Sandboxie Acquired by Invincea

Does anyone know if there are plans to add 'Control Flow Guard' to Sandboxie?

 

CFG is part of your OS. CFG extends your OS sandbox behavior starting with DEP and ASLR. why should sandboxie emulate it?
CFG is an compiler option if language offers it, there is not much software obeying CFG.

 

like some others on the sandboxie forums I found the latest firefox doesnt work with the latest sandboxie, even the beta version of sandboxie.

It seems firefox's built in sandboxing conflicts with sandboxie on default settings, I fixed it by disabling the privilege level drop inside firefox (others also confirmed this works).

 

Hi chrcol, There is no problem affecting "many" users running Firefox under Sandboxie at this time. I would say, there's almost none. Whats the issue affecting your sandboxed Firefox?

Regarding disabling Multi process or changing the privilege level. As far as I can tell, using multi process along the sandboxed Firefox is working fine. I disable it but do it by choice. Disabling it is also something to try if you hsve a problem but there's not many people right now that have to disable e10s for Firefox to work under Sandboxie. I dont think changing the privilege level is a recommended workaround. You should try a new Firefox profile and forget about changing that particular setting in Firefox.

Bo

 

Hello,
Odd observe with downloads less than default 49152 (48MB).
I've deleted contents of all sandboxes + machine restart.

SBIE2102 File is too large to copy into sandbox - iconcache_48.db [Firefox / 51380224]
SBIE2223 To increase the file size limit for copying files, please double-click on this message line

Whats iconcache_48.db ?
Bumping to 50178 (49MB) stops 2102 2223 messages.
Just odd since downloads are < 10MB, less than default 48MB.

Edit: since, 2101 2102 2223 was only with my Firefox sandbox.
I created n' setup new Firefox sandbox.

 

Hi bjm. Size of downloads dont trigger those messages. Whats causing the messages in your computer is file "iconcache_48.db" being larger than the size Sandboxie sets by default for files that are copied into the sandbox. Files that get modified in the sandbox, are copied into the sandbox before being changed.

This link explains what iconcache_48.db is.
http://www.winability.com/how-to-erase-icon-thumbnail-cache-windows-8/

There are a few things you can do:
1. Rebuild file .
2. Allow direct file access to file.
3. Increase the size, as you did already.
4. In Sandbox settings>File migration tick box "Dont issue message when a file is too large to migrate".

I don't think the new sandbox you created is gonna get rid of the messages, if I was getting those messages I would go with 4 or 2.

Bo

 

Sandboxie was prompting 2101 2102 2223 message when I called download so, assumed download was causal.
Okay, I'll have to study "how-to" page.
CCleaner cleans thumbnail cache?
Is iconcache_48.db cumulative across sandboxes or is iconcache_48.db per sandbox?

Sandboxie is not prompting 2101 2102 2223 message with new Firefox sandbox. ?

 

The messages are related to the size iconcache_48.db has in your computer. The file is located in C:\Users\[User]\AppData\Local\Microsoft\Windows\Explorer. Look for it and you ll see that is larger than 48MB. The file is from Microsoft, so its an OK file. I dont have it in my W7 but all similar DB files I have in there are less than 1MB. Yours is probably very large, out of the ordinary.

But bjm, this is not really an issue. No reason for you to worry about nothing. If you increased the size on the new sandbox from 48 to 49, then thats why you are not being messaged on that sandbox. On the other hand, if you left that setting on default, then you are probably gonna get the messages real soon. Test and see what happens.

Bo

 

Ahhh, not really an issue. Okay, ...new Firefox sandbox is 48. I'll watch for messages.
So, why is iconcache_48.db default, per sandbox?

 

Yes, this Sandboxie messages for this particular file are purely informational. I bet, you can tick the box (look option 4 I gave you earlier) to ignore them and you wont notice any difference in the sandbox. My feeling is that you can tick the box in Sandbox settings of the sandbox where you are getting the messages, and the result will be, 1. No more messages and 2. You ll be able to run Firefox and other programs as successfully in that sandbox as you always had (before messages started appearing). Programs will perform as good as before getting messages.

Programs running in any sandbox read same iconcache_48.db default.

Bo

 

Okay, so with, for example, three active sandbox's....all sandbox's read the same \Windows\Explorer\iconcache_48.db and any sandbox could trip message.

I hear ya'.
Thanks!

 

Exactly, but programs running are the ones that trigger the message. This particular message you are getting gets triggered when a sandboxed program (in this case could be Firefox or another program running in that sandbox), reads a file and wants to modify it. Sandboxie allows the modification in the sandboxed environment but before the sandbosed program can modify the file, Sandboxie migrates a copy of the file into the sandbox. Large files take a long time to migrate into the sandbox, thats why Sandboxie by default puts a limit on the size. If a copy is not migrated/copied into the sandbox (this happens when you get the message), the sandboxed program reads but dont modify the file in the sandbox.

What to do with this particular messages depends on the file and the program that wants to modify it. There are situations where you must allow direct file access or change the allowed size in Sandbox settings for the sandboxed program to perform properly but in your case, with Firefox and an icon DB, I doubt it, and so, you can ignore the messages.

