Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.
So it seems, what do you think?
I don't know, someone should contact Curt from Invincea and copy the Metaouph's post and my question on Sandboxie forums to ask this-if anyone is interested, go ahead, right now I don't have time, or otherwise I would be the one to ask Curt about this problem-so what do you think?
And can you find some time to ask Curt about this security/protection problem/issue?
Yes, my thoughts exactly. I'm not sure if old (SBIE <4.0) versions would work flawlessly on Win7 and up-to-date web browsers etc.
And my reply:
please whine on SBIE forums http://forums.sandboxie.com/phpBB3/viewtopic.php?p=113828#p113828
I just did....
I just posted as well, his response was less than satisfactory for me...I would have been fine if AllowSpoolerPrintToFile=n prevented it but from the lack of a direct answer to my query and from the wording of his response to you that doesn't seem to be the case. Let's hope they listen and make it configurable again - I don't care if it's in the gui, but they only hurt themselves if they don't make it available in the gui....eg more support tickets.....which apparently prompted this latest silly move. =( I didn't complain before because I figured it would block it, good thing you brought it up or I would have let it slide by without ever questioning if it did.
My opinion about this printing thing. As most of you guys probably remember, not long ago there was a vulnerability (when printing using a sandboxed application) found and reported by a SBIE user. Many users complained about it and were constantly asking when was the hole going to get closed. After the hole was closed in a newer version of SBIE, some users had problems printing. To solve this new problem, Invincea made this latest change.
I would a rather nothing regarding printing was ever changed, even after the vulnerability was reported. Myself, I never have had a problem printing sandboxed as things are now or how they were in the past. I prefer not to pressure Invincea in the way they balance usability and security. I trust they know what they doing and dont believe they would open a hole that can easily be abused by malware.
@meatoup/Dun. In Curts reply to your post, he said "If there are a lot of users that have an issue here, I can reconsider this change". Think well what you ask cause this is definitively a "You cant eat the cake and save it too" kind of situation.
If you ask me what I ll prefer. I rather go back to how printing was ....a year ago. But cant have it both ways, cant close the vulnerability and things work as they did a year ago. A choice has to be made.
IMHO,no printing tasks should automaticly be allowed from within the sandbox......it defeats the whole purpose of a safe enviroment...
bo@: It is up to them. As previously said I can accept it if they want to allow something to avoid printing issues, even as default. Just give me an option to disable it in SBIE settings
I am using stable 5.04. I can't open firefox or chrome sandboxed. I keep getting these messages:
SBIE2205 Service not implemented: Win32Init.6 (000000AA)
For chrome (64 bit):
SBIE2101 Object name not found: , error OpenProcess (C0000022)
SBIE2314 Canceling process chrome.exe [1012/9]
OS is windows 8.1 pro 64bit with media center and Kaspersky Internet Security 2016.
That's a Kaspersky issue....try to solve it by excluding SandBoxie's folders and .exe's from Kaspersky's scanning paths.
Same over here.
I didn't even know about this setting, to be honest I don't understand what this feature is about. It did solve the problem, but for some reason XnView still doesn't run really smoothly, when switching to the thumbnail browser.
Another question, have you guys managed to run gaming platforms like Steam and Origin inside the sandbox?
Invincea plainly states Kaspersky and SBIE are not compatible. You have to chose.
I have with Steam, but it's not worth the effort, as steam always updates. I protect it with Appguard, and ShadowDefender
I am not familiar with XnView but basically what the setting does is eliminate the message. And, after ticking the setting, you should still be able to use the program as you normally do when you run it in the sandbox, except when message 2102 would have been triggered.
If you are getting 2102 when you run some very large pictures then for those pictures, you still be able to run then sandboxed but you wont be able to make changes (like rotate to the right) to them within the sandbox.
The reason for the size limit of files that can be copied to the sandbox, I understand is time. Before you can make changes within the sandbox to sandboxed files, SBIE has to copy the file into the sandbox. So, very large files would take a long time to be copied. If you don't increase the size. Sandboxie only reads the real file and don't copy it into the sandbox, that allows you to run the file sandboxed but you can not make changes to it within the sandbox.
Question re Internet Access.
Seems like with every program download I get the following message.
SBIE1307 Program cannot access the Internet due to restrictions - dllhost.exe [Firefox]
SBIE2221 To add the program to Internet Access Restrictions, please double-click on this message line
I don't mind the message. I've come to expect it as part of any download. I'm aware I can add dllhost to Internet Access. Only Internet Access in this box is Firefox.
I am curious though... what do programs do at download that they want net access. I simply click close the message without any ding to the program. Curious, are programs just trying to call home. "Hey, I've arrived okay" or what...?
Google tells me >
The dllhost.exe process goes by the name COM Surrogate and the only time you're likely even to notice its existence is when it crashes and you get the message COM Surrogate has stopped working. The COM Surrogate is a fancy name for Sacrificial process for a COM object that is run outside of the process that requested it.
Um, so something wants to run and was denied by lack of Net Access.
Any idea what wants to run at every download...?
bjm, dllhost tries to run in my computers when, for example, I want to upload a file at Virus total or upload a picture to Tiny pic. In that type of situation, in a highly restricted sandbox, I get the SBIE message saying that dllhost is attempting to run. Regardless, whether I allow dllhost to run or not, I can always finish what I am doing.
I don't remember ever seeing dllhost trying to run when I download something or ever having to allow it to connect to the internet either. My systems are W7 and XP, perhaps in W8.1, things don't work the same. If I was you, I would either hide the messages or for convenience, allow dllhost to run. But I don't think is necessary for anything important for you to allow that process to have access to the internet.
Hmm, uploads to VirusTotal are quiet. Of course my sandbox is probably not as restrictive as yours.
Yeah, doesn't seem to be anything important. Just curiously consistent.
bjm, I figured out why dllhost attempts to run when you download. I tested what I am going to tell you in Firefox, my everyday browser. My thinking is that you have your browser set to Ask you where you want downloads to be saved. If I set Firefox that way, as soon as I move around using File explorer for navigating to where I want the download to be saved, I get the dllhost message.
So, if you set downloads to be saved to an specific location (thats what I do and the reason I dont get the message when I download something), it is likely you wont see the SBIE message about dllhost anymore.
To reproduce, create a new sandbox, only allow Firefox to run and connect. You ll probably get the dllhost message as you upload a file.
BINGO! Yes, set to Ask. So, curiously consistent is not so curious.
BINGO2! ... Yes, I have dllhost with Start/Run in my Firefox sandbox.
So, only allow Firefox to run and connect as test.
Opening File explorer in the sandbox and navigating with it is what triggers dllhosts to run and the SBIE message.
Separate names with a comma.