Sandboxie Plus (Sbie fork)

This thread, which I have not read completely, mentions fixes for security vulnerabilities.

Were these vulnerabilities inherited from Sandboxie 5.33.6 or were they introduced during subsequent development?

I ask because I am using v5.33.6...

 

They were inherited from Sandboxie 5.33.6 and found by diversenok and reported to sophos but they never fixed them, so I had to.

 

Using 5.42 x64 I am seeing an XULRunner error message from time to time with Firefox



but if I delete the sandbox and restart it goes away. Running with drop-rights. Difficult for me to test eg with drop-rights as it's intermittent.

I'm using Firefox v78.01 but now see that 78.02 is available so will try that.

 

The sandboxed Firefox auto-updates to version 78.0.2. Update first Firefox unsandboxed to version 78.0.2.

 

Thank you very much for your reply. Just for my better understanding:

• Will security vulnerabilities affecting Sandboxie's core program need to be reported (hopefully not publicly) to you and Sandboxie Technologies in the future, or will there be an exchange of information?
• Can Sandboxie Plus be installed and used in parallel with Sandboxie 5.33.6, or will this lead to conflicts in operation?

 

There should be an exchange of information's

SandboxiePlus 0.3 needs Sandboxie driver/service 0.41.2 or later.

 

Still can't get 5.41 or 5.42 to work on my Lenovo laptop with Windows 10 v2004. Just get a flashing exclamation mark (!) in the taskbar icon. Revert to 5.33.6 and all is well.

Anyone any suggestion to get 5.4x to work please?

 

I don't allow auto-updates, and the sandboxed and non-sandboxed versions were on 78.0.1. I've updated to 78.0.2 and will see if reappears in the future.

 

Whitelist "SbieDrv.sys" in your antivirus/security solution.

 

I have done so already in AVG - C:\Program Files\Utils\Sandboxie\SbieDrv.sys in my setup.
Works perfectly well on my desktop PC under1909.

 

The next build with have global settings and graphical sandbox options.
The layout of the sandbox options is inspired by SbieCtrl's old one but greatly improves with regard to usability.

Currently every site tab harbors only one page without sub pages, but as you can see its already quite a few.

So I thought about putting Program: Groups, Forced, Stop, Start pages as sub tabs of a programs site tab?
What do you think?
That would give more vertical space for more tabs but would break browsing through all settings with ctrl+tab.
I mean, I can make the side tabs less height also but I feal like on the long run that wont be enough, as of now they are 1.5 of what thay could be.

Also I'm looking into reworking the network access restrictions mechanism and probably the mechanism to not allow programs to start, but not or the next build.

 

Hi David, I am a looong year user of Sandboxie, however it is not the usual people use it for. I put my games in there. As it is an abstraction layer like VM but with full performance. The advantage is, the Game setups, don't mess with your system, a huge plus. In newer times it is mainly DRM free, where you don't have such a mess, however the games and saves, survive any system change, as long as Sandboxie exists. You just install SBIE new and it works. Kind of a Docker, all in one box folder
So far with Win 7 there wasn't a single issue. However in Win 10, it seems, special Unity games have issues. They start, show the splash screens, then stop and linger sleeping. This seems due to the SandboxieRpcSs.exe, called from SandboxieDcomLaunch.exe. If you check wait chains, you see that the game exe, is OK, using the RPC one, which is waiting for a thread. This is true for all Unity games I have, like Pilgrims, Desperados 3, The Pedestrian,..., others work fine.
All Unity ones show the same picture: program starts, loads the two SBIEs and often the UnityCrashHandler32.exe, then stops and plays not responding. If then you terminate SandboxieRpvSs.exe, which also kills the DcomLaunch, the game proceeds and works normal. One of the newer Games called BIPED, nice coop game, also Unity, has another issue after, it has no sound. Running outside the box all is fine. First game with such issues.
Another game, not unity is Noita, an early access game, simply crashes, once you want to start a mission. No real error message.
For me it looks like Win 10 changed some process handling, which brings those effects.
Other more complex games work fine, Dishonored 1 and 2 for example, no issue whatsoever.
I've tried all versions, pre last official, last one, and the last two versions from you. Same result for all. Maybe this is something you are able to look into or you have an idea reading it.
I also wonder that the programs work once the SBIE helpers are killed.
Is the sandbox still working properly once they are stopped. It looks like the restrictions stay. Don't they even use the functions of the modules!?
Documentation of Sandboxie was always quite scarce, so the net is not helping much.
On a side note, one other issue was always GOG Galaxy client, which just doesn't want to work well. It runs, but after some minutes it closes the connection with "server connection lost error" and the program is ending. (Same beheviour in Win 7 and 10). This was known in the old forum, but they clamed with force folder it would work, which, you guess it, it didn't.

