Released Sandboxie Plus (Sbie fork) Versions with Signed Driver

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Dec 7, 2020.

  1. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,221
    Location:
    Brooklyn, NY
    Well, admittedly, yes, I'm a little confused here....I don't run video files, just my Bandcamp music files in Windows Media Player. I just went to one of my collections, LEFT-clicked on a track and it opened instantly in WMP--sandboxed. I don't even run it (WMP) as a Forced program if it's already set as a default app: does one HAVE to?

    My Default box settings have very little allowed. The bare minimum, and the most simplicity. I have paid the price getting cute and fancy and making a plus here and there until things get all messed up. Right now, I could not ask for better, Sbie-wise. Very happy with this software atm.
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Short and easy. If WMP and/or WPV are your default video and pictures viewer, they will run outside the sandbox when pictures, music files or videos are executed out of a Forced folder. That is it.

    Regarding setting up WMP as a forced program? In your case since it is your default player, I would. Personally, I don't even use WMP at all, but even so, I still force it. There is really no reason not to force it, the program works great sandboxed, and you are safer if it runs under Sandboxie. You can only win if you force.
    This is why with Sandboxie, it is better to keep things simple and to use separate sandboxes for different programs.

    Bo
     
  3. SandboxerX86

    SandboxerX86 Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    14
    Location:
    In a Sandbox
    Hello there, I'm a legacy Sandboxie user thinking to upgrade to the new Plus/Classic version and have some questions before doing so if you don't mind.
    And first and foremost thank you DavidXanatos,and everyone who keep this project alive.

    1- It's possible to keep the contents of one or various sandbox while uninstalling?
    Basically I have some programs installed inside some sandboxes that I would like to keep so that I can use after updating without reinstalling em, but if I'm not wrong I think I need to empty the sandboxes to uninstall so I don't know if a backup and restore is possible and what is the best way to archive it so sandboxie recognize everything as it should.

    2- Has the problem with the certificates been totally fixed on non W10 OSs?
    I have an W8.1 machine and I've read that now everything is signed but that specifically in this version the system accepts it grudgingly even if it ends up working and want to know if that could be a problem.

    3- Do the Open Source version have any compatibility problems with games anti-cheats?
    Maybe an stupid question but I've seen old reports of some anti-cheats not very happy with sandboxie present on the system and even banning just for having it running or being installed (check Dirty Bomb 2015 issues) and even if now most of them have sandboxie whitelisted I would like to know if the Open Source version is safe the same way the old Legacy is (that may also have to do with the second question about the certificate).
    Must clarify that I'm not talking about running games inside the sandbox or using cheats, I'm talking about playing games installed and running OUTSIDE the sandbox and detecting S-Plus as something bad.

    Oh just in case is needed I'm currently using 5.33.6 on W8.1 and want to upgrade to latest Plus (or Classic if the upgrade is easier depending on the reply to the first question)
    I think that's all, sorry if something is not well explained and thank you.
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,177
    Location:
    Viena
    Hi,

    1- yes sure, i dont think you need to empty them, just in case you can rename the sandbox dir to be sure the uninstall won't mess with it, and keep the sandboxie.ini from c:\windows

    2- I haven't tested explicitly on 8 as but 8 accepts everything 7 does and 7 accepts the driver now fine so it must work fine with 8 to

    3- Not that I know of, but I'm not a big gamer. I would find it very strange if they would not like it as it does not really have anything that could be used for cheating.

    Cheers
    David X.
     
  5. SandboxerX86

    SandboxerX86 Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    14
    Location:
    In a Sandbox
    Thanks for the reply DavidX, just a few things to conclude:

    1- So let's say my current sandbox is in "F:\Sandbox\MyUser\etc" I can just rename it to "F:\SandboxBackup", uninstall Sandboxie Legacy, install Sandboxie Plus with the sandbox located per default in "C:\Sandbox", change the settings location to "F:\Sandbox", delete de newly created by SBIE-Plus "F:\Sandbox" folder and rename my "F:\SandboxBackup" to "F:\Sandbox" again.
    That would make SBIE.-Plus to continue using my Sandbox folder and its contents without issues right?

    2- I understand, when I install it I will tell you how it went.

