Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    Hi Bell, you are not doing anything wrong. Regarding IE download history, what you see is what I see (DL a file, you get out, delete contents and when you reopen IE, the file still shows up in DL history). The best explanation for that that I can think of is that sandboxed IE has to have read/write access to the file where IE saves history of files that are downloaded. Otherwise, downloading while running IE sandboxed wouldn't work. This access is allowed by default, regardless of how we set IE in Sandbox settings.

    You could set IE to delete history in IE settings. That should keep your IE download list clean. Myself, soon after getting W10, I discovered that setting IE (and Edge) history to be deleted on closing (also, deleting it via CCleaner) sometimes generates Search errors and Audit Errors in Windows Events logs, so, I don't delete IE history. I leave IE/Edge history alone. I don't use IE other than to make sure the browser works after doing Windows updates.So, it doesn't bother me treating IE history like that. I rather treat it this way than getting the Events log errors.

    Regarding cookies. I never ever seen a cookie survive closing the sandbox and deleting contents. My suggestion for that is to make a new test. Start over and you ll see that CCleaner only picks them up when you actually run the browsers out of the sandbox.

    Bo
     
  2. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    Hi Bo,

    OK, so download info/history is saved outside of SBIE when using IE. I am fine with that as I only use IE when something doesn't work in FF and am trying to troubleshoot.

    But the cookies are the obvious problem. They survived terminating IE and deleting the sandbox contents, every time I tested it. In my deafult sandbox and in the new sandbox.

    Then, I tried on another computer of mine, with Windows 10 Pro x64 v1903, Sandboxie v5.31.4 - freeware and ESET paid AV (on the first computer I tested I have Windows Defender AV instead).

    The result is the same, cookies survive. This is only happening with IE, not FF. So, I have tried it on two different PCs, many times, and the problem persists.

    I will create a virtual machine, install only Windows 10 v1903 and Sandboxie v5.31.6 and test this leaking behavior there.
     
  3. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    Reporting back. I created a virtual machine using latest VMWare Player v15.5, installed Windows 10 Pro 32-bit v1903 (ISO downloaded directly from Microsoft) in it and then installed latest Sandboxie v5.31.6 and latest CCleaner portable.

    I tried a couple of tests and IE+SBIE combination leaks cookies, every time. I then removed the cookies with CCleaner, rechecked that they are really gone and repeated the test. SBIE sandbox set as it should be, auto-delete and drop rights, forced IE with no exceptions. Still, cookies leak - they are visible in the CCleaner after termination and deletion of the sandbox, again, every time. :(
     
  4. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    810
    @Bellzemos

    Couldn’t it be pre-loaded cookies (both from IE and Edge) during Windows 10-boot? Ccleaner portable shows without ever using Sandboxie that both IE and Edge have cookies after boot.
     
  5. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    No. I've cleaned those before the first test. I've double checked everything. Tried many times with cleaning every time in between.

    If anyone wants to try, install a fresh Windows 10 v1903 and latest Sandboxie, then clean all the cookies with CCleaner, then do the test with sandboxed IE, terminate, delete contents and re-check for cookies with CCleaner.
     
  6. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    810
    And you did not allow direct access to Internet Explorer cookies (as an exclusion)?

    See: https://www.sandboxie.com/ApplicationsSettings#web
     
  7. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    No, I did not allow IE cookies. As I stated in my previous posts, no exceptions / direct access to cookies or anything else.
     
  8. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    I did some further testing....

    I took out my old PC and updated SBIE to latest version - it's Windows 7 Ultimate SP1 x64, IE v11.0.9600.18837, SBIE v5.31.6, Avast AV, CCleaner v5.63 portable. CCleaner finds no cookies after I terminate sandbox with IE running in it. So here it works as it should (so with Windows 7 and a bit older version of IE 11).

    Then I tested again on my new PC - Windows 10 Pro v1903 x64, IE v11.356.18362.0, SBIE v5.31.6, Windows Defender AV, CCleaner v5.63 portable. And again, CCleaner finds browsing related cookies after I terminate sandbox with IE running in it - so it's "leaking".

    The same "leaking" occurs also in a virtual machine with Windows 10 Pro v1903 x86 and the latest SBIE.

    And it also "leaks" in another PC that I tested it with, which has a different AV (ESET) but the same Windows 10 version and SBIE version.

    This is really weird. Could it be something about this version of Windows 10 or/and version of IE? That should not be so, right?

    I googled but got no definite answer as to where are the darned IE cookies stored in Windows 10? I'm trying to see those files for myself on the disk, after terminating/deleting sandbox, but can't find them.

    Please help. Can anyone replicate this problem? Would you like me to make a recording of my screen as this happens?
     
  9. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    424
    I haven't tested it but I suspect this is due to "enhanced protected mode" being set in your Win10 IE which allows it to run under AppContainer and Sandboxie does not support running AppContainers or AppX packages in general.
     
  10. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    Where can I un-set the "enhanced protected mode" in my Win10 IE? And where are the darn IE cookies stored in Windows 10? I want to see them residing on my disk after termination, it they are really there. They have to be, otherwise I don't know where CCleaner reads them off. I hope we can come to the bottom of this... And thank you.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
    The "Restore advanced settings" button will reset the settings above it to the default value when IE was first initiated. The "Reset" button will reset all IE settings including: toolbars, add-ons, browser settings, privacy, settings, security settings, tabbed browsing settings, advanced options, and pop-up settings.
    png_2228.png
     
    Last edited: Nov 5, 2019
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    To see cookies, you have to unhide them. They are hidden protected files. So, untick the option to hide protected system files (in File Explorer) and they will show up. The path to IE cookies: C:\Users\User\AppData\Local\Microsoft\Windows

    For me, the IE cookie folder always looks like below.