I hope that your improvments will help with that at one time. Keep up the work. The PLUS manager looks pretty promising. The interface was always tricky, with around 80 boxes.

 

Additional info, which I just experienced, while trying another program, Bad North, of course Unity too. Then I was again trying to read about waitchains, while having the program lingering. Suddenly it was just going ahead. So this means if you are patient and wait I guess some 2+ minutes, the SBIE prog gets it's thread or whatever is working and all is works normal. Of course usualy you don't wait for a hanging program that long. Well, sometimes you do Maybe this helps.

 

I don't play much games and if I do that only without DRM...
anyhow...
would assassins creed unity have this issue? they were giving it away for free when the chapel in france burned down, and if its free then why not, i.e. i should have a copy with DRM of it some-ware...

 

Been busy, but thought I would try this again. Deleted content in default box. Completely uninstalled 533.3 and rebooted. Installed 5.42, same issue would not find default browser. Here is the error code I saved to the clipboard:

SBIE2101 Object name not found: \Sessions\1\BaseNamedObjects\ISWWH_BEACON@1264@EFR-controller, error CreateEvent (C0000022) access=001F0003 initialized=1

 

Can you get someone to fix the spelling errors in the GUI? (I can see 4 in this single screenshot)

 

Spelling errors are kind of my trademark,
but feel free to correct them and submit a git hub pul request for the over next build

 

"Behavior"
"Configure which processes can access certain resources" *
"... to processes installed ..."

*
"Bestimmen Sie, welche Prozesse auf bestimmte Ressourcen zugreifen können"

not "what resources" from my understanding - should be "certain resources" (see german translation)

for the record. i would prefer this one in sandboxie control:
not "Sandbox: DefaultBox" i know its a sandbox, not only because of the symbol in front, just "DefaultBox"

 

As said, I don't like DRM at all, that is why I said, for some years it is GOG only. All is working well, sadly Assasins Creed might still be free but is a pile of, not sure, was it Denuvo, Ubisoft or something which would prevent me to even come near it, or was it the UPLAY maybe? So yes, definitive waiting for Cyberpunk 2077 CodeRed, DRM free.

As I confirmed already, if you wait 4 min, all works fine. Beats me to be honest and I think with Biped I can say that the kicked service to make it work brings the loss of sound. If you wait 4 min and all goes ahead, sound is there and all works fine.
Just wondered if any of it makes sense.
Also this connection drop for the GOG Galaxy client. No indication what it is, it just bugs.
Well, if it helps to make Sandboxie more stable, even for such weird usage, like I use it for, I am happy. The program definitive is cool. Much less stress with stupid programs breaking the OS.
Keep it going...

 

Ah ok so i just need some not to old game from this list: https://en.wikipedia.org/wiki/List_of_Unity_games#2016
I might like and should be able to reproduce the issue?
... great i happen to have a copy of "Deus Ex: The Fall" on disk
I'll test it if I don't forget it

 

Ok, soo.... "Deus Ex: The Fall" seams to work just fine just that it open in a window and not firescreen, imho it would normally open in a borderless window and sbie blocks that.
So the gamy may be to old.

About killing the helper processes, when needed they actually should be restarted, and no them getting shut down wont compromise the security afaik.

about the gog galaxy client i will have to install it and look into it.