    3- I see, i asked because when looking info about it found a recent post in your Github about a game's anti-cheat detecting it (github .com/sandboxie-plus/Sandboxie/issues/385).
    The user who posted said it was fixed by updating both the game and SBIE-Plus but that's what made me ask about any other possible compatibility issues.

    Thank you again and sorry for the inconvenience.
     
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,177
    Location:
    Viena
    1- yes but don't forget to save also c:\windows\sandboxie.ini

    3- well yea the hacky signature may have been a point of concern but thats solved for many months now.

    cheers
     
  7. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    179
    Location:
    New Zealand
    Just moved from Sandboxie Classic 5.50.2 to the Plus version 0.8.2, since that's the way of the future and today I've had some time to get to know the new UI. Got to say @DavidXanatos - I really like it! You've done a great job refreshing the UI and adding some new functionality. I found I had to create a shortcut for the desktop and taskbar to "Run the default web browser under the supervision of Sandboxie-Plus", but that was the only thing I could find that was missing from the Classic version. (I like having the shortcut on the taskbar - it's just a few less mouse clicks than opening Sandman, right-clicking the Defaultbox, and selecting Run Web Browser).

    Going to move my other machines over now. :)

    Thanks heaps David.
     
    Last edited: Jun 24, 2021
  8. SandboxerX86

    SandboxerX86 Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    14
    Location:
    In a Sandbox
    Well I have finally installed Sandboxie Plus and the installation was completed successfully, as well as the certificate that did not give any problem and seems to work fine.
    In the end, I didn't have to backup the Sandboxie folder or rename it because when I uninstalled SBIE Legacy the folder stayed there with all the content and SBIE Plus started using it as soon as the .ini loaded. The only downside is that the existing folders, including the main ones "sandboxie" and "sandboxie/myuser", lost the yellow icon, only the new created folders have it but not big deal.



    But now @DavidXanatos I found a compatibility problem with a program that I already had in 5.33.6 and its present on Plus too and don't know why.
    To better understand the problem let me explain the story behind it:
    l was using Sandboxie 5.20 for a long time and everything I used on it worked without problems (including the program I'm having trouble now that is called Parsec) but wanted to have the multi-sandbox feature so I upgraded to Sandboxie 5.33.6. On 5.33.6 Parsec and some other programs stopped working with an error in which they said that they did not have an internet connection when they did and by doing a rollback to 5.20 the programs would work again, so I started thinking about installing SBIE Plus and see if in your version the problem was fixed.

    A friend of mine who have Win10 did a test for me. On said test he installed 5.33.6 and tried Parsec getting the same exact error as me, then installed Plus and the program worked.
    So today I uninstalled 5.33.6 completely except for keeping the .ini and the sandbox folder, installed Plus 0.8.2 and... the program doesn't work. I'm getting the same problem as with 5.33.6 and don't know why since my friend got it working.
    I've tried to run it in one of my already created sandboxes aswell as creating a new one with the default settings and same results.
    The funny thing is that while I had 5.33.6 installed before even thinking to move to Plus I was searching for a fix and found a post by you talking about a setting called "RpcMgmtSetComTimeout" and how that setting was "RpcMgmtSetComTimeout=n" on older versions but changed to "RpcMgmtSetComTimeout=y" in 5.33.6 stopping some programs to work properly. So thinking that that might be my problem I tried that setting on 5.33.6 and of course it didn't work since I guess it's hardcoded, but now, after installing Plus and getting the same error, I tried that setting again and voilá it made the program work.

    So I guess the questions are:
    Why I need to put "RpcMgmtSetComTimeout=n" on the sandbox to make it work while in my friend computer it just works? maybe because I used my old sandboxie.ini while his is new? OS related?
    Wasn't "RpcMgmtSetComTimeout=n"de default value as per 0.7.0? Why I have to put it manually?


    Tomorrow I'm gonna do more tests on my friend's PC to see what could be the cause and check if the .ini has something to do.
    Sorry for the wall of text by the way but I thought it would be good to detail the problem so that it could be understood.
    Thank you.
     
