Sandboxie Plus (Sbie fork)

NEW PROBLEM with Windows Defender -- HELP NEEDED!

David (or Anyone) -- I've been running your Sandboxie Plus 5.42.1 happily (mostly) under Windows 10 Pro (still 1909) for a few weeks, after once telling Windows Defender to ignore SbieDrv.sys, until today. Now I've had an anti-virus alert about the same driver that I can't seem to dismiss:

I suppose this might have been caused by the latest "Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware" (KB2267602 vs. 1.323.392.0) that was pushed to my machine yesterday. There was also an update to the "Antivirus antimalware platform" the day before...

If I don't find a solution soon, I guess I'll have to revert to Sandboxie 5.33.6, since I can't afford to run a browser -- certainly not Chrome! -- without Sandboxie for long.

Suggestions? -- jclarkw

 

Well, maybe this is OK now. What eventually worked (after several restarts and fiddling with Windows Defender in and outside of an administrator account had failed) was to manually start the "Sandboxie Service" under Services. Not sure how long this "solution" will last...

It would be really nice to get a legitimate signature for this driver (assuming that's what Windows Defender is upset about) to avoid these kinds of recurring problems! -- jclarkw

 

You should be able to define paths where not to scan try allowing the entire sandboxie folder.

 

Yes it would, I got enough donations for a year worth of certificate by now (421€), and was looking into obtaining one but the CA's I talked to said they don't issue EV certificates to natural persons only to legal entities.
Soooo... I eider need to get some Cheep ofshore shell company, Cheep unfortunately means around 1k€, or find someone with a company that would buy the certificate for me.

May be one in belize https://www.offshorebelize.com/ only $650 I guess i should first check with the CA if they would accept one like that, also i suspect some additional changes for document translation may apply.

That hole thing is a huge mess!
How the heck are normal people supposed to sign they own drivers if the CA's only issue the required certificated to companies, WTF...

 

I talked to one of the CA's on the phone and as far as they tolled me an EV certificate is something that only a company can get because its this way defined in the relevant industry standards.
So I will need some sort of company to get an EV Cert... and that makes the whole endeavor so much more expensive :/

I mean we are still getting one just the donation target may need a 0 more at the end :/

 

Because Microsoft wants it so: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate

 

David -- I don't know where you are located, but in the USA setting up a "company" is pretty simple (see, e.g., https://corp.delaware.gov/howtoform/, although Deleware may be the most expensive US state in this regard). You could be a sole proprietor, but you would need an agent in the state where you incorporate. If you have a friend in the US, he/she could be your agent in the state in which he/she lives.

Some states require fees, taxes, and/or annual reports, which could be a pain to keep up with. I'm not a lawyer, so I don't know what the least expensive option might be. Maybe we all need to increase our donation levels... -- jclarkw

 

Just to follow-up with what jclarkw stated, forming a company in the US can be done without a lot of expense or even an attorney. Here is a place where they will assist you with the process: https://www.legalzoom.com/business/business-formation/

I have used LegalZoom twice to create 2 different non-profit foundations. It was a relatively easy process. I have not, however, used it to create a company. But, you can schedule a consultation with them. (I do not spend the time to see if they only operate in the US, I apologize.)

 

I'm located in Austria and here its not so easy and to my understanding you have running costs of at least 500€/year + you need to file tax forms every year that's at least an other 300 unless you are confident enough to fill them out yourself. I guess for all the 1+n years you can use the old as template if never nothing changes LOL.

An offshore company in a country that specializes on that is probably cheaper.

I will review the options and look whats best...

 

@DavidXanatos Hi David, did you also check one of these maybe
https://sectigo.com/signing-certificates/code-signing
https://www.ssl.com/certificates/ev-code-signing/buy/
When I do a checkout the company name seems to be optional but I can't verify the complete process of course.

 

I chatted with SSL.com they only give EV certs to companies.
And I phoned the german sales of entrust and the guy on the phone explained that its the very nature of EV certs (by the relevant industry standards) that they are only issued to companies.
Also Certum has that info in bold text on their website. So at this point asking further appears quite pointless.

I need some sort of shell company or someone with a company that would be willing to help out by playing the straw man for me to buy the cert.

EDIT: Also I wrote the EFF (no answer yet) if they know any workaround to this problem, because as it stands without leaked certs its not possible for real people to distribute windows 10 drivers at all.
And imho that is a problem a world in which only corporations can distribute software is very much a dystopia, and it shouldn't be allowed to start with windows drivers.

