First time using the following setup: Sandboxie v.1.13.6 - clean new yellow box Windows 11 x64 MS 365 x64 installed in the system not in a sandbox MS 365 apps won't fully run. Executable WINWORD.EXE runs in the sandbox but no GUI forms at all. Spoiler: ini Code: Enabled=y BlockNetworkFiles=y RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}% RecoverFolder=%Personal% RecoverFolder=%Desktop% BorderColor=#02f6f6,ttl Template=OpenBluetooth Template=SkipHook Template=FileCopy Template=qWave Template=BlockPorts Template=LingerPrograms Template=AutoRecoverIgnore ConfigLevel=10 UseFileDeleteV2=y UseRegDeleteV2=y AutoRecover=y ForceProcess=WINWORD.EXE LingerProcess=WINWORD.EXE
Try disabling the "Microsoft Office Click-to-Run" compatibility template in the global settings. https://github.com/sandboxie-plus/Sandboxie/issues/3708#issuecomment-2002070019
Didn't work @busy even restarting the machine. No other sec app here but WFC and Shadow Defender, they don't seem to interfere because 365 apps run fine unsandboxed.
In my experiments with the following settings in the virtual machine, when I run Office applications twice, they open in the sandbox. Code: NoSecurityFiltering=y NoSecurityIsolation=y OpenCredentials=y OpenIpcPath=\RPC Control\AppV-ISV-* OpenIpcPath=\RPC Control\C2RClientAPI_*
@busy , I made some changes and had to disable UseRegDeleteV2=y otherwise the apps won't create their GUI, however, executables won't terminate running in the sandbox, grrrr Spoiler Code: Enabled=y BlockNetworkFiles=y BorderColor=#02f6f6,on,2 Template=OpenBluetooth Template=SkipHook Template=FileCopy Template=qWave Template=BlockPorts Template=LingerPrograms Template=AutoRecoverIgnore ConfigLevel=10 UseFileDeleteV2=y #UseRegDeleteV2=y AutoRecover=n AutoDelete=y ForceProcess=WINWORD.EXE ForceProcess=POWERPNT.EXE ForceProcess=EXCEL.EXE ForceProcess=MSPUB.EXE NoSecurityFiltering=y NoSecurityIsolation=y OpenCredentials=y OpenIpcPath=\RPC Control\AppV-ISV-* OpenIpcPath=\RPC Control\C2RClientAPI_* I would be more than happy if I could make MS 365 run in a orange or yellow box. I think the settings you did result in a green box, correct? And if it is a green box it's like almost no sandboxing at all correct? Or in this case, what benefit I get by using a green box for MS365 apps?
@Mr.X Anyway, ignore what I wrote above. Install the new version of Sandboxie and make sure that both templates needed for Office are enabled. If it doesn't work, try it after rebooting. It works with all box types. https://www.wilderssecurity.com/threads/sandboxie-plus-1-13-6-pre-release.453988/#post-3192516 Code: [GlobalSettings] Template=OfficeLicensing Template=OfficeClickToRun
Thanks a lot busy. New dlls seem to have fixed this issue. I just tried a yellow box and apps launch very fast with no issues apparently. I need to experiment more because apps still having trouble to terminate (processes) when I close them.
Yes, all box types work now but there's another issue. After apps running for 4 min. an error message pops up: It translates like this:
This. See? Others ask anything about any issue with Office or 365 and get a reply from the man but I don't .
I find this use case very interesting. This new feature for MS Office is great to deal with this sort of threats: https://github.com/sandboxie-plus/Sandboxie/issues/4070 https://github.com/itm4n/VBA-RunPE https://www.bleepingcomputer.com/ne...manual-pushes-new-daolpu-infostealer-malware/ Now you see why I want to make sbie compatible with Office @Brummelchen ?
Testing this new feature "ForceChildren=Program.exe" Double click on a Word 365 document with a macro Code: Sub AutoOpen() Dim Shell As Object Set Shell = CreateObject("wscript.shell") Shell.Run "notepad" End Sub results in: Word document opens as expected but sandboxed notepad.exe does not, only sbie throws some errors: Code: SBIE1241 Cannot mount registry hive: [C000000D / 22] Notepad.exe: SBIE1231 Initialization failed for process [C0000001 / A3] PID 2544: SBIE2314 Cancelling process Notepad.exe Code: [_365] Enabled=y BlockNetworkFiles=y BorderColor=#0423ee,on,5 Template=OpenBluetooth Template=SkipHook Template=FileCopy Template=qWave Template=BlockPorts Template=LingerPrograms Template=AutoRecoverIgnore ConfigLevel=10 UsePrivacyMode=y UseSecurityMode=y UseFileDeleteV2=y UseRegDeleteV2=y AutoRecover=n AutoDelete=y ForceChildren=WINWORD.EXE