  9. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,177
    Location:
    Viena
    RpcMgmtSetComTimeout is a setting I introduced, it was not present in the sophos builds, there the behavior indeed was hard coded and couldn't be changed.
    The implementation around these code section also changed a lot during my work on that part of the code base, RpcMgmtSetComTimeout=n was only default in 0.7.0 in 0.7.1 y was again the default behavioure
    Please note that RpcMgmtSetComTimeout=n can break other things, although not as badly as in 0.7.0 as the obvious things it broke there have now an exception list in the template ini which takes precedence.
    anyhow for optimal compatibility you can
    1.) use "RpcMgmtSetComTimeout=program_name.exe,n" this way the setting will apply only to the program that needs it, or even better
    2.) RpcPortBinding=problematic_dll.dll,*,TimeOut=n
    to do 2 you would need to use the trace log to find out which dll's may caus the issue.
    technically speaking its not the dll as such but the RPC communication it tries to initiate, but as in practice windows mostly has dll's which do only one sort of RPC its usualyl enough, if you want to be more exact, you can specify the bind string or the interface uuid instead of the *

    for example like this:
    RpcPortBinding=kernel32.dll,'0497b57d-2e66-424f-a0c6-157cd5d41700@ncalrpc:',TimeOut=y
    this one is btw needed sometimes during process creation and probably the reason sophos introduced the behavioure change in the first place, breaking other applications in the process.
     
  10. SandboxerX86

    SandboxerX86 Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    14
    Location:
    In a Sandbox
    Oh I see, silly me didn't see the setting changed again on 0.7.1, my bad.

    Tried "RpcMgmtSetComTimeout=program_name.exe,n" and it works nicely.
    With "RpcPortBinding=" I'm having a bit of trouble finding the problematic .dll.
    I've took a look at the Trace Log by enabling it, launching the program, getting the connection error and then stopping the log to avoid excessive non-related entries. Did the same with IpcTrace=D and IpcTrace=I enabled to filter even more entries but no luck (I'm doing it right?). I am not proud of what I've done but I've ended up adding each and every .dll that I've seen in the log but without result.

    I guess I can use "RpcMgmtSetComTimeout=program_name.exe,n" ,even if it's not optimal, until I find that elusive .dll.

    As always thank you for your help,patience and for doing the "RpcMgmtSetComTimeout" behavior a configurable setting by the way because without it I would have to stick with Sbie 5.20 heh.
     
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,177
    Location:
    Viena
    yea "RpcMgmtSetComTimeout=program_name.exe,n" should be just fine
     
  12. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    From v5.49.7 Classic (I think, can't remember) to the latest v5.50.2 I'm having a curious problem with a program that used to work fine inside a sandbox. It is Telegram desktop portable (in any of its latest versions). The problem is the following, every time i start the program i get the following screen, then i close it and from the program manager i kill the telegram process, then when i start it again everything is perfect and functional. It always repeats the same pattern. My system is a Win10 1809 64bit.

    https://imgbox.com/BzmBWw6R
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,083
    under the curtain off portableapps
    https://portableapps.com/apps/internet/telegram-desktop-portable

    If you can install and use the regular setup then its a matter of their package
    https://desktop.telegram.org/

    uh, doh? running a portable under c:\program files\ is not possible without modifying rights of that folder.
    seriously? 1809 had its last updates right now in may, so its declared as dead and insecure.
     
  14. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out


    I would never work with a third-party portable program when the original website already offers it as a portable program. On the other hand I've never had any problems before except for those last versions of Sandboxie, it must not be due to telegram's package but some restriction that David might have introduced, I guess.

    Indeed, permissions are granted at the same time as the folder is created; security here does not affect the problem I am reporting. Anyway thanks Brummelchen for the tips.
     
  15. EspressoGuy

    EspressoGuy Registered Member

    Joined:
    May 4, 2020
    Posts:
    18
    Location:
    USA
    I downloaded the latest version of Classic. When I try to install it, Windows 10 says the file was signed by Tonalio GmbH. Is this legit?

