Sandboxie Plus 0.7

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Feb 15, 2021.

  1. Zem

    Zem Registered Member

    Joined:
    Dec 19, 2020
    Posts:
    6
    Location:
    UK
    Just to let you know that I have updated Sandboxie-Plus to v0.7.0 and I have no issues at all using Edge to log in to https://outlook.live.com/owa/ or https://mail.yahoo.com/

    This is with no extensions to Edge Version 88.0.705.74 (Official build) (64-bit) and also a fresh Sandboxie ini file

    Therefore, maybe some are having issues with Edge extensions or Sandboxie settings.

    I hope this is helpful
     
  2. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    Perhaps like bjm you are always logged in to your accounts? Those two pages load fine, it is the next page when you are signing your credentials in that is the problem. Also, it is not an extension issue as all browsers this affects (FF, Edge and Chrome) work fine unsandboxed. Haven't checked with the plus version myself, only classic 5.48.0, however others report same issue on plus version.
     
    Last edited: Feb 21, 2021
  3. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    Thanks David, but can you please explain exactly which section of the sandbox settings this line should be added to?
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    To the box where you run the program affected,

    you can also add it to the global section then it will apply to all sandboxes
     
  5. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    It is just the default box, but I'm also unclear how and where to add the line. I'm not sure where to find the "global section" and there are a lot of sections in the window that comes up when you click on sandbox settings (accessed from sandboxie control, right clicking on default box, clicking on sandbox setting). Which section specifically in this window am I adding it to please?
     
    Last edited: Feb 21, 2021
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    So, is the test ... to be logged out of outlook and yahoo webmail while not sandboxed and then try log in to outlook and yahoo webmail while sandboxed?
    Edit: @catspyjamas as test:
    ~ outside Edge box - logged out of my outlook n' yahoo webmail accounts + cleared Edge cache.
    ~ inside Edge box - logged in to my outlook n' yahoo webmail accounts.
    Log In flow to my outlook n' yahoo webmail accounts feels the same inside Edge box.
    0.7.0 w Classic UI
     
    Last edited: Feb 21, 2021
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I think you need discrete boxes. That said....
    I think you're Classic UI.
    ~ add RpcMgmtSetComTimeout=y to Sandboxie.ini via Menu Bar > Configure > Edit Configuration
    png_9270.png
    png_9267.png png_9268.png
     
    Last edited: Feb 21, 2021
  8. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    Thanks @bjm_ I was going to sandboxie control, right clicking on default box, clicking sandbox settings, which brings up a window with a ton of sections and sub sections - nothing like in your images. Didn't know about your way to go via menu, configure, edit configuration. Thanks heaps for the screenshots and instructions, will try after work.
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Last edited: Feb 21, 2021
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK cool, very disappointing that these bugs weren't fixed by them. Especially because I get the impression that it's not a hard thing to do for skilled developers like yourself.
     
  11. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    402
    Location:
    uk
    Is this a manual entry to be added to sandboxie.ini?
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    yes
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    https://user-images.githubusercontent.com/3890945/105014988-575cb680-5a41-11eb-90d5-d942d28184b2.png

    This build fixes again a few security issues, as well as brings some new functionality and expands on the tracing features.