Bo

 

Well, I was only seeing and reproducing 2101 2102 message upon calling file download (save to desktop) from website in old Firefox sandbox. I may of had files in other sandbox.
2101 2102 is seldom, if ever for me. I was curious.

Regards with Respect. Thanks!

 

I never gotten one of them. 2101 is kind of rare .

Greetings, bjm

Bo

 

@bo elam Continuing the conversation from this thread: https://www.wilderssecurity.com/thr...etup-these-days.111264/page-1549#post-2686555

I have paid version and I used to have one sandbox for Firefox, but allowed e.g. PDFs to open in that same sandbox by allowing PDFXedit.exe and PDF-XChange-EditorPortable.exe (PortableApps.com version of PDFXChange Editor) in Start/Run Access for the Firefox sandbox.

But I am not too clear on using separate sandboxes, and have a query. I am experimenting, and have created a separate sandbox for PDFs.

Should I now remove those Start/Run entries in the Firefox sandbox? Bit of a noob question, I'm sure.

Same would apply to e.g. LibreOffice ...

 

What to do with PDFXedit.exe and PDF-XChange-EditorPortable.exe in your Firefox sandbox depends on how you view PDF files while browsing. 1. If you view PDFs within the browser using Firefox own PDF viewer, you remove them from Start/Run. 2. If you disable the Firefox viewer and view PDFs out of the browser when browsing (this is what I do), you leave PDFXedit.exe and PDF-XChange-EditorPortable.exe in Start/Run.

Let me explain number 2, to be clear. When I browse, if I click a PDF and select Open, it runs in the Firefox sandbox out of the browser, not within Firefox, thats why the exes for the Reader have to be allowed.

In my opinion, this is the perfect way to open PDFs while browsing. Why? if I click on a malicious PDF, it cant hijack Firefox to phone home. For this to work perfectly, you dont allow the PDF reader internet access in Internet Restrictions either.

So, when you browse, PDF files run in the browser sandbox. Thats automatic, thats how Sandboxie works.

Your dedicated PDF sandbox that you just created, thats for any PDF that you have in your hard drive. For example, PDFs you download. To make this sandbox more secure, tick Block all programs in Internet access restrictions.

Libre? Absolutely, remove it from your Firefox sandbox. Libre works great under Sandboxie and has no business doing in a browsing sandbox.

Let me make it easier for you. I use the portable version, this are Libres exes I allow to run. As with your dedicated PDF sandbox, on this one you can also block all programs from accessing the internet.



Bo

 

Thanks Bo. Indeed I don't use Firefox viewer so I will leave as .

And thanks for the Libreoffice settings.

But then shouldn't these be allowed in the Firefox sandbox settings too, if I open say an attached spreadsheet in the Firefox sandbox out of the browser, for the same reason as above?

Edit: To be clear I am talking about opening LibreOffice attachments in Gmail.

 

Great, I smiled when I read post 3743 as I thought that probably you were not using the viewer. Perfect.

If you open Libre attachments in Gmail, then leave Libre exes as allowed in the Firefox sandbox. I dont open office attachments while reading mails but you dont want to inconvenient yourself so for you, keep them as you have it.

Bo

 

I've been getting 2101's often with IE on Win 10 x64 latest CU. Like this:

SBIE2101 Object name not found: \Device\NamedPipe\nod_scriptmon_pipe, error OpenFile (C0000022) access=0012019F initialized=1

It's weird as it happens when a website "quits responding" but then the website will reload.

It is kind of a shrug because I don't use IE that often, only with websites that require it.

 

Hi Focus, I just realized something. The back and forth posts between bjm and myself was about SBIE message 2102, not 2101. At some point in our conversation we started calling the message as 2101 but in fact, we meant 2102.

Now, about getting 2101. Some W10/8.1 users are getting that message when running IE or Chrome under Sandboxie. There was a fix introduced in beta 5.19.5/stable 5.20 that supposedly solved the message in Chrome. But even after 5.20 got released, users are still getting 2101.

If you are not using 5.20, you should upgrade and see what happens. If you are using 5.20, then I suggest you create a new thread about the issue at the SBIE forum. You are probably going to be ask to run Process monitor and supply a log. Doing it helps you and Sandboxie.

Bo

 

Ooops.... yes 2102, not 2101... my bad. #3733

 

I only recently went back to Firefox and have to relearn a few things. One thing I just noticed that surprised me is that if you click on New Tab you will see a good history of the sites you visited before. Interestingly this includes not just the current browsing session or the time the sandbox remained undeleted but goes further. Since I have set up my sandbox to always delete everything, how come Firefox has stored this?

 

Using 5.20. Went over to the SB forum and saw that the error I am receiving is documented and I have no doubt will be fixed soon. Thanks for the clarification about 2101 and 2102, no 2102's here!

 

You are allowing access to bookmarks in Sandbox settings, Right? Thats the reason you are seeing the sites. Allowing bookmarks to be saved out of the sandbox also allows history out. This is because Firefox saves bookmarks and history in the same file (places.sqlite).

You can get rid of history and still save bookmarks out of the sandbox by setting history to be deleted in Firefox Options>Privacy.

Bo