Released Sandboxie Plus (Sbie fork) Versions with Signed Driver

Sorry, I'm not Leapdroid familiar. I did not realize Leapdroid is an emulator, which is a software that enables android applications on your computer until I searched "Leapdroid". I'm not emulator familiar.
I did not realize I was sandbox crazy until I read @Buster_BSA - "Running a virtual machine sandboxed is just crazy." #342
I'll move to PM so we're not off topic.
Cheers

 

FWIW ~ Feedback re 0.5.2 / 5.45.1
Curious why new Default box created from Classic differs from new Default box created from Plus.
For example: Miscellaneous and Immediate Recovery Templates render/populate differently?
view Classic vs Plus new Default boxes thru SbieCtrl-


view Classic vs Plus new Default boxes thru SandMan -

I'll check with Hardened n' Legacy -

 

Decided to make change from the original Sophos Sandboxie to the new version and thought I would go directly to plus. I also decided to start from scratch with settings thinking it would be a quick recreation of some
of the basics. Unfortunately I can't work out how to actually specify which programs should run sandboxed. Going to sandbox options things look familiar enough but Forced Programs does nothing for me. I am probably not entering this correctly. I seem to remember that in the old version that the programs were "suggested" - since nothing appears I typed the path to c:\Program Files\Mozilla Firefox and Chrome or Sumatra instead but
these do not open sandboxed when expected. What am I doing wrong? While I did not keep the sandboxie.ini file, I can probably get it from an image if I knew what the path would be where to find it.

 

hmm... this issue is really particularly annoying I have debugged it yesterday all day long and here is what it happens the website's js invokes some chrome function that than wants to get a list of registered URI handles using "FindAppUriHandlers"
This call goes through the COM system and that's where everything goes horribly wrong, sandboxie fails to proxy the operation properly.
Returning an error, and chrome instead of properly handling that error just crashes with NULL pointer exception.

 

For "ForceProcess=..." You have to enter the exe name only like like firefox.exe or chrome.exe
for "ForceFolder=..." You enter the path to the directory containing the exe's you want sandboxed
in no case you enter the entire exe path.

the location of sandboxie.ini is c:\windows\sandboxie.ini

 

Thank you David, much appreciated.

 

here is the solution: ClosedFilePath=*\Windows.System.Launcher.dll

Now should I put that into a template for chrome and alike or hard code it in the SbieDLL... wouldn't be first of such fixes Sophos and Co added very many hard coded workarounds...

 

Probably actually neider, instead I'll hook RoGetActivationFactory and return an error code, when that file is requested, directly instead fo blocking the read access to the file

 

I hadn't realised the SbieCtrl was installed with Plus, but I would like to use just the Plus interface going forward if possible.

@DavidXanatos is there any way to access the "Recover & Explore" etc feature in Plus? And could the Plus icon for "Disable Forced Programs" be more obvious/visible when activated please; big red cross or something.

Also, is anyone finding that SandMan just closes/crashes from time to time?

 

What is "Recover & Explore", do you mean the "Files and Folders" view in SbieCtrl which shows the folder structure of a selected sandbox instead of the processes?
No this view is not implemented and I'm not going to ad to sandman some half baked file explorer feature. You can use the explore content menu option to open an explorer window to the box root folder, isn't that just as good? Plus even better as explorer is much more user friendly?

There are two ways forwards with regard to this specific functionality though:

1. I'm planning to write an own File Manager next year its main feature will be the ability to automatically bypass all possible file access restrictions. You are the admin if you want to delete ntkrnlmp.exe or browse "C:\Program Files\WindowsApps" than you should be able to do that without any workarounds, its your PC your property an no one especially not some piece of software should hinder you in doing with your property what you see fit.
Now once that's done I'll add some sort of Sanboxie integration that would understand that you are in a sandbox root folder and offer you recovery and other sandboxie specific options.

2. If really many people request that I guess I could write an explorer shell extension that would bring sandbox specific options to windows explorer, basically a sub menu like the on of 7-z and others but with the sbie options




About Sandman crashing, could be there is a resource leak I fixed yesterday that happened when loading icons form 32 bit exe's that after some time resulted in a crash.
Will be fixed in the next build.

 

David, it's a feature that's already in SbieCtrl, so not a half-baked explorer feature! Pls see earlier post:

and it's a feature that I use/d all the time for many years.

Maybe I should just return to Classic, but I try not to live in the past with software.

 

ah I see you mean those additional option aside of just recover, sure thats easy to add will add that in the next build

I thought you mean this:

 

how about that:

will be like this in the next build.