 

i remember gog client running fine in sandboxie - i did not install for real on windows 10. v1 and v2. but i did not start a game with it because i dont like the client - just another customized browser (QT* based)

(*not chromium)

 

I experienced this whole things when I was still on the old hardware with Win 7, Win10 and multiple Linux distros multi boot. So I could see that in Win 7 all went OK, but in 10 it got stuck and as I said, only now I saw it just is a biiiiiit delayed, but then works flawless. Now I am stuck with Win10 due to the new stuff and Manjaro.
The Unity games I tried were newer yes, also not big AAA title. Which makes you wonder, I really think it is some stupid mechanism in Win 10, rather than a real SBIE issue. Just thought let's see and you stumble over some anomaly.
The window for Deus Ex and mhh the Fall I do not have. I think the best one was anyway the first Deus Ex, maybe it is due to recover message of SBIE message, switching it to window mode. Then ALT+Return will help to make it full screen. Or it is just the setting in the game. But if you have no delay in, could be that it is only with newer unity games. I see Overcooked 2, it doesn't have the issue. Also this unity crash cr4p is not in. Maybe it happens only on the later ones which use the newer versions.
That those don't harm the security as of your current knowledge is good to know. Interesting is, that it seems not to matter if they don't run. But I can live with it if it works, though one showed it didn't properly.

Brummelchen, or are you Ratatouille? GOG seems to run at first, but only for some minutes, as soon as you let it run a bit longer, it just stops and says it lost connection. This is independent of Win Version. Not sure if you took long before kicking it in disgust and I don't blame you. I only use it as it is more comfortable to download the packages and I usualy DL them manual. Which is more clicks in the browser. Also the manual triggered autoupdate would work. Right now it is installed normal real and I tried it even with forced folders, it will install it in the sandbox path, even the setup path is forced, but it shows as logged install outside the sandbox. Once you start the game of course all is OK.
I try one more thing, I just thought that the autoinstall DLs go in another path, just checked and seems not. Catch 22. Oh and the Client 2 is better, still not a fan of the running clients which register what and when I do But at least with GOG it is optional.

Hey I can live with all, as long as things run smooth, so I wait a bit longer. Waiting for Cyberpunk 2077 takes long too.
Hope I don't hijack the thread now too much, but who knows maybe more people look for such things it.

All in all this program is much cooler than people expect maybe, it depends what you make out of it. Searched for something like this in Linux and this is way more uncool, firejail seems to be the choice here https://firejail.wordpress.com/
Seems to be pretty cool, but lacks a nice GUI, like many things in Linux, yes I can also work in DOS rather than Windows but what for do I install a GUI then.

Sorry if I write too much, I was absent from Forums just consuming for so many years, as it can be so anyoying, but this seemed to be a nice forum to break it in again. Feels like in the old times. ROFL

 

no matter, it was just a short test for me because i prefer the web presentation. although i play gog games i prefer starting those like i ever did - with a direct link. i need to test again to verify your issue. stay tuned

btw i like the film and its story - and i like such small animals as i had ages ago a lot of them as pets - funny and clever animals, but never a rat, i would prefer a cat now. anyhow i know the reaction of cats for my mice those days "is it a game or can i eat them right now?"

for now: gog client v1* refuse startup because of issues with service in sandboxie (5.33.6, win
client v2** display same message, but starts in the box

* https://cdn.gog.com/open/galaxy/client/setup_galaxy_1.2.67.58.exe

**latest beta from here
https://www.computerbase.de/downloads/games/gog-galaxy/

v2 has communication lost and finish - ok, next try - same message, but i leave it behind in background while client is still acting on my mouse. do not kill the task!

then i got another message from SB about gog service blah open path but the client is still running and acting.

what i can see in a sniffer that client is connecting a lot to akamaiedge and deltacdn

what i also can see in sniffer

when this happens the first time the connection lost message is thrown. the service itself is no longer running (GalaxyClientService.exe)

i dont know if the first v2 beta i tried month ago had same issues, i forgot.

 

Nice go, missing authorizations mhhh, from what I see, Akamai is pretty standard for such content delivery as far as I keep track. Famous trust issue I guess to GOG, so far they didn't disappoint but well, you never know. I would wonder what user auth it would need though, as even standard it doesn't ask for elevated rights. Oh again the trust At one time we do need to trust some, or we will go crazy.
Well, seems it triggered some curiosity. If I still encounter some ideas, I will bring it up. 2.0.17 Beta at the moment, darn, didn't see it was a beta.Just tried it once again, removed normal install and put in SB, what a piece of software. If it wouldn't be easier to DL the parts, I would kick it. Maybe I do anyway.

Oh and no, don't eat them They are too cute.