Released Sandboxie Plus (Sbie fork) Versions with Signed Driver

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Dec 7, 2020.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @davi I'll try that program asap.

    about your sandboxie.ini problem move it from c:\windows to let say c:\temp while the sandboxie driver is unloaded, than start sandboxie and when it loads the driver it will recreate a sandboxie.ini in c:\windows, than open it for editing andpaste the content of the saved one, if you want.
    that should resolve the problem
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    I tried this tool and for me it starts as it should in the sandbox
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems with Sandboxie Plus 0.5.4, Microsoft Defender Smartscreen complained for the first time.
     
    Last edited: Jan 8, 2021
  4. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    That is really curious. These are the steps that I've taken (NOTE: my defaultbox is in D drive, set in globalsettings, FileRootPath=D:\Sandbox\%USER%\%SANDBOX% ):
    1. installed FMRTE.20.4.4.47-Setup.exe under defaultsandbox, when asked the for the path of install, i changed it from default to E:\FMRTE 20
    2. after install finished did not start the program, closed the setup.
    3. opened an explorer instance (UNSAndboxed) went to D:\Sandbox\Me\DefaultBox\drive\E\FMRTE 20,
    4. started FMRTE.exe , the program would ask for admin priv, and once it got them, it would start unsandboxed
    (Note that if i start any other exe from the folder above it would start sandboxed, only FMRTE.exe seems to start unsandboxed)
     
  5. Stelica

    Stelica Registered Member

    Joined:
    Nov 10, 2014
    Posts:
    71
    Location:
    Romania
    I am sorry.
    After a good period of operation sandboxie started to become unstable (icon disappears from systray menu and windows system errors in Event Viewer - SbieSvc.exe error).
    I returned to 5.45.2
     
    Last edited: Jan 8, 2021
  6. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    65
    Location:
    Spain
    Have u tried with this app?: http://www.owlotech.com/drivers/X5GamingMouse-drivers.rar

    Install inside a sandbox, go to the folder where the program is installed, double click on the main executable, enter the admin password and...

    Just like in this video: https://vimeo.com/289538880 Crazy was my non admin account and Root my admin account. I recorded that video under my non admin account.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Maybe, you experienced SBIE2203 like me here #511 and @stapp here #534
    Yes, I'm back with 0.5.3b / 5.45.2
     
    Last edited: Jan 8, 2021
  8. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    This case seems similar to the behavior i've encountered with fmrte. Note that my default user is "Me" and is used as a standard user, and i have created another user Installer that is an admin, and when a program needs to install when using the default "Me" user, it asks for the "Installer" credentials so it can get admin privileges
     
  9. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    So when this tool asks for admin rights you enter a password for the otehr account its not just an UAC for teh current user?
     
  10. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    Exactly, the current user that is used in windows by default "Me" has no rights to install programs in system drive protected folders, like program files, windows, etc... so it asks for the "Installer" password that has admin privileges. The UAC is started with the "Installer" User and asks for it's pwd because it's the only admin account enabled in windows, in case multiple admin accounts exist, it will ask also for the user name.

    It's in my habit after a new windows install, i create a new user with admin rights, named "Installer" in my case (I don't even log into it, only just create it and put it in administrators group), than after that i change the default user that windows came with, in my case "Me", from an administrator user to a standard user.
    This way windows is a little safer to use, no chance of UAC auto bypasses, and windows is safer all around, it's something like current user and sudo in linux, for important operations the os asks for root pwd when using sudo.
     
    Last edited: Jan 8, 2021
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @bjm_
    @Monica2000
    that sounds like som sort of resource leak if it only happens after a longer run time
    could you please check with a tool like Task Explorer if handles or other objects are leaking
     
  12. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    596
    Location:
    Austria
    Concerning my problems with Chrome (portable) as described in my above posts #520 and #521
    I had exactly the same issues with a new uncustomized sandbox.

    But I found out now the reason for the problems :thumb::
    In order to avoid them it is necessary to run Chrome (= the GoogleChromePortable.exe) always as an administrator. That's definitely new since Sandboxie 5.46.0.

    Is there a possibility to change this requirement? It would be a great relief because making a program to run always as an adminstrator is not so easy under Windows 10.

    EDIT:
    In the meantime I could resolve the above problems by removing completely Chrome Portable and downloading + configuring it again. It seems that the issues were caused because a few days ago I changed from Windows 32 bit to Windows 64 bit - this was the reason for various (automatical) changes in the settings of Chrome (completely independent of Sandboxie).

    After "installing" now Chrome Portable from scratch all works fine again with Sandboxie. But something is very important (as it was already in the past in connection with former versions of Sandboxie): You have to run the "installer" of Chrome Portable (= the "GoogleChromePortable_81.0.xxxx_online.paf.exe") as administrator! Otherwise there are issues with Sandboxie.
     
    Last edited: Jan 8, 2021
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Ah!!! ok i missed that will test this scenario asap
     
  14. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    413
    1. Installed Sandboxie-Plus-x64-v0.5.4
    2. Created new box
    3. Ran Chrome via context menu as sandboxed
    4. Opened Metallica video from Youtube.com.
    5. SbieSvc and SandMan/SbieCtrl crashes after awhile of playing video.
    I will send you procdump files.
     
  15. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    65
    Location:
    Spain
    @DavidXanatos I dont have time to do more testing now but It's easy to understand. When u install Windows 10 for the first time, the user created during the installation process is an ADMINISTRATOR user with full permissions. The password for that user is never asked when u try to install programs, u only have to press ok when UAC ask you for permissions to install programs. My ADMINISTRATOR username is Root (like linux). Running Windows using an ADMINISTRATOR account is not safe at all, so the first thing i do when Windows is installed is creating a normal user (Crazy in this case) with non admin permissions.

