Sandboxie-Plus Vintage View

Sandbox options are per box so i cant really make a glboal button the button would not know for what box to open the options.
But if all you want is a quick way to open these options just double click on a box and its box options will open.

 

Thank you! I didn't know you could do that. It's small things like this that makes everything work smooth and quick.

 

May be related to #72, #74

Might there be a general/generic rule/recommend regarding Sandboxie processes - allow access to the internet?
1.2.1

 

Well that depends on what you are doing, I would personally block internet access for all boxes except those which need it.

 

I have restricted internet access in my boxes.
for example: my Edge sbox only allows msedge.exe with unlisted processes blocked.
I'm curious whether Sandboxie processes (for example: SandboxieCrypto.exe #78) require internet access in my Edge sbox ?
I'm curious where does Remember for this process get saved?
1.2.1

 

If its per process the data are stored transiently in the driver, ir you create a permanent rule its writen to the ini and editable in the firewall tab of the box options

 

Thanks
-
I'm curious whether Sandboxie processes (for example: SandboxieCrypto.exe #78) require internet access in my Edge sbox ?

 

SandboxieCrypto.exe might ask for it to verify certificate recovations, but if you deny it it wil still work just without online updates

 

Microsoft certificates? Website certificates? SandboxieCrypto verifies CA certificates?

 

ssl website certificates, SandboxieCrypto.exe hosts a sandboxed instance of the CryptSvc service

 

Ahh....Cryptographic Services service
-
What I think happened was I only just realized that internet access for unlisted processes is Allow access.
With SbieCtrl. Internet Access - only listed programs were allowed internet access. So, unlisted programs were not allowed internet access.
With SandMan. Internet Restrictions - internet access for unlisted processes is Allow access. I needed to opt Block for unlisted.

 

Curious, when SandMan looks like this:

Why SbieCtrl lools like this:

-

Spoiler: [GlobalSettings] [Edge]

Code:

[GlobalSettings]
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
SeparateUserFolders=y
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
NetworkEnableWFP=y
EnableObjectFiltering=y
EnableWin32kHooks=y
EditAdminOnly=n
ForceDisableAdminOnly=n
ForgetPassword=n
TemplateReject=Edge_Win11Fix
TemplateReject=WindowsRasMan
TemplateReject=WindowsLive
TemplateReject=OfficeLicensing
TemplateReject=NortonInternetSecurity
TemplateReject=7zipShellEx
UseFileDeleteV2=y
UseRegDeleteV2=y
ForceDisableSeconds=600
SandboxieLogon=y

[Edge]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=LingerPrograms
Template=qWave
Template=Edge_Force
Template=Edge_Bookmarks_DirectAccess
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=BlockPorts
ConfigLevel=9
BoxNameTitle=n
CopyLimitKb=81920
AutoDelete=y
ProcessGroup=<InternetAccess>,msedge.exe
ProcessGroup=<StartRunAccess>,notepad.exe,msedge.exe
ProcessGroup=<StartRunAccessDisabled>,
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
LingerProcess=msedge.exe
AllowNetworkAccess=!<InternetAccess>,n
AllowNetworkAccess=<BlockNetAccess>,n
PromptForInternetAccess=y
DropAdminRights=y
ClosedIpcPath=!<StartRunAccess>,*

May be related to:

Spoiler: The legacy UI of sandboxie classic

 

Thanks, Bo. I've trusted and relied on Sandboxie for years now just to take a browser for a spin around the block and to get back home safely. And since you've relied on Sandboxie for a heck of a lot more than that, your reply speaks volumes and I appreciate that. Kudos.

 

I imagine Yes stores transiently in the driver and the rule is written to Process Restrictions.

Spoiler: related pics

 

Switched from Classic to Plus and really like it. All of my browser shortcuts are pinned to the task bar. I can pull the exe for each browser via the file searcher "Agent Ransack," right click for explorer context menu and add it into the default sandbox.
It couldn't possibly be any simpler. All by the way-- tested Edge, Vivaldi, Brave, Iridium, Maxthon, and Slimjet with no hitches. With SRWare Iron, the system advises "Your device ran into a problem" and reboots...
In context with SRWare's popularity, one could suppose "no big deal."

 

I think this is a fallacy, as by the same reasoning a person who by random chance did not have any viruses in the past decade, despite not using Sandboxie, an AV or any other anti malware product, could claim that its fine with only the chrome/firefox browser sandbox, that they don't need additional protection, etc...

And to be honest you don't really know if never anything happened, perhaps some malware may have stolen some of your data and sent them some ware at some point in time, and you just did not noticed.
Have you always closed all file paths to your personal data in all sandboxes you use?
Did you never had a password manager open while a virus was active in a sandbox?

A common attack vector are broken drivers, even available form large vendors here is a non exhaustive list: https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
Such drivers can be exploited often even on systems with sandboxie,
this will be changed with the build 1.3.x/5.58.x which will introduce two new security mechanisms which will prevent such attacks, the code for that can already be tried out in the dev branch on GitHub.

I think for the most part you can never have enough protection,
only when it starts interfering with compatibility it will be time to start considerations where to draw the line.

Also I would really appreciate it if you would try the 1.2.1 build out and give me some feedback on the vintage view mode how acceptable it is.
I'm not asking you to switch to plus permanently just try it out, get a bit familiar and give some feedback on how good or bad it looks.

 

@DavidXanatos . You are not going to convince me. Quit trying. On that post you quoted me and linked, even though I wrote that post for other people, I also intended to show you that I can promote Plus, use Classic, and be honest about my feelings.

Bo

 

@bo_elam you know you can use this enhanced protection features also in classic when you set it in the ini. As I said in the end I'm only asking you to take a look and give some feadback on the vintage mode, not to switch your everyday use.

You wrote earlier

And as I replied I want to do it right so I'm looking for a sandboxie veteran's seal of approval.
I think its a fair request it only takes a few minutes of your time to tell me how classic the new View Mode feels.

 

OMG, I'm in shock. Did you still not find a way to get rid of the ugly focus rectangle? I can't stand those stupid dotted lines.

 

So how is the 1.2.3 build? Anyone has any more suggestions how to improve the vintage view? Or is it perfect as it is?