    Sin título.jpg
    Bo
     
  13. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    Hi,

    I did that, I restored the advanced settings and resetted all the IE settings. Was asked to reboot, rebooted. I've also found some new things regardins cookies...

    First, something about IE itself. I have everything (except the home page) set as defaults anyway as I don't normally use IE.

    Funny thing I noticed, when I run IE sandboxed, the the tick for Enable Protection Mode under Security tab disappears. If I run in outside of the sandbox, the tick is there.

    Enable Enhanced Protected Mode is always disabled, so that doesn't apply.

    https://i.imgur.com/HW3cZWe.png

    Regarding those darn cookies...

    CCleaner shows them, but I don't know where it reads them. But it has to be from somewhere.

    When I terminate and delete the sandbox, CCleaner shows cookies of the sites I visited, which it should not.

    Then I go to Custom Clean and Analyze. But it doesn't find cookies - it finds Temporary Internet Files (from IE).

    If I right clock on that entry and select View all files, I see 2 files:

    C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\LOT4AQGH\auto[2].txt
    and
    C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\LOT4AQGH\status[1].htm

    or something along those lines, both are only 1 KB in size (says CCleaner).

    I went and opened them in the Notepad, but there's nothing in them really, just a couple of letters/numbers/signs. No cookie entries.

    So, where does CCleaner read those darn Cookies after I terminate and delete the sandbox, I still don't know.

    But it's those exact cookies of those exact sites I visit in that exact sandboxed session.

    Sigh...
     
  14. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    PS: Hi Bo, I saw your post after I posted mine. I have the view of protected and hidden files set to enabled, from the get go, after I installed Windows.
     
  15. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    247
    Location:
    Mexico City
    Hello,

    Can someone please explain me, why Sandboxie 5.31.6 is trying to communicate with www.sandboxie.com?
    Now that Sandboxie is a free tool, with plans to transition it to an open source tool.and my lifetime license that I bought is not necessary anymore

    Should I deny via firewall this communication?
    Thanks
    Came

    Sandboxie Rule.jpg
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    Thats normal, expected. Sandboxie disables PM, otherwise IE wouldn't work sandboxed.

    Bellzemos, do this, give us a few links to sites you visit, that after deleting contents of the sandbox, CCleaner picks their cookies.

    Bo
     
  17. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    104
    The CCleaner site, Avast site etc. All sites basically, all the cookies remain.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    Hi Camelia, I am not into firewalls but I think it makes sense that the SBIE installer does try to communicate with the server when you update, run the installer. Perhaps it registers the license (free).

    Bo
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    Bell, when I open CCleaner, it doesn't find any cookies in Options>Cookies>Cookies on computer

    None whatsoever.

    When I run the cleaner, if it flags anything regarding cookies for IE, is only the file shown in the picture I posted with the label/Name "Deprecated".

    Bo
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
    I have no boxes checked for Delete Browsing History.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
    IDK = IE not sandbox'd
    Internet Options Reset + machine Restart + opened home page msn.com and opened avast.com + no boxes checked for Delete Browsing History.
    IDK = haven't touched Internet Explorer, long time.
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,435
    Location:
    Nicaragua
    bjm, this is what shows up for me in the DomStore folder. A file from the day I got my W10 in 2017.

    Sin título.jpg

    Bo
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
    I re-ran Sandboxie Installer and Norton Firewall created rule.
    png_2235.png
    If you want... reset your Firewall and see if you're asked again.
    I don't care if Sandboxie calls home.
    You may care.
    Code:
    [UserSettings_04D4013A]
    
    SbieCtrl_UserName=bjm
    SbieCtrl_NextUpdateCheck=-1
    SbieCtrl_UpdateCheckNotify=y
     
    Last edited: Nov 5, 2019
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,360
    Location:
    .
    IE not sandbox'd. No idea re what shows for me.
    I started over: msn.com - google.com - avast.com - yahoo.com
    Analysis Complete - (0.540 secs)
    ------------------------------------------------------------------------------------------
    0.26 MB to be removed. (Approximate size)
    ------------------------------------------------------------------------------------------

    Details of files to be deleted (Note: No files have been deleted yet)
    ------------------------------------------------------------------------------------------
    Internet Explorer - Cookies 264 KB 11 files
    ------------------------------------------------------------------------------------------
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3T4CJWQ7\ads.pubmatic[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3T4CJWQ7\contextual.media[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PVS8PXM\opus.analytics.yahoo[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PVS8PXM\vars.hotjar[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PVS8PXM\widgets.outbrain[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IIK81019\cdn.flashtalking[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IIK81019\s.yimg[1].xml 2 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IIK81019\tag.idsync.analytics.yahoo[1].xml 1 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VJUWJYCH\us.yahoo[1].xml 257 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VJUWJYCH\www.msn[1].xml 2 KB
    C:\Users\bjm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VJUWJYCH\www.msn[2].xml 4 KB
    png_2236.png png_2237.png png_2238.png png_2239.png
     
    Last edited: Nov 5, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.