Sandboxie-Plus v1.11.2

Took me a day or two to get around to trying these settings and it worked. You're a master at what you do and I do thank you again for posting exactly what I needed to get everything working. I did turn on 'Issue message 1318/1317 when a host process tries to access a sandboxed process/the box root' and noticed a lot more host processes that each of my main programs (Firefox, Thunderbird and Microsoft Edge) needed. I'm assuming I also add these as well? So the additions would be:

DenyHostAccess=svchost.exe,n

DenyHostAccess=ctfmon.exe,n

DenyHostAccess=lsass.exe,n (Local Security Authority Sybsystem Service)

DenyHostAccess=MicroSoftEdgeUpdate.exe,n

DenyHostAccess=logioptionsplus_agent.exe,n (I have a Logitec mouse and the software running)

 

@DjKilla

If the sandboxed programs are working properly, no need to add any other settings. Maybe you can add lsass.exe and svchost.exe, it's up to you.

Also, you don't have to allow every program that is reported. The aim is to create a more isolated sandbox by restricting access from the outside.

 

Perfect answer! So the goal is to have the bare minimum of what's needed for the program to work lessening the attack vector. I'll have to audit my 'Start Restrictions' to see if there's some additional helper programs that's not needed also. Thanks again for your help!

 

My guess: "Change Password" will become accessible after you enable encryption (other stuff will get grayed out).

 

Yes, that works in sbox that's not Disk root: \Device\ImDisk
I have a sbox with Disk root: \Device\ImDisk2. UseFileImage=n Sandbox is empty.

Spoiler: related pic

Edit: ran Maintenance - Stop All to clear Disk root:

Spoiler: related pic

 

I'm not sure I understand. Do you have an encrypted box whose filerootpath is on a ramdisk?

 

I did. That's the sbox that had grayed Change Password. "Encrypt sandbox content" did not un-gray Change Password. I had to free the sbox from ramdisk thru Global Settings > Edit Sandboxie.ini > [Chrome] > UseFileImage=n
On my entry level machine (8GB RAM - 128GB SSD) the encryption &or ramdisk mounting feels finnicky. Note the Chrome sbox black pizza. 2GB displays but, image is not mounted. And Mount Box Image rendered Error. And "Maintenance" did not help.

Spoiler: related pics

 

It is likely that you have received "0x0000065b" error because the size of the image file is larger than the size of the ram disk.

 

My [Chrome] sbox was empty. I was using Box Protection with Encrypt sandbox content.
Edit:

Spoiler: pic

 

Just to clarify this optionis available without the encryption pack only to old certificates, new once need the encryption pack for this feature.

 

Ok. So to super clarify, I'm using this feature by accident? I don't have access to the encryption because I don't have the Upgrade Encryption Pack certificate. I went searching again everywhere for more info on this 'Box Protection' but can't find any additional info. Here's what I found:

Sandboxie Feature Comparison Old (No mention of Box Protection)
https://sandboxie-plus.com/feature-comparison-old/

Sandboxie Feature Comparison New (No mention of Box Protection or Upgrade Encryption Pack)
https://sandboxie-plus.com/feature-comparison/

So I looked at the description details on the Upgrade Encryption Pack and it ONLY mentions this pack is for adding ONLY encryption.
https://xanasoft.com/product/sandboxie-plus-advanced-upgrade/

Then I looked at Sandboxie Features but no mention of 'Box Protection'.
https://sandboxie-plus.com/plus-features/

I'm using it now but don't have access to the encryption settings because I don't have the Upgrade Encryption Pack. So is this a mistake/accident? Or you'll be moving 'Box Protection' into the Upgrade Encryption Pack which you'll have to pay extra to get it in the near future? From my understanding, I see two different features. Box Protection and Encryption (requires additional purchase). So you're combining the two and will have to buy the Encryption Pack to get both in the future?