 

Need a bit of advice on two issues:

a) Sandboxie Plus Notifications. Each time I run something in the sandbox I get heaps of notifications about Objects not found, not hooked or other things having failed. Using the ? I get some info but this is way above my head.
I suspect I had something similar in the original program but Bo advised to just dismiss/ignore these as long as I could still use the programs. Is this the same here or do I need to actually look at all these alerts in detail?

b) I would like to run several sandboxes for different purposes. One of the sandboxes should restrict access to the internet to only one or two browsers and nothing else. However these browsers should also be allowed to
run in my default sandbox. What is the best procedure to set shortcuts for a browser to run in a specific sandbox and then put the icon for that into the task bar? Basically I would like to be able to choose which shortcut
icon to click and that will automatically open the browser in my default sandbox or the other short cut to open in the restricted sandbox.

 

FWIW ~ @beethoven ... my

Spoiler: HideMessage

SbieCtrl_HideMessage=2222,RuntimeBroker.exe [Edge]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Edge]
SbieCtrl_HideMessage=1308,identity_helper.exe [Edge]
SbieCtrl_HideMessage=2222,identity_helper.exe [Edge]
SbieCtrl_HideMessage=1231,[C0000001 / 06]
SbieCtrl_HideMessage=2314,MicrosoftEdgeUpdateBroker.exe
SbieCtrl_HideMessage=1308,MicrosoftEdgeUpdateBroker.exe [Edge]
SbieCtrl_HideMessage=2222,MicrosoftEdgeUpdateBroker.exe [Edge]
SbieCtrl_HideMessage=2222,RuntimeBroker.exe [Firefox]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Firefox]
SbieCtrl_HideMessage=2303,ReleaseStgMedium (33, 1655)
SbieCtrl_HideMessage=2303,CoGetObject (33, 1655)
SbieCtrl_HideMessage=2303,RegisterDragDrop (33, 1655)
SbieCtrl_HideMessage=2318,ole32.dll
SbieCtrl_HideMessage=1301,iexplore.exe
SbieCtrl_HideMessage=2222,RuntimeBroker.exe [Chrome]
SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Chrome]
SbieCtrl_HideMessage=2222,rundll32.exe [IE]
SbieCtrl_HideMessage=2314,rundll32.exe
SbieCtrl_HideMessage=2314,software_reporter_tool.exe
SbieCtrl_HideMessage=2314,RuntimeBroker.exe
SbieCtrl_HideMessage=2222,dllhost.exe [Chrome]
SbieCtrl_HideMessage=1308,dllhost.exe [Chrome]
SbieCtrl_HideMessage=2222,dllhost.exe [Firefox]
SbieCtrl_HideMessage=1308,dllhost.exe [Firefox]
SbieCtrl_HideMessage=2314,dllhost.exe
SbieCtrl_HideMessage=2303,CM_Add_Driver_PackageW (33, 1655)
SbieCtrl_HideMessage=2318,cfgmgr32.dll
SbieCtrl_HideMessage=2303,SetCurrentProcessExplicitAppUserModelID (33, 1655)

 

BJM - impressive - so how do you deal with them?

 

I hide em' -

 

a) If everything works fine just ignore them in fact, I would disable all notifications in the settings uncheck the box "Show notifications for relevant log messages",
than you see them only in the log in the advanced view.

b)
"C:\Program Files\Sandboxie-plus\Start.exe" /boxefaultBox "C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Firefox.lnk"
or
"C:\Program Files\Sandboxie-plus\Start.exe" /box:__ask__ "C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Firefox.lnk"
to make it ask which box
And ofcause set ForceProgram to force the browser in a selected box for the case where its not started explicitly in one

 

Thank you

 

Hi!

I just installed on Windows 7 Pro the latest build 0.5.2 (just unistalled the "classic version").

I have two issues:

1) during install I had the warning window "The driver is not signed, you will have issues using this software" (something like that);

It will cause issues or it is normal?

2) "Create shortcut icon" -> I have two entries "Programs" and "Programmi". They seem to have the same content. My Windows is in italian language.

It will be fixed just to see only one entry?

 

Just for the papers, I would always vote for template or options. Hardcoding of exceptions, which might change is a bad idea for the future. Anything which is hardcoded for one specific item could become obsolete tomorrow and nobody remembers it was hardcoded. Like Text labels, which might be better off in a file with references. Easier to maintain, no need to recompile. Just my two cents.

Need to come back to this one. I see SBman is utilizing the registry, however it doesn't autostart anymore. @DavidXanatos what is the right autostart for SBman, used by the program?

 

HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion\Run', 'SandboxiePlus_AutoRun'

 

Exactly, mhhh need to check why it doesn't start. Should be all good.

 

Changelog preview for the upcoming build: https://sandboxie-plus.com/changelog/
anything major I may have forgotten?