Released Sandboxie Plus (Sbie fork) Versions with Signed Driver

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Dec 7, 2020.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Interesting I'll check that out
     
  2. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    201
    Location:
    uk
    PDF24? BUT Sbie tells you it is saving outside the Sandbox
     
  3. robert147

    robert147 Registered Member

    Joined:
    Jun 29, 2020
    Posts:
    22
    Location:
    Netherlands
    I have tested it via Windows Sandbox and I experienced the same (using SandboxieInstall64-v5.45.0.exe).
    I did use "PDF24 Creator 10.0.7, Private, x64" (pdf24-creator-10.0.7.exe), Full installation and all defaults.
    During the installation you will get a: SBIE2205 Service not implemented: CM Add Driver Package
    After the installation 2 printers are visible in Windows 10: PDF24 and PDF24 Fax
    And the registry contains several entries related to these PDF24 printers.
    I have tried to disable all "Software Compatibility" items
    Sometimes the printers won't be installed directly but after some time they still appear and registry values like the following are created.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF24
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF24 Fax
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\Print\Printers\PDF24
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\Print\Printers\PDF24 Fax
     
  4. RiseFall

    RiseFall Registered Member

    Joined:
    Dec 21, 2020
    Posts:
    4
    Location:
    Italy
    I have two questions:

    1) Release v0.5.1 "Therefore it is necessary to manually uninstall the previous build and clean install the new release."

    I still have, on W10, the "classic" version 5.42.1

    There is a way to not lost all my sandboxes areas? To me will be very hard to lost and reinstall everything.

    2) The "PDF24 Creator" case makes me very afraid. I use SB from XP, I never experimented such things... Can somebody explain exactly what's happening?

    Thank you
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,027
    Location:
    Mexico
    Oh my God it's true. There's a sandbox escape installing PDF24 Creator!!!
    Printer and fax remained there!!!
    Luckily I got Shadow Defender always as a safety net...
     
  6. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I remember Ronen had to fix a security leak related to printer service years ago.
     
  7. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,694
    Location:
    UK
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Uninstall the classic version when asked opt to keep the C:\windows\syndboxie.ini

    install the plus release and voila all your boxes should be still there.

    This issue is also present in the last official Sophos release 5.33.6 as well
    not sure now much of a sandbox escape this is, its certainly leak of sorts, but this does not automatically means that it can be exploited.

    Cheers
    David X.
     
  9. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,024
    Easy to fix?
     
  10. RiseFall

    RiseFall Registered Member

    Joined:
    Dec 21, 2020
    Posts:
    4
    Location:
    Italy
    I am looking about some information on it. Interested.

    You saved my day. And maybe my week.
     
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Don't know yet and don't know how much of an issue is really is aside of the inconvenience of having to delete that printer by hand.
     
  12. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I'm not sure if it's the same or a different one. I just remember I sent to Ronen a malware that was bypassing Sandboxie using printer services.

    Edit... by the dates it's a different one.
     
    Last edited: Dec 21, 2020
  13. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    59
    Location:
    Spain
    I reported this 2 years ago on Sandboxie forum: https://vimeo.com/289538880

    It was about an app who needed admin (root) permissions running outside the sandbox on my normal user (crazy) account.

    Since then i'm using Windows with admin privileges.
     
  14. robert147

    robert147 Registered Member

    Joined:
    Jun 29, 2020
    Posts:
    22
    Location:
    Netherlands
    In addition to deleting that 2 printers manually, you also have to delete the printer driver, ports and some registry entries.
    Printer driver: MS Publisher Color Printer
    Ports: \\.\pipe\FaxPrint, \\.\pipe\PDFPrint
    Registry:
    HKEY_CURRENT_USER\Printers\ConvertUserDevModesCount\PDF24
    HKEY_CURRENT_USER\Printers\ConvertUserDevModesCount\PDF24 Fax
    HKEY_USERS\.DEFAULT\Printers\ConvertUserDevModesCount\PDF24
    HKEY_USERS\.DEFAULT\Printers\ConvertUserDevModesCount\PDF24 Fax

    When PDF24 is normally installed (without Sandboxie) the printer driver is named: PDF24
     
  15. FXWG

    FXWG Registered Member

    Joined:
    Dec 21, 2020
    Posts:
    8
    Location:
    Earth
    First, many thanks to David for SBIE+!

