Sandboxie Acquired by Invincea

Yep, discrete sandbox's + sandbox'd shortcuts for FF32&64 in taskbar works. And mouse hover taskbar Icon shows sandbox name. Good exercise.
Thanks!

 

I am glad, Bj. I think this feature (sandboxed shortcuts) is a gift from Tzuk to free version users and one of the best features that comes with Sandboxie. There are so many things that we can do with it, like we are doing now here for you. We just came up with a new way for using it. I use sandboxed shortcuts for three sandboxes in the XP and for one in my W7. Unfortunately, most users dont realize the usefullness of using sandboxed shortcuts.

Bo

 

I've only tested this on a Windows 7 VM with Office 2013 x86 but it might work with 2010 as well if the keys are similar. It should also work for 2016 as I know the reg keys for that one are the same.

It's essentially a rather long automated way to retrieve the original keys and replace /dde with "%1" then reinsert the keys and delete the ddeexec key entirely. The Command string seems to be different for each install so exporting a fixed reg entry wouldn't work for other people's computers.

Copy the code below into a bat file [txt file then rename to bat] and run it as an administrator.

Code:

@echo off
reg.exe export "HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open" %~dp0Export8.reg
cmd /a /c type %~dp0Export8.reg > %~dp0Export8A.reg
reg.exe export "HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open" %~dp0Export12.reg
cmd /a /c type %~dp0Export12.reg > %~dp0Export12A.reg

set "ExcelVariable= \"%%1\""

set "Original8=2F,00,64,00,64,00,65"
set "Fix8=22,00,25,00,31,00,22"
set "source=%~dp0Export8A.reg"
set "target=%~dp0Fix8.reg"
setlocal enableDelayedExpansion
(
  for /F "tokens=1* delims=:" %%a in ('findstr /N "^" %source%') do (
  set "line=%%b"
  if defined line set "line=!line:%Original8%=%Fix8%!"
  echo(!line!
  )
) > %target%
endlocal

set "DDE8= /dde"
set "F8=%ExcelVariable%"
set "source=%~dp0Fix8.reg"
set "target=%~dp0Fix8B.reg"
setlocal enableDelayedExpansion
(
  for /F "tokens=1* delims=:" %%a in ('findstr /N "^" %source%') do (
  set "line=%%b"
  if defined line set "line=!line:%DDE8%=%F8%!"
  echo(!line!
  )
) > %target%
endlocal

set "Original12=2F,00,64,00,64,00,65"
set "Fix12=22,00,25,00,31,00,22"
set "source=%~dp0Export12A.reg"
set "target=%~dp0Fix12.reg"
setlocal enableDelayedExpansion
(
  for /F "tokens=1* delims=:" %%a in ('findstr /N "^" %source%') do (
  set "line=%%b"
  if defined line set "line=!line:%Original12%=%Fix12%!"
  echo(!line!
  )
) > %target%
endlocal

set "DDE12= /dde"
set "F12=%ExcelVariable%"
set "source=%~dp0Fix12.reg"
set "target=%~dp0Fix12B.reg"
setlocal enableDelayedExpansion
(
  for /F "tokens=1* delims=:" %%a in ('findstr /N "^" %source%') do (
  set "line=%%b"
  if defined line set "line=!line:%DDE12%=%F12%!"
  echo(!line!
  )
) > %target%
endlocal
regedit /s "%~dp0Fix8B.reg"
regedit /s "%~dp0Fix12B.reg"
del %~dp0Export8A.reg
del %~dp0Export12A.reg
del %~dp0Fix8.reg
del %~dp0Fix12.reg
del %~dp0Fix8B.reg
del %~dp0Fix12B.reg
REG DELETE HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\ddeexec /f
REG DELETE HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\ddeexec /f

You should only need to run it once, but if you happen to run it more, be sure not to overwrite the original backups, eg Export*.reg that will remain behind when the script is done the first time. So if prompted to overwrite, just hit n

 

I am running a special sandbox for banking which is closed and deleted after each use. My browsers are set up to open by default in my standard sandbox. My standard browser is chrome and I usually have a number of tabs open. One of these is a site providing a chart of foreign exchange prices here
http://www.investing.com/charts/real-time-forex-charts
In chrome adobe flash player is disabled by default but can be allowed by right clicking. If I do that, does that only allow this plugin for this site or any site within this chrome session. In other words, if I got to a different website in a different tab in the same sandbox will that site have permission to run flash automatically? Would it be safer to have a special sandbox for running adobe flash? How well is any potential threat contained between different sandboxes running at the same time?

