Discussion in 'sandboxing & virtualization' started by Dark Shadow, Oct 26, 2011.
Thanks dave. i'll give it a try.
Yes, there are issues with running IE9 as a "forced" program. However, Chrome runs ok for me when forced. Additional testing showed that Chrome will only run as forced if AppGuard is off or in install mode. There are no error messages like with IE9, the browser opens but is unable to load a web page. If I have time, I'll try to figure it out. I'm running Win7 x64 as well.
Tzuk's advice on the 64 bit issue. http://www.sandboxie.com/phpbb/viewtopic.php?t=11781
Basically it is to do with how SandboxieRpcSs.exe is invoked for forced apps. You have to change privacy to 'no' in the Guarded Apps list and use 'High' Protection Level. It does not work on Locked Down for me.
Fixed in 3.3.2 beta if sandboxiercpss.exe,sandboxiedcomlaunch.exe, sandboxiecrypto.exe added to power apps
I'm getting these 2 "errors" now.What am I doing wrong ?
Have a look :
Thanks in advance.
Add to PowerApps:
That did the trick for error like in snap17l but I still get those like in snap16c
Where are we at with Sandboxie & Appguard?
From install no tweaking its not friendly with SBiE 3.74 on XP. Are they ok together for Win7x64?
Late edit: Much thanks to Arsenaloyal for clearing the matter up for me.
oh-oh. Need more help people.
TASK: download a series of anything e.g. photos or music.
click on download in webpage > save as > select destination e.g. my pictures > I want to create a new folder here to put photos in > appguard i think is not in favor of such a reckless action. What intruction does Appguard need to be told?
AaLF, can I point out that this section is about sandboxing and virtualization, and this thread could be located here as it is concerned with Sandboxie.
For AppGuard specific issues, as the one you are now writing about, I would go to its specific thread in another section of the forum.
thanks and good luck with your problem!
Well I'm not budging. I'm just not. And its almost a virtualization question. I'm 'virtually insane' with these clashes between these two gizmos.
Providing the destination download folder is in user space, and has not been configured as a private folder within AppGuard, AppGuard should not interfere with writing to the download folder. If the browser is sandboxed then - unless the download folder has been configured for direct access within Sandboxie - downloaded webpage files will remain inside the sandbox until manually recovered from the sandbox.
Hey Pegr. I'm back again to try AG. This is the story;
select from webpage a photo > save image as > select My Pics (as destination> create new folder > new folder doesn't appear > download to My pics is ok.
OK so the jpeg can download ok to an existing folder. Now when I download same jpeg or another I can see all the 'new folders' that were created thru the "save as" window.
So they are stuck in the sandbox unaccessible. this is happening when AG is installed. not SB alone.
MyDocs & sub folders are included in 'user space'.
ATTENTION MEMBERS WHO HAVE THIS COMBO - Sandboxie & AppGuard.
Please perform a quick test for me & let me know if the following is my problem or to do with Sandboxie & Appguard universally.
Download anything e.g. the wilders logo at top of page or even my avatar -
When the "save as" dialog box appears > create a sub-folder to save file into
#2 is my problem. I am unable to create a new folder in which to save a download. They must pre-exist.
N.B. I can see the newly created folders inside sandboxie but they never come out.
Plz do me a favor & try your sbxie & appguard. Its less than a minute to do it. Just download anything & create a new destination folder for it before you press 'save'.
That's right. You need to have the folder created before you sanbox your browser. You are creating the new folder in the sandbox, and that's why it won't work. I save everything to the Desktop, so that is where it is when I close sandboxie. THis way Appguard also protects it. Then I move it where I want it.
Thanks Pete. I'm really starting to like this program very muchly.
I can create folders outwith the sandbox using programs running in it as long as I give Direct Access to the directory in which it the new folder will reside, with or without AppGuard, on Win7 x64.
Are you giving Direct Access from Sandboxie to My Pics folder?
