DropMyRights is a bit of a problem for my system

Discussion in 'sandboxing & virtualization' started by kennyboy, Jul 27, 2016.

  1. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    I am attempting to have yet another go at using Sandboxie on my system, again with problems that I dont see anyone else having from Googling DropMyRights.
    Sandboxie is the one program that despite reading so many tutorials and threads, that I just cant seem to get running nicely.

    OK. so 2 problems that I have. The biggest one is using Chrome on Win 7 x64. Chrome runs fine with the usual Sandboxie settings UNTIL I enable DropMyRights, and immediately, all the Chrome extensions crash. Extensions such as Laspass, uBlock original, HTTPS everywhere, Evernote WebClipper, Pocket etc. Makes no difference if I limit Chrome to be the only Internet facing app, or the only Start/Run app in the Sandbox, or keep default settings, the instant that I enable DMR. the extensions crash. No other settings cause this to happen.

    The second problem is not so bad, but still a pain. Using Chrome and FreeDownloadManager both with Start/Run, and Access Internet rights, Sandboxie will not allow it to run. Cant think of a setting that could be causing it.
    On the point of giving up on Sandboxie, which is a shame because I do understand its value if I could get it to run on my system.

    Thought as a last resort, I would post here and see if I am missing something blindingly obvious.

    Thanks for any help.
     
  2. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    Dunno if I or anyone will be able to help without more information. At any point troubleshooting with limited info is highly problematic and even once we get the basics it could still be time consuming or require a lot of trial and error to isolate. I suppose I'm one of those lucky few who have never had many issues with SBIE when it comes to the Drop Rights option or my browser.

    Normally I'd say that, to start, the best option would be to list your OS, any other security programs you have and, if you're willing, the config the sandbox runs in along with version numbers...blah blah blah blah and since you mentioned addons, might as well include the names/versions (please don't just say latest...!)

    Something like FRST might also help those looking into it but there's still a chance of something more detailed on the order of procmon being needed for people to help out. Even with all that being supplied there is no guarantee.

    All that said, I don't use chrome or any of the addons you already listed (I used to use HTTPS everywhere) so maybe someone who has will still be able to identify the culprit without any extra info.

    From your wording you seem to already think it is 'just' an addon crashing so why not disable them all, close and restart chrome in the sandbox with drop rights then enabled one at a time to isolate which one(s) causes problems and proceed from there?

    The other (second) problem is a bit more confusing but a Resource Access Monitor Log might help and if not a procmon log likely would.
     
    Last edited: Jul 27, 2016
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,060
    I also experience error messages if I enable Dropmyrights on Chrome browser. Since Chrome runs at Untrusted integrity level, I don't see a need to enable that option. So I would suggest you to disable it and you'll get rid of the problem.
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Kenny, thats your solution.

    For some reason in some systems, sandboxing Chrome works better without Drop Rights being enabled. Thats the way it is. I think it has to do with some of the things that Chrome downloads on its own and Drop Rights keeps the interaction between Chrome and Sandboxie from working smoothly. So, for your system, not enabling Drop Rights is the solution. Drop Rights is a nice setting but not enabling it doesn't mean SBIE is weak. :)

    I don't use Chrome but in my W7, I can run Chrome sandboxed with Drop Rights. But if I was a Chrome user and experienced an issue running Chrome with DR, I would untick DR and not mind it. I certainly wouldn't stop using Sandboxie just because I couldn't run Chrome in a sandbox with DR.

    A little while ago, I tested Chrome and FreeDownloadManager. I installed both programs in my W7 32 bits laptop, all done in Shadow mode. Both programs, Chrome and FDM worked smoothly under Sandboxie. I even forced FDM, and again, work perfectly well along Sandboxie.


    Sin título.jpg


    Try FDM again with Chrome and SBIE without DR. If you still have issues running FDM with the sandboxed Chrome in a sandbox without DR, we ll try something else later.

    Kenny, no Sandboxie related. I experienced some issues with FDM. 1. For some reason, I don't know if it was installing Chrome or FDM, but after installing both programs, I found Google updater installed as a plugin in my Firefox plugins. To me, thats bad :). And 2. Somehow, after successfully testing downloading a few YouTube videos with Firefox and Chrome, all of the sudden, I realized my internet was gone. I had to run the Network troubleshooter to restore my connection. After that, I stopped testing and rebooted the PC.

    Bo
     
    Last edited: Jul 28, 2016
  5. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    Many thanks to all. Appreciate all the advice. I have gone with Bos solution to just not enable DMRs. It turns out that it was not just the extensions that were crashing, but the whole browser was not working correctly. Very strange.

    On the FDM problem, I have not had time to look any further, but I will. Very weird problems you encountered Bo. Sorry I have no suggestions to help.

    Once again, grateful for your help.
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I am glad to help, Kenny. And don't worry, all is well now. After my connection was gone, I just had to think for a couple of minutes on what to do. But it was like I had no network adapter, no internet. Even after getting out of Shadow mode, I had no adapter. I never experienced anything like that before. The solution was easy, I opened the Network troubleshooter and after a few seconds, my internet was fixed.

    Bo
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Drop rights is meant to drop the rights of a process running as admin/system to limited/standard user (medium integrity level).

    Chrome is already running at the Untrusted integrity level...which is way lower than that.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Ok...already I know...I saw DMR in title of topic and in first post and I was wondering "why they are talking so many about Sandboxie"? :)
     
  11. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    @bo Do I understand that you are running Sandboxie along with Shadow Defender? That is quite interesting if you are. I run SD as an almost permanent state, and was just looking to see if they can co-exist. I would be interested in your setup if you have time, or if you have had any conflicts using both.

    @ safeguy. The reason I was concerned about not being able to invoke DMRs is precisely because I was concerned about constantly running as Admin using Chrome (which I do) but it is reassuring to know that Chrome runs at an untrusted level already.

    Many Thanks.
     
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I run Shadow defender on demand and only occasionally and don't use it for security. I mainly use SD for testing programs like yesterday when I installed Chrome and FDM to see how they interacted with Sandboxie or to see the effect of making changes in the system and then see the result. During my experience using both programs at the same time, I never had an issue. You shouldn't experience conflicts for using both programs at the same time.

    Kenny, all programs that run in the sandbox, run at untrusted level, regardless of whether you are using Drop Rights or not. :)
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=5&t=19642&p=103719&hilit#p103719

    Bo
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    A lot of people, even people using Sandboxie calls Drop Rights, the Sandboxie setting, DropMyRights. :)

    Bo
     
  14. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    That is very useful info Bo. Does make me wonder though what is the point of DMRs if everything is already at such a low integrity.

    Many thanks again.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    To me personally, the practical important aspect of using Drop Rights is that it keeps programs that download into the sandbox from installing.

    So, if you are browsing and malware gets downloaded into the sandbox, if its allowed to run, it wont install. You also have Start Run restrictions in SBIE. If you only allow a few programs to run, it wont matter much if you use or not use DR.

    Bo