePath=explorer.exe,*\ActivationStore.dat

[hbzhang3]

@offhub thank you for your updates.