Maybe Not. I assumed nominating My Documents included sub folders like My Pictures My Music, My vids etc. I'll add it now.
EDIT: No. Even going down to next level > My Pictures - unable to create a new sub-folder 'on the go'.
On investigation I think its me who is at fault here. Not the programs. Thanks for your patience guys.
Whilst it is possible to create folders on the fly within My Documents by configuring the My Documents folder as Direct Access within Sandboxie, I wouldn't advise that for security reasons. For normal web surfing, the browser has no business trying to read from My Documents, let alone be able to write straight through the sandbox to it and modify the contents.
Consider going in the other direction and either make My Documents a Private Folder within AppGuard or, alternatively, set it as Blocked Access within Sandboxie. Then either create a permanent downloads folder, outside of My Documents, or download files directly to the Desktop. This will enable you to manually move the downloaded files after they have been recovered from the sandbox to wherever you choose, as suggested by Peter2150 in post #41 above.
Don't disagree, its what I do myself, but there are those who don't understand Sandboxie very well and who just want to be able to upload/download photos & docs the way they would without SBIE or AppGuard installed.
In those circumstances you can sandbox the download folder and as it is in user space AppGuard will prevent unauthorised execution to give an extra degree of comfort.
My point was simply if you want to run that way or even if you have designated download folder as you suggest you should be able to create folders on the fly. At least it works for me.
Yes, I did understand the point you were making. I realised that you were simply explaining to AaLF how, for educational purposes, a folder can be opened up for direct access to allow sub-folders to be created on-the-fly from inside the sandbox.
If AaLF does decide to open up a download folder for direct access, it might be a good idea for him/her to also set it as a forced folder within Sandboxie. That way, in addition to AppGuard user space protection, Sandboxie will force any program launches from the folder to run sandboxed by default.
If using a RAM disk to hold the sandbox container folder - as I believe you and I both do - an advantage of giving a download folder direct access is that the size of the RAM disk can be kept to the minimum necessary to operate the browser sandboxed, whilst not limiting the size of the files that can be downloaded.
Indeed, I've found it a good way of working providing the download folder is restricted/sandboxed. AppGuard or SRP default deny have carried out the restriction part well for me. Why AppGuard & SBIE are such a good combo.
Gentlemen, I have just entered the 21st by updating to Win7x64. Turned out this old PC is Win7 compliant. I am a Sandboxie user & thanks to your enthusiasm I am adopting AppGuard.
Any chance one of you could post a short housekeeping list of tweaks to fine tune SB & AG settings so that I'll have a good config please?
You shouldn't need to change your existing Sandboxie configuration but you may need to do a little AppGuard configuration to get Sandboxie to work properly. Before starting to configure AppGuard though, I suggest reading the help file first to get a good understanding of how AppGuard works and how to approach configuring it. The following may also help: -
Re: AppGuard - New Getting Started Tutorial wanted
You need to ensure that the Sandboxie container folder can be written to by guarded applications, which either means making it an exception folder if it is located in its default location in system space; or, alternatively, relocating it to an additional partition if you have one where it will automatically be part of user space. There is a reference to this in paragraph 2.8 of the little getting started guide (see above).
Depending on the AppGuard alerts that you see, this may be all you need to do. Keep an eye on the AppGuard events panel in the GUI. If you see any blocking events for any of the Sandboxie executables, you can make an exception for the Sandboxie executable involved. This will either be a MemoryGuard exception or will involve making the executable a Power Application, depending on the type of blocked event you are seeing. Don't make exceptions for Sandboxie executables automatically though; only if you are seeing blocking events involving Sandboxie executables.
As both Sandboxie and AppGuard have policy restriction features, you will need to decide which to use. I would suggest mainly relying on AppGuard for policy restriction as this is AppGuard's main function. AppGuard policy restriction is system-wide and doesn't depend on sandboxing; it applies to both sandboxed and unsandboxed processes.
Separate names with a comma.