    Also, I want to move to Plus from Classic. Do I have to uninstall Classic first?
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Backup your C:\Windows\Sandboxie.ini...just in case.
    Plus installer detects Classic and prompts uninstall.
    pic_111.png pic_113.png
     
    Last edited: Jun 26, 2021
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,083
    thank you, i missed that smaller text under button :eek:
    maybe, do you really know?
    running a portable within \program files\ means that you had modified the rights of that folder, you must have removed "trusted installer" and thus that folder is no longer protected from windows. no program has the ability to store its settings there, reason for the strict user separation - user folders ;)
    sorry to go into deep, but not much know what they are screwing if they do it like this. i dont know about your knowledge, so this is only a hint to avoid trouble after all.
    About your 1809, if it is not LTSC it has ended.
     
  18. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    Yes it is the ltcs, it still has a few more years of updating to go. My level of knowledge is simply as an average user, although i haven't had any problems with leaks, infection or theft for over 20 years. The issue here is that my Telegram portable has always worked with the configuration and location it has had but since David's implementation of the version I discussed it now does this strange behaviour. It is curious because once i kill the telegram process in the file manager, in my case process lasso, when i launch it again inside the sandboxie it doesn't give me any problem, the program launches fine without any failure. Curious really. But if i close it again and launch it again then again i get the error and have to kill its process again so that it launches again without any error. I'm sure David will be able to reproduce it on his computer.
     
  19. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,177
    Location:
    Viena
    can you test with which version this issue got introduced for you?
     
  20. SandboxerX86

    SandboxerX86 Registered Member

    Joined:
    Jun 22, 2021
    Posts:
    14
    Location:
    In a Sandbox
    Hey David, I think I've found a possible bug in the way File Recovery works?

    Basically the default sandboxie.ini setting for File Recovery is Disabled "AutoRecover=n" but when you create a new box and use the [Copy options from an existing box] and that box have the setting File Recovery Enabled "AutoRecover=y" the newly created box have both settings applied at the same time on the .ini:
    AutoRecover=y
    AutoRecover=n
    being "Y" the active/functional one, and if you go to [Sandbox Options > File Recovery] and uncheck Enable Immediate Recovery... both settings are deleted instead of just "Y" and leaving "N".

    Something similar happen with new Default boxes. When you create a new sandbox with [Select restriction/isolation template > Default] the .ini setting of that box is "AutoRecover=n" now go to [Sandbox Options > File Recovery], check Enable Immediate Recovery... so "AutoRecover=n" turns in to "AutoRecover=y" and now uncheck it again and the setting is totally removed instead of turning back to "N".

    Don't know if this is the intended behaviour but looked weird so wanted to bring it here just in case it interest you even if it isn't something important.

    Edit:
    Another weird thing is that for some reason Immediate Recovery is duplicating the notification of an eligible file for recovery if the file was written by explorer.exe. If the file is created by any other process then is fine and only an unique notification is shown, but any file that is created by explorer.exe have two notifications at the same time.
     
    Last edited: Jun 30, 2021
  21. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    113
    Location:
    Outer space
    Does new sandboxie use hardware virtualization or planning to eventually move to it bit by bit? I've heard in the past its more compatible in the long run and the developer won't require to do update sandbox as often with that method. Sorry if I don't make sense or something, don't really know what I'm talking about but want to know.
     
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,083
    @wissec - where exactly is telegram failing?

    i dont use it so i dont have an account nor is it connected to my phone, i currently see the QR code for the connection.
    same windows ltsc, defender only, latest sandboxie classic. only the program folder is located in c:\temp\telegram\telegram.exe

    i suggest you to try another folder.

    edit:

    Tried on my unmodified pro in same (to yours) folder - no problems until QR code.
     
    Last edited: Jun 29, 2021
  23. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    Thanks David, all sorted out. I have tried some version that thought was working fine and i got the same behaviour... Finally i have been able to fix it, my fault for not having been more active in the first moment, simply by adding the log.txt file path to direct acces in that same Telegram sandbox, now everything works perfectly.

    Big thanks Brummelchen for all your time and interest in my problem. Before i could fix it as i said to David, i tried changing to C: and also got the same error, haven't tried other paths anymore.
     
  24. EspressoGuy

    EspressoGuy Registered Member

    Joined:
    May 4, 2020
    Posts:
    18
    Location:
    USA
    When I try to install the latest version, Windows 10 says the file was signed by Tonalio GmbH. Is this legit?
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,083
    thats legit.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.