Sandboxie-Plus 1.0.17

This build fixes a couple of issues, but also introduces a major change in how sandboxie controls access to process memory.

Before this build sandboxie allowed sandboxed programs to read the memory of any unsandboxed program belonging to the current user, this is obviously a bad idea if your goals is not only infection prevention but also data protection. Hence with 1.0.16 onwards sandboxie will not allow for PROCESS_VM_READ on unsandboxed processes or processes belonging to other boxes.
To facilitate compatibility this build introduces a IPC options, with ReadIpcPath=$rogram.exe any unboxed process can be configured to allow for PROCESS_VM_READ, it is also possible to restore the old behavior entirely by specifying ReadIpcPath=$:*
By default the only process whos memory can be read is explorer.exe many processes want that and explorer should not keep any secrets normally anyways. To block this you can use ClosedIpcPath=$:explorer.exe

To facilitate optimal process isoaltion the EnableObjectFiltering option is now on by default, although this only applies for new installations, hence its recommend for existing installation to go to settings->advanced and enable it explicitly.

Other changes in this build include a simple resource access monitor mode and a change how process paths are resolved for sandboxed processes, this should fix a couple of issues.

Given that this build changes a couple of core mechanics it is possible that in some special cases this can lead to an incompatibility.

Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.16
Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.17

ChangeLog
Added

• FIXED SECURITY ISSUE: memory of unsandboxed processes can no longer be read, except for exceptions
  -- you can use ReadIpcPath=$rogram.exe to allow read access to unsandboxed processes or processes in other boxes
• Added "Monitor Mode" to the resource access trace, similar to the old monitor view of sbiectrl.exe

Changed

• EnableObjectFiltering is now set enabled by default, and replaces sbies old process/thread handle filter
• the $: syntax now accepts a wildcard $:* no more specialized wildcards though

fixed

• fixed NtGetNextProcess being fully disabled instead of properly filtered
• fixed reworked image name resolution when creating new processes in a sandbox

 

Hi

Can someone help me?


Sandbox web browser (Chrome) + KeepassXC browser.

The password manager connection in this mode does not work for me.

What should I set in Sandboxie?

Sandboxie installed classic 5.55.15

Asterixpl

 

AssetUPnP now starts correctly in 'Local Account' mode, but if I enable 'Trace Logging' within Sandboxie-Plus then from AssetUPnP switch between Disabled and Local Account mode Sandman.exe crashes/disappears.

 

wrong thread?

 

Doy ou have a crash dump form sandman exe? that would help me to find out whats going wront there

 

Well... use the new monitor mode to easier find out what ipr or winclass resoruces are accesses that ate not opened that sound like thay belong to keepasxc and try opening them

 

Updated version

 

So what should I do. I don't know much about it

 

Thanks for the tip. But today I do not have the strength for this program.

 

On my test win 11 with the newest firefox and sandboxie it starts just fine, can you enable the trace log and see if any $:somethign.exe are blocked
also does ff open for oyu just causes error messages or does it fail to run?

 

that is very strange, i think that happened with regard to chage is that somehow teh ini entry for SbieCtrl_AutoStartAgent=SandMan.exe is missing now and thats whyn the service would start up the classic ui instead
but why sandman would crash hmmm... I'll have to check out the dmp file
can you upload it on some hoster and share the link please

 

uncheck apply check apply again done

 

Since installing this SB+ update I keep getting an error message on starting Firefox 98.0.2 (x64)

firefox.exe (16840): SBIE2101 Object name not found: Unnamed object, error OpenProcess (C0000022) access=00001400 initialized=1

although it still seems to work.

 

thats in plus you need to start the plus ui from the start menu entry and toggle that option

 

Ok please enable the trace log and look for a $:somethign.exe entry caused by firefox and tell me that is this somethign.exe firefox tried to access

 

@stapp did the crash repeat or was it a one time thing?

 

close classic with its tray menu, and for good measure restart plus

 

Does this mean that before an over-the-top install,
EnableObjectFiltering MUST FIRST be turned on?
Will there be error messages if it is not turned on?
Thanks.