Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Dec 7, 2020.
Interesting I'll check that out
PDF24? BUT Sbie tells you it is saving outside the Sandbox
I have tested it via Windows Sandbox and I experienced the same (using SandboxieInstall64-v5.45.0.exe).
I did use "PDF24 Creator 10.0.7, Private, x64" (pdf24-creator-10.0.7.exe), Full installation and all defaults.
During the installation you will get a: SBIE2205 Service not implemented: CM Add Driver Package
After the installation 2 printers are visible in Windows 10: PDF24 and PDF24 Fax
And the registry contains several entries related to these PDF24 printers.
I have tried to disable all "Software Compatibility" items
Sometimes the printers won't be installed directly but after some time they still appear and registry values like the following are created.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDF24 Fax
I have two questions:
1) Release v0.5.1 "Therefore it is necessary to manually uninstall the previous build and clean install the new release."
I still have, on W10, the "classic" version 5.42.1
There is a way to not lost all my sandboxes areas? To me will be very hard to lost and reinstall everything.
2) The "PDF24 Creator" case makes me very afraid. I use SB from XP, I never experimented such things... Can somebody explain exactly what's happening?
Oh my God it's true. There's a sandbox escape installing PDF24 Creator!!!
Printer and fax remained there!!!
Luckily I got Shadow Defender always as a safety net...
I remember Ronen had to fix a security leak related to printer service years ago.
Did you mean this Buster or something else?
Uninstall the classic version when asked opt to keep the C:\windows\syndboxie.ini
install the plus release and voila all your boxes should be still there.
This issue is also present in the last official Sophos release 5.33.6 as well
not sure now much of a sandbox escape this is, its certainly leak of sorts, but this does not automatically means that it can be exploited.
Easy to fix?
I am looking about some information on it. Interested.
You saved my day. And maybe my week.
Don't know yet and don't know how much of an issue is really is aside of the inconvenience of having to delete that printer by hand.
I'm not sure if it's the same or a different one. I just remember I sent to Ronen a malware that was bypassing Sandboxie using printer services.
Edit... by the dates it's a different one.
I reported this 2 years ago on Sandboxie forum: https://vimeo.com/289538880
It was about an app who needed admin (root) permissions running outside the sandbox on my normal user (crazy) account.
Since then i'm using Windows with admin privileges.
In addition to deleting that 2 printers manually, you also have to delete the printer driver, ports and some registry entries.
Printer driver: MS Publisher Color Printer
Ports: \\.\pipe\FaxPrint, \\.\pipe\PDFPrint
When PDF24 is normally installed (without Sandboxie) the printer driver is named: PDF24
First, many thanks to David for SBIE+!
I realize Chuck57's post is a few weeks old now, but I just tested SBIE+ (newest version just DL'd and installed moments ago) and it works great with Waterfox (FF fork), but in Brave it cannot connect to any sites when sandboxed. Gets the "Oh snap" error. The previous SBIE I was using (v5.33 I think it was) also would not work with Brave. W764 laptop here. (I'm a never-10'er.) Anyone else tried Brave out? It's not my go-to browser so this isn't critical, but wondered if it's only me. (Latest vers of Brave, too.)
Tried it in a Win10 VM, pages load fine, even though it threw a bunch of errors. Youtube videos wouldn't play audio, but that might just be the VM. Might want to try it in a fresh sandbox. BTW, you'd need to have Brave (or any other browser) installed outside of the sandbox, then run the browser itself inside, at least in my experience.
Thanks for the reply. I'm on W764, not W10, so don't know if that makes a diff or not. But Brave is installed normally (not in the Sandbox) and works normally when I don't run it Sandboxed. I also closed the sandbox and started over with a fresh one. Didn't make a diff. Also added the Brave install folder to the default Sandboxie config menu for Chrome browsers. Also made no diff.
One of the things I really like with SB plus is in the systray icon with the yellow sand on the purple box. I know I saw it in a way-earlier thread and can't find it now - but is there any way to get a third different visual effect on this icon when Disabled Forced Programs is invoked?
Not yet but i can add one
Also to make the empty tray icon more distinct on a dark task bar i have added a small sun
what do you think looks good?
@DavidXanatos, for the Open and Closed settings (which are also described in the template) there is "OpenPipePath" but I'm actually missing the possibility to block request via "ClosedPipePath"
Or are all PipePaths redirected anyway. Otherwise, would it be possible to create this ? Thanks in advance.
OpenPipePath and OpenFilePath are almost equivalent,
except that OpenFilePath applies to applications installed outside the sandbox only
while OpenPipePath applies to all applications no mater where they are installed
CloseFilePath applies to all applications no mater where they are installed.
So there is no need for a ClosedPipePath
In the plus UI you only have a button for files/folders and pipes where in the access mode you can select
Direct = OpenFilePath
Direct All = OpenPipePath
Thanks for your clear explanation.
I've installed Sandboxie 5.45 x64 version after uninstalling the 5.33.6 version. Now I am getting BSOD - Kernel Check Failure. Can you please explain why is that happening? I am on Windows 10 x64. I'm unable to troubleshoot the issue. Can you please help me out. Thank you in advance.
I take it, you didn't like the sandman? That is OK.
One thing coming to mind with UI+, why is the context menu run sandboxed still the old classic UI?
Separate names with a comma.