    I realize Chuck57's post is a few weeks old now, but I just tested SBIE+ (newest version just DL'd and installed moments ago) and it works great with Waterfox (FF fork), but in Brave it cannot connect to any sites when sandboxed. Gets the "Oh snap" error. The previous SBIE I was using (v5.33 I think it was) also would not work with Brave. W764 laptop here. (I'm a never-10'er.) :) Anyone else tried Brave out? It's not my go-to browser so this isn't critical, but wondered if it's only me. (Latest vers of Brave, too.)
     
  16. reincarnatez

    reincarnatez Registered Member

    Joined:
    Sep 27, 2020
    Posts:
    16
    Location:
    United States
    Tried it in a Win10 VM, pages load fine, even though it threw a bunch of errors. Youtube videos wouldn't play audio, but that might just be the VM. Might want to try it in a fresh sandbox. BTW, you'd need to have Brave (or any other browser) installed outside of the sandbox, then run the browser itself inside, at least in my experience.
     
  17. FXWG

    FXWG Registered Member

    Joined:
    Dec 21, 2020
    Posts:
    8
    Location:
    Earth
    Thanks for the reply. I'm on W764, not W10, so don't know if that makes a diff or not. But Brave is installed normally (not in the Sandbox) and works normally when I don't run it Sandboxed. I also closed the sandbox and started over with a fresh one. Didn't make a diff. Also added the Brave install folder to the default Sandboxie config menu for Chrome browsers. Also made no diff.
     
  18. Vikterola62

    Vikterola62 Registered Member

    Joined:
    Dec 14, 2020
    Posts:
    7
    Location:
    USA
    One of the things I really like with SB plus is in the systray icon with the yellow sand on the purple box. I know I saw it in a way-earlier thread and can't find it now - but is there any way to get a third different visual effect on this icon when Disabled Forced Programs is invoked?
     
  19. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Not yet but i can add one

    EDIT: added

    upload_2020-12-22_9-53-4.png
     
    Last edited: Dec 22, 2020
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Also to make the empty tray icon more distinct on a dark task bar i have added a small sun

    upload_2020-12-22_9-48-19.png

    upload_2020-12-22_9-48-57.png

    what do you think looks good?
     
  21. robert147

    robert147 Registered Member

    Joined:
    Jun 29, 2020
    Posts:
    22
    Location:
    Netherlands
    @DavidXanatos, for the Open and Closed settings (which are also described in the template) there is "OpenPipePath" but I'm actually missing the possibility to block request via "ClosedPipePath"
    Or are all PipePaths redirected anyway. Otherwise, would it be possible to create this ? Thanks in advance.
     
  22. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    OpenPipePath and OpenFilePath are almost equivalent,
    except that OpenFilePath applies to applications installed outside the sandbox only
    while OpenPipePath applies to all applications no mater where they are installed
    CloseFilePath applies to all applications no mater where they are installed.
    So there is no need for a ClosedPipePath

    In the plus UI you only have a button for files/folders and pipes where in the access mode you can select
    Direct = OpenFilePath
    or
    Direct All = OpenPipePath
     
  23. robert147

    robert147 Registered Member

    Joined:
    Jun 29, 2020
    Posts:
    22
    Location:
    Netherlands
    Thanks for your clear explanation.
     
  24. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
    Hi David,

    I've installed Sandboxie 5.45 x64 version after uninstalling the 5.33.6 version. Now I am getting BSOD - Kernel Check Failure. Can you please explain why is that happening? I am on Windows 10 x64. I'm unable to troubleshoot the issue. Can you please help me out. Thank you in advance.
     
  25. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    132
    Location:
    Land of Oz
    I take it, you didn't like the sandman? That is OK. :rolleyes:

    One thing coming to mind with UI+, why is the context menu run sandboxed still the old classic UI?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.