    If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.7.1

    ChangeLog
    Added
    • sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
    • the trace log buffer can now be adjusted with "TraceBufferPages=2560"
      -- the value denotes the count of 4k large pages to be used, here for a total of 10 MB
    • new functionality to the list finder
    • Enchanced RpcMgmtSetComTimeout handing with "UseRpcMgmtSetComTimeout=some.dll,n"
      -- this option allows to specify for each individual dll if RpcMgmtSetComTimeout should be used or not
      -- this setting takes precedence over hard coded and per process presets
      -- "UseRpcMgmtSetComTimeout=some.dll" and "UseRpcMgmtSetComTimeout=some.dll,y" are equivalent
    • Added "FakeAdminRights=y" option that makes processes in a given box think thay have admin permissions
      -- this option is recomended to be used in combination with "DropAdminRights=y" to improve securits
      -- With "FakeAdminRights=y" and "DropAdminRights=y" installers should still work
    • added RPC support for SSDP API (the Simple Service Discovery Protocol), Enable with "OpenUPnP=y"
    Changed
    • improved RPC debugging
    • improved IPC handling around RpcMgmtSetComTimeout
      -- required exceptions have been hard coded for specific calling dll's
    • the LogApi dll is now using Sbies tracing facility to logg events instead of an own pipe server
    • SbieCrypto no longer triggers message 1313
    • changed enum process API now more (no limit) than 511 proceses per box can be enumerated
    • Reorganized box settings a bit
    • Made COM tracing more verbose
    Fixed
    • FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
    • fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
    • fixed issue with resource monitor sort by timestamp
    • FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain a elevated rights handle to a process (thanks typpos)
    • FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
      -- this allowed elevated processes to change passwords, delete users and alike, to disable filtering use "OpenSamEndpoint=y"
    • FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
      -- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"
    • fixed issues with webcam access when the DevCMApi filtering is in place
    • fixed issue with free download manager for 'AppXDeploymentClient.dll' RpcMgmtSetComTimeout=y is used
    • fixed not all WinRM files were blocked by the driver, with "BlockWinRM=n" this file block can be disabled
     
  14. txhawkeye

    txhawkeye Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    27
    That fixed the problem.

    I went a little further. I replaced "RpcMgmtSetComTimeout=y" with "RpcMgmtSetComTimeout=firefox.exe,y" in the sandbox where I run Firefox and "RpcMgmtSetComTimeout=msedge.exe,y" in the sandbox where I run Edge. I did this in case other programs that can run in those sandboxes might be adversely affected by "RpcMgmtSetComTimeout=y"

    Many thanks!
     
  15. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    What was the default behavior/setting for "RpcMgmtSetComTimeout" before you started tweaking it David? Do you recall what it was for version 5.45.0 or even back with Sophos version.
     
  16. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    288
    Location:
    New Zealand
    Hi @DavidXanatos - just to let you know, I didn't end up trying your suggestion above, as by the time I'd finished work, you'd already uploaded a new build with stuff in the changelog that looked related to the above line.

    Pleased to report that the problem of freezing when trying to add microsoft acccount or yahoo credentials seems to be fixed in build 5.48.5. on all browsers. Cheers for your excellent troubleshooting and speedy fix!
     
  17. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Sophos 5.31.0 (and probably before, haven't checked) had RpcMgmtSetComTimeout=n and 5.33.6 had RpcMgmtSetComTimeout=y
     
  18. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    No problems upgrading either Plus 0.7.1 or 5.48.5 over the top.

    Thanks David.
     
  19. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Same here, no problems with 5.48.5.
     
  20. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    One small issue in the new 0.7.1 build, when changing Sandbox Options - General Options - Make applications think they are running elevated, in the new UI, the change doesn't stick into the sandboxie.ini on save/apply. When added FakeAdminRights=y manually into the ini, the change is reflected in the UI.
     
    Last edited: Feb 22, 2021
  21. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    402
    Location:
    uk
    Can't wait to give this a go :cool:
     
  22. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    402
    Location:
    uk
    Working fine now on 0.7.1 with no changes to my sandboxie.ini file :thumb:
     
  23. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Yes in the end i made the RpcMgmtSetComTimeout=y the default behavior, as that's what the users expect,
    its better to keep broken things broken and work on repairing them one by one
    than to break a lot of other things to fix things that were broken.
    The less disruption to working setups the better.

    Also with the last build you can set this not just per process but also on a per dll basis allowing to fix programs that would work we neider of the global options

    "UseRpcMgmtSetComTimeout=some.dll,n"

    For the next build I'm intending to completly rework this mechanism such that instead of having a couple of hard coded dll's and interfaces to be resolved by the driver one will be able to configure the dynamic port resolution in the ini and add additional compatibility by opening new ALPC resources
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Thanks a lot for this.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Bug: when I click the Help (question mark) button in Sandboxie-Plus Notifications window, it freezes and takes focus over any other windows on my screen.

    Edit: I had to right click and Exit Sandboxie-Plus tray icon to get rid of it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.