 

Agreed, . Or should that be .

 

So Sophos made Sandboxie open source but only a company can get it to work again with Windows. Come on Spohos and take care of the EV-certificate please...

 

why should they spend a cert for a product they dont care about and to be responsible then again? they do they own business, i would do this same way.

 

I have googled driver signing service... and found this: https://www.jungo.com/st/services/windows_drivers_digital_signing/
They are selling some sort of driver building framework and offer their customers for an extra fee to sign the drivers created with their framework.

... yes I asked them if they would sign something completely other i.e. sandboxie-plus, no answer yet...

But! That suggests that it is in principle permitted to use once EV Cert and M$ SysDev account to sign stuff for others, or to sign others stuff and just say it's your fork of that.
So I'm wondering if it might me generally a good idea to create a non profit driver signing service for open source projects.
Actually the EFF or FSF should do just that, they already are an organization and have a cash flow.

 

Wait for Sandboxiedev and his EV-certificate? His last post May 13th...

https://www.wilderssecurity.com/thr...s-sbie-open-source.428156/page-2#post-2917128

 

He got silent since iirc 3 months, probably some real life issue so no idea if/when he will be back online.

 

This build brings a great new feature, snapshots, these allow to save a box state. The file system changes are saved incrementally for every snapshot a folder named snapshot-n where n is the snapshot id will be created in the box folder. The snapshot layout as well as the information which one is the currently used one are saved in a snapshot.ini in the box folder. With this feature tracing what applications do will be even easier, as well as undoing destructive changes that may have occurred.

Also with this release the SbiePlus build gets an own proper installer, from the get go. If you want t use the Plus build portable just choose the "Extract" option from the installer that will just unpack it to a selected folder.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.4.0

Changelog
Added

• added a proper custom installer to the the Plus release
• added sandbox snapshot functionality to sbie core
  -- filesystem is saved incrementally, the snapshots built upon each other
  -- each snapshot gets a full copy of the box registry for now
  -- each snapshot can have multiple children snapshots
• added access status to resource monitor
• added setting to change border width
• added snapshot manager UI to SandMan
• added template to enable authentication with an Yubikey or comparable 2FA device
• added ui for program allert
• added software compatybility options to teh UI

Changed

• SandMan UI now handles deletion of sandboxe content on its own
• no longer adding redundnat resource accesses as new events

Fixed

• fixed issues when hooking functions from delay loaded libraries
• fixed issues when hooking an already hooked function
• fixed issues with the new box settings editor

Removed

• removes deprecated workaround in the hooking mechanism for an obsolete antimalware product

 

Great news David! -- By the way, did you ever, or do you plan to, address this issue with SBIE errors generated by Chrome (and Edge)?

https://www.wilderssecurity.com/threads/sandboxie-plus-sbie-fork.427755/page-16#post-2940511

Cheers! -- jclarkw

 

Yes... just one issue after the other with enough new features sprinkled in between to keep the work pleasant enough

Cheers
David

 

@DavidXanatos The new version ends for some unity games with no more wait chain issue, but it doesn't do anything, both the program and sandboxieRpcSs trigger WERFAULT, (though to myself: why does it sound like Werewolf)
The previous version is OK but this dreadful delay in starting the new Unitygames, as you remember older ones like you tested, like for me Overcooked 1 and 2 work fine. However Noita, using different engine, their own as much as I know as they have pixelsimulations, crashes in the previous too.
Opus Magnum Zacharias mind bender game, fine in previous, new version no go. Was there a bigger change, other than the removal of the obsolete routine?

About the Certificate, I seriously see this as the same issue like the TCPA cr*p, who doesn't know this, here is some nice video from the beginning of that sh*t long time ago. https://www.youtube.com/watch?v=s7WDbnHlc1E Trusted Computing.
At least one success came out, we are able to switch this piece of hardware off, if it is really off then, of course <shrug>
Similar like the secure EFI boot, which cut off Linux for sometime. It is an eternal fight against our freedom. I hope the EFF will give an answer. I think it is OK if MS tries to protect the system in a way, however it should be finaly still up to me if I want to overrule it and say, I accept it without cert as well. It is my PC not yours. Policies could be done in companies to prevent users to do this, but on my hardware, I do what I want to do.

 

Yes the entire file-system snapshots mechanism was added, although it shouldn't do much when no snapshots are actively used