 

Thank you. This is a nice and I guess definitive solution for a long time issue with Excel forced in SBIE.

 

beethoven, if you are going to relay in Sandboxie when doing banking/sensitive browsing, stop all activities in all sandboxes, then run the browser for banking, always do it in a fresh browsing session. Do the banking, and get out and delete the sandbox. Dont mix, sensitive and regular browsing all at once

I wouldn't worry about flash but do what I suggested above and try installing as few addons as possible. And only install the ones that are well known. Make your banking sandbox a highly restricted sandbox, were perhaps only the browser is allowed to run and have intenet access. Be aware, if you have installed and infected addon, it can hijack the browser and use it to phone home. Read the link below (Defending against keylogger).
http://www.sandboxie.com/index.php?DetectingKeyLoggers#defend

Bo

 

Thanks Bo - I don't actually use any addons apart from uBlockOrigin but in Chrome rely on the native flash. Now while I can understand the sensitivity of banking credentials and that's why I have a specific sandbox just for this purpose, always emptied after the session, I am still unsure whether I need to isolate the flash aspect from the website in question ( just as an example). Based on the link above, I suppose it might prevent some message key loggers. Allowing the plug in on this page while running other tabs in the same sandbox with some of these requiring log-ins would still be a risk? However if I understand you correctly, would the risk be the same if I ran flash in sandbox A while having other sites open in sandbox B? I thought the whole idea was isolating various environments. How much of that risk is theoretical ?

 

When doing sensitive browsing, you really don't have to worry about flash as long as you stop all activities in all sandboxes before doing it, do the banking or purchases in a fresh browsing session, when you open the browser, go straight to the banking site and when you finish, close the browser and delete the sandbox. This works as long as your computer is not infected. Your system has to be clean to begin with. Afterward, you can go back to regular browsing. When I read your posts, it sounds like you mix sensitive and regular browsing. Dont do that.

Yes, I read about the tab that you posted the link, personally, I dont like it. Like I wrote above, the perfect way for sensitive browsing is to open the sandboxed browser, go straight to the banking site, and when you finish, you get out and delete the sandbox. To eliminate the need of using anti key loggers, etc, your system has to be clean and follow this simple procedure.

For regular browsing. You can have flash in any and all sandboxes at the same time. No need to worry about nothing.

Bo

 

New beta 5.11.6 has been released, it includes improvements for Office ClickToRun,

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=57&t=22660#p119291

Bo

 

Salutations/Greetings!!!

Install this evening, appreciate the information on the update!
Working well!

 

Same here, 5.11.6 is looking pretty.

Bo

 

Is there a way to hide this message? I click hide but it keeps popping up seems like every 30 min or so

 

Make sure Sandboxie.ini has these two lines under [UserSettings_nnnnnnnn]:

Code:

SbieCtrl_HideMessage=2219,SandboxieDcomLaunch.exe
SbieCtrl_HideMessage=2220,SandboxieDcomLaunch.exe

Maybe this one too:

Code:

SbieCtrl_HideMessage=2214,bits

 

I notice in the latest version
Changes in 5.11.6
'2) Sandboxie now automatically restarts MS Office ClickToRun service during installs/upgrades.'

Could a member that is conversant with this aspect of Sandboxie explain this to me, as I don't like to have settings changed automatically. How is it different from the previous versions?
I don't know much about it, it's just a slight concern.

 

It only shows SbieCtrl_HideMessage=2220,SandboxieDcomLaunch.exe [Chrome] so I should just paste the other 2 under it?

 

Yes. Hope it stops nagging you again

 

I'll try it. thanks

 

In previous versions (from 3.14) you had to manually restart the ClickToRun service after install/upgrade to allow SBIE to sandbox C2R versions of office. Craig from Invincea advises 'This will restart the C2R service with the required SBIE injections'. From this build this will happen automatically.

Hope that helps.

Cheers

 

Yup, basically during the 'install/upgrade' phase of sandboxie it will preform this task automatically (if the involved click2run service is found on the system) instead of requiring the user to do it manually. I imagine that either way a reboot would solve the injection requirement but haven't tested that theory myself as I avoid office in general these days.

 

Thanks syrix and Elwa. I don't use Office but it was just the restarting service automatically aspect that caught my eye in the Sandboxie changes notes.

 

I tried it but i'm still getting this message

 

Now press "Hide" and see what happens...

 

The next time it alerts me i'll do that again.

 

Afterwards please post how that lines looks like in Sandboxie.ini.