Question what configuration do I need to enable Google Chrome to update inside SBIE?

Discussion in 'sandboxing & virtualization' started by CoolWebSearch, Nov 8, 2013.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I try everything-literally, every time when I install SBIE Google Chrome update works, every time I configure it it does not work.
    And I did enable everything regarding Google Chrome (chrome.exe, googleupdate.exe, googleupdater...exe and every single process, so what is wrong?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    So you want to add holes to your sandbox so that the already sandboxed browser can update within it... So much for hardening, if that's even a proven reason against redundancy.

    Anyways, you need to clarify what "everything" means to continue further in this unnecessary modification. Like resource access rules, although I'd just update Chrome manually if Sandboxie must be used.
     
  3. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I truly don't know what is the point of your post here when it comes to security, but what I have to say is that when it comes to Google Chrome update I tried just about everything I allowed everything for Google Chrome and I also allowed for Internet access, including also I used permissions in resource access. nothing works, it works only when SBIE is freshly installed and it is not configured at all.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    My post has everything to do with security. You're adding mostly redundant code for the supposed purpose of hardening, yet now it's not convenient for you so the opposite is attempted.

    Once again, what is "everything" exactly? Since you require help, details are necessary. How does Chrome update when SBIE is freshly installed, do you never clean the sandbox? Why isn't manual updating enough?
     
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    When SBIE is freshly installed there is no configuration, sandboxed Chrome updates normal, however when I disabled everything to start/run and internet access except firefox, iexplore.exe, Google Chrome (everything from chrome to update)-which are all allowed to run and access internet, and yet despite firefox and iexplore actually do start/run and update normally, Google Chrome does not-even though I removed every single restriction for Google Chrome to start/run and update.

    I also use similar restriction like that of Malwar (resource access-file access-blocked access):
    ClosedFilePath=%Personal%\My Downloads\(block your personal info from malware)
    ClosedFilePath=%Personal%\My Music\
    ClosedFilePath=%Personal%\My Pictures\
    ClosedFilePath=%My Video%\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=C:\WINDOWS\system\
    ClosedFilePath=C:\WINDOWS\system32\kernel32.dll(It could say kernel64.dll instead of kernel32.dll)
    ClosedFilePath=C:\WINDOWS\system32\t2embed.dll
    ClosedFilePath=C:\WINDOWS\system32\win32k.sys
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi CWS, if you want Chrome to be able to update sandboxed and retain the update, you need to install Chrome in a sandbox and keep the installation, not deleting the sandbox. I never used Chrome but I think that should work.

    If you have Chrome installed outside the sandbox, you need to find out the name of the file and/or folder you need to allow Direct file access to. I am not sure if its possible to do what you want since in the case of Firefox, it can not be done. Same with IE.

    I think its a very bad idea to do what you want but if you allow Direct file access to the entire Chrome profile folder, you might get you what you want.

    Bo
     
  7. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Did you disable the notification for when a program is denied execution? It's
    where I would most likely start to troubleshoot your problem.

    Also, if I recall correctly, the Program Files install of Google Chrome creates
    an update job via Task Scheduler so a restricted Sandboxie config might not
    allow Chrome updates.
     
  8. guest

    guest Guest

    Why don't you just sandbox Chrome for daily browsing and run it outside of Sandboxie's sandbox when updating?
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Isn't it safest practice to temporarily disable forced programs, update browser then close it, clear sandbox, re-enable forced programs?
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I think so too.

    Bo
     
  11. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Ditto.

    I use FileHippo Update Checker to alert me to new versions of Chrome. If there´s a new version i just run Chrome outside Sandboxie to update. FileHippo U.C can be configured to run at Windows startup and to automatically close itself if no updates are found.
     
  12. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Updating programs and trying even to make them do so is against what SBIE is!

    You do update Chrome unsandboxed period. Chrome has a update thing when you ask in its settings. My Chrome is not in english language, but it is where browsers usually check for it. Something about information about the browser in Chrome settings.

    I do run Chrome sandboxed. Despite what some people say it is the safest thing to do. just a minor inconvinience to get it updated.
     
  13. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    In this case security > convenience IMO
     
  14. tomazyk

    tomazyk Guest

    I've never tried to update Chrome under SBIE supervision. I would never try to add exceptions that could allow me updating it in SBIE. I also would never know if program was updated OK or if something has broken during update.
     
  15. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I understand now, thanks to all and bo elam as well.
     
  16. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I will do exactly the same thing.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    .....wise decision.:cool:

    Bo
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    This is how I do it, except for the "clear sandbox" step.
    When forced programs are disabled and browser is opened and updated, there are no sandbox contents to delete.
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Yeap, the above is more like how I update my browsers and other programs, since I set all my sandboxes to delete on closing.:thumb:

    Bo
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Right you are... nothing to delete if 'Automatically delete contents of sandbox' is checked.
    Sometimes I forget that you can configure SBIE to NOT delete on closing.
    But also, if you open a browser unsandboxed, there is no sandbox contents to delete after updating, regardless of how we have SBIE set.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.