Sorry for the confusion. This 'Box Protection' is available to me now and works but there's no additional message to indicate that it needs or will be only available with the purchase of the Upgrade Encryption Pack now or in the future. There should be some kind of message, tool-tip, "Golden Bullet" indicator permanently visible even if you purchase a Subscription or Personal certificate. Or make the feature unavailable like the encryption settings. More features, more confusion. I know you have a lot more coming and hopefully someone will create a manual or guide. You did mention that the Encryption Pack is more for the business side but available to regular home users. I'm noticing the more features you add the more complicated and the more space you need. I'm seeing tabs moved into other tabs and settings being combined with other settings. In another two years, Sandboxie is going to be a beast. Love the protection but it's becoming a little much (bloated). Perhaps there should be a business side version for over the top protection and a home version of only what you need protection that's necessary. This will give the user a choice of what to buy to meet their needs without cramming more and more features/settings into one version. Just a thought. Anyway, I appreciate all the work you do as usual, I'm just trying to keep up with it all.

 

I have a "personal" certificate expiring in Nov 2023 and Box Protection
does indeed work with it without the enhanced "encryption pack"
How old does an "old" certificate have to be for this? I don't know
EDIT: With the Encryption Pack, I can also use the encryption feature.

 

If its one with -SMALL, -MEDIUM, type sufix it allows to use Box Protection, and -LARGE allows to use Box Protection and Encryption

If you have an old certificate all will work as described until it expires, if you get a new cert to use Box Protection and/or Encryption you will need the encryption pack.

 

Yes, it is -MEDIUM, and I did buy and apply the encryption pack

 

Ok, So you will have to pay for it in the future by getting the Upgrade Encryption Pack. I'll probably just stop using the feature now and investing time into it since it will disappear when I buy a new Personal certificate. My threat level doesn't need the Upgrade Encryption Pack plus it will save on costs.

 

Looks like the sparse attribute is not assigned to the .box file. Bug?

>fsutil sparse queryflag New_Box.box
This file is NOT set as sparse

 

My CryptorBox.box file is also NOT set as sparse as per the fsutil command.

 

Or you save even more on costs and keep "BoxProtection" working as it is without the need for an additional advanced-uügrade-pack.

Now, how would that be possible? Well, stop upgrading to the latest verson. Look for the most stable one within the validity of your current certificate and keep using that with all benefits like - ?forever? - without running into danger of introducing new bugs or incompatibilities with a new and possibly experimental release of Sandboxie?

 

Do I need to [GlobalSettings] Enable Ram Disk creation before I enable [Edge] Store the sandbox content in a Ram Disk?

 

Well, the problem is I bought the old Personal Small (Subscription) certificate this time which means all the extra features will expire when the certificate expires. Next time I'll get the new Personal certificate where the extra features won't expire when the certificate expires. My bad!

 

Sort of skimmed thru here and didn't see anything about this (could have missed it) but had to go back to 1.11.1 from .2. Was having problems adding and deleting bookmarks viz the bookmark toolbar on Firefox 117.0.1. Windows 10 latest.

Un-sandboxed and the 1.11.1 build seem to work fine for the meantime. Edit: double-checked in box options and the access to the Firefox bookmarks is permitted.

Edit: 9/17/2023--started happening here too. Hmmm, I can add and delete bookmarks un-sandboxed only. Will wait for update to Firefox itself, hopefully that does something.

 

yea ram disk creation must be enabled globally

 

With Sandboxie-Plus version 1.11.2 i discovered on my Windows 7 (64 Bit, german version), that i can't use the startmenu like with the versions before (on v1.10.5 the problem does not appear). With the right mouse i click on my sandbox, then in the context menu i select "Run / Run from start menu / (Host) Start menu". Now in the upper left area of my Desktop the usual menu appears, where i go to "Programs". With v1.11.2 there is only a menu to open the folder (which does not work, it says the path does not exists). With v1.10.5 and before i also go to "Programs", and here i have the menu entries of my programs, which were installed into the sandbox before.

Here an example with screenshots from v1.10.5:
https://abload.de/img/sbie_1i8iwd.png

https://abload.de/img/sbie_24rc0i.png

The 2 entries "Abbyy Finereader 10" and "Calibre" are not there, when i do this with v1.11.2.


Here the screenshots with v1.11.2:
https://abload.de/img/sbie_3abyd68.png

https://abload.de/img/sbie_3ba8d4k.png

In my Explorer this path is a little bit different from the error message from above (it is "programs" and not "programme" at the end):
https://abload.de/img/sbie_3cknepx.png
So probably this is also the problem, why v1.11.2 can't display the menu entries like in the versions before?

 

Another problem with v1.11.2 is, that in the Box-options the border-color isn't shown like before - only a small vertical line shows the color. This problem also was there in v1.10.5. With version 1.9.8 it was ok.