    I never log into the Root account so Sandboxie and the rest of the programs are installed using my normal user account (Crazy). When u install Sandboxie or any program in Crazy account, u have to enter the ADMINISTRATOR password wich is not the same password of the Crazy/normal user account. In that video u could see what happens when a normal user try to run a program who needs admin permissions. As they have different usernames that program will run outside the sandbox.

    EDIT: Just to add that in that video i installed the mouse program also in Root account just for testing purposes. I wanted to run that program on my normal user account but it failed. (I recorded that video on Crazy´s account)
     
  16. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    Evrica, finally i got it working again, i usually add some coments to sandboxie.ini, and yesterday i've added, this two lines of comments to my globalsettings in sandboxie.ini so i can remember what changes i've made or changes in sandboxie configs:
    ;20210107 Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system, use "RunServicesAsSystem=y" to enable the old legacy behavior
    ;RunServicesAsSystem=y

    And it seems that these lines are to blame for the UI's not beeing able to update the ini file. Once i removed the above two lines of comments both UI's started working again.
     
  17. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @davi so, I could reproduce it now, but as @Monica2000 noted its an old sandboxie bug (I tested with the current 0.5.4 and the old 0.5.0) not a new one, and it only happens when you have %USER% in your sandbox root path (something I normally don't)

    The issue is that when runas wants to start
    lets say c:\Sandbox\User\drives\c\bla\blup\some.exe as admin
    when the driver for the admin user check the paths it expects the box to be at c:\Sandbox\Admin\.....
    the location under c:\Sandbox\User\.... for processes started as admin are is just some random unsandboxed path.

    Not sure how to easily fix that, because you could set "FileRootPath=\??\%SystemDrive%\%USER%\%SANDBOX%" for example,
    than I couldn't say that whatever folder contains %USER% is to be handles as sandbox root and threaded specially.
    The only way would be to iterate through all the users on the system and check the paths for each one.


    @davi
    probably it would be enough to remove "=" from the first comment line, just a guess
     
  18. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    yes please send me the dump files
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Sorry, no idea what I'm seeing nor how to extract report.
    png_8720.png
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @bjm_ enable the column handles and see if thay are around 100-300 or steadely rising past a few 1000
     
  21. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    Ok, ty very much for all your hard work, at least i know a solution now, so to harden even further one sandbox i should use specific User in FileRootPath.
    Tried it with my custom sanbox and changed filerootpath from
    FileRootPath=E:\Sandbox\%USER%\%SANDBOX%
    to
    FileRootPath=E:\Sandbox\Me\%SANDBOX%
    And now fmrte always starts sandboxed.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, now that I'm watching. I'm not seeing SBIE2203
    png_8722.png png_8723.png
     
    Last edited: Jan 8, 2021
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    After running Sandboxie 5.46/0.5.4 a while an error occurs:

    Log name: Application
    Source: Application Error
    Date: 8-1-2021 16:02:17
    Event ID:1000
    Task Category: (100)
    Level: Error
    Keywords: Classic
    User: n/a
    Computer: ****
    Description:
    Name applicable with error: SbieSvc.exe, version: 5.46.0.0, time stamp: 0x5ff74b97
    Name of module with error: SbieSvc.exe, version: 5.46.0.0, time stamp: 0x5ff74b97
    Exception code: 0xc0000409
    Error margin: 0x00000000024ef4
    Id of process with error: 0xee0
    Start time applicable with error: 0x01d6e5cefcbd0884
    Path to application with error: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
    Path to module with error: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
    Rapport-id: 9df0ec43-f5e5-4934-af4a-9b0b1d1df608
    Full package name with error:
    Relative application ID of package with error:
     
    Last edited: Jan 8, 2021
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    I'm in. Do it please.
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    png_8718.png
    Log Name: Application
    Source: Application Error
    Date: 1/8/2021 11:09:10 AM
    Event ID: 1000
    Task Category: (100)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: DESKTOP-DELL
    Description:
    Faulting application name: SbieSvc.exe, version: 5.46.0.0, time stamp: 0x5ff74b97
    Faulting module name: SbieSvc.exe, version: 5.46.0.0, time stamp: 0x5ff74b97
    Exception code: 0xc0000409
    Fault offset: 0x0000000000024ef4
    Faulting process id: 0xe7c
    Faulting application start time: 0x01d6e5d85cd55d36
    Faulting application path: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
    Faulting module path: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
    Report Id: e6215294-e6d9-443b-b661-2d029ba5d5c7
    Faulting package full name:
    Faulting package-relative application ID:
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>100</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2021-01-08T16:09:10.4498199Z" />
    <EventRecordID>20798</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-DELL</Computer>
    <Security />
    </System>
    <EventData>
    <Data>SbieSvc.exe</Data>
    <Data>5.46.0.0</Data>
    <Data>5ff74b97</Data>
    <Data>SbieSvc.exe</Data>
    <Data>5.46.0.0</Data>
    <Data>5ff74b97</Data>
    <Data>c0000409</Data>
    <Data>0000000000024ef4</Data>
    <Data>e7c</Data>
    <Data>01d6e5d85cd55d36</Data>
    <Data>C:\Program Files\Sandboxie-Plus\SbieSvc.exe</Data>
    <Data>C:\Program Files\Sandboxie-Plus\SbieSvc.exe</Data>
    <Data>e6215294-e6d9-443b-b661-2d029ba5d5c7</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    </EventData>
    </Event>
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.