Sandboxie Plus 0.7

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Feb 15, 2021.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    Template=OpenSmartCard
    Sandboxie since sophos times allowed access to smartcard devices,
    with one of my builds i added a setting for that to disable it.
    When I reworked the RPC system to be template based the setting was removed (so OpenSmartCard is deprecated and has no function) and a template added instead.
    The classical version to maintain legacy behavior adds this template by default.

    Template=OpenBluetooth
    Allows sandboxed programs to enumerate Bluetooth devices like game controllers, since there are no general negative security implications and a lot of people use sbie with unity games it was expedient to add this template by default to.

    ConfigLevel
    Is used to to update box settings
    when it sees 8 and 9 is current it will add the preset changes form 8 to 9,
    when it sees 7 and 9 is current it will add the preset changes form 7 to 8 and from 8 to 9,
    etc.



    About the URL in the title bar, question to other users should i really remove that from there?
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,797
    Location:
    UK
    It doesn't bother me at all that it is there.
    If it helps pay for the free Sandboxie software you are providing updates and fixes for just keep it.
     
  3. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    for that i would need to install some advertisement on my page :D
    its more about brand recognition
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,797
    Location:
    UK
    Fine by me.
     
  5. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Thanks David for the quick reply!

    Can you tell me if any of these Global's are deprecated? Should any be removed or changed? (some are quite old)

    [GlobalSettings]

    Template=7zipShellEx
    Template=Microsoft_Security_Essentials
    Template=OfficeLicensing
    Template=RTSS
    Template=RpcPortBindings
    Template=SystemAudioStream
    Template=WindowsLive
    Template=WindowsRasMan
    ActivationPrompt=y
    FileRootPath=\%SANDBOX%


    In changelog for 0.7.3 / 5.49.5]- 2021-03-27 you have this;

    Changed
    - reworked window hooking mechanism to improve performance
    -- resolves issues with file save dialogues taking 30+ seconds to open
    -- this fix greatly improves the win32 GUI performance of sandboxed processes
    - reworked RPC resolver to be ini-configurable
    -- the following options are now deprecated:
    --- "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y"
    --- "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n", so use the new RPC templates instead
    -- See Templates.ini for usage examples

    "RpcPortBinding=some.dll, is missing an "s" at the end like what's shown in the Global's, is something amiss here or are these two different things? Or maybe just a typo?

    The URL in the title bars is not about "not wanting to help you" or anything like that, and people should absolutely get your downloads and info from Official places, like GitHub and your site, but to me that URL "cheapens" the software that is Sandboxie, seems spam-ish, or like an ads in place that shouldn't be. Keep it professional looking IMO, clean titles, but you could and probably should add a "Plus" to the name, so in my two example pictures have it say "Sandboxie Plus Control" instead of just "Sandboxie Control", no complaints from me if you did that.
     
  6. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    454
    Location:
    .
    Just saw this that it's about "brand recognition", definitely add the "Plus" part then, have the name carry it, Google, Bing, DuckDuckGo, etc. search results should take care of this no?
     
  7. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    Well Plus is the release with the Sandman UI, so with your suggestion it would be "Sandboxie Plus" and "Sandboxie Plus Classic" instead, not sure if that is not confusing LOL

    As far as I see you don't have deprecated templates in that list

    RpcPortBindings is a template with a couple of bindings that's why the plural

    RpcPortBinding=some.dll,... is one single binding
     
  8. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    235
    Location:
    Vienna, Austria
    Hello @DavidXanatos,
    no hurry here but can you already give some realistic estimate until when Chrome and Opera will launch sandboxed again? (I know, on some systems they still do right now, no idea as to why they won't on others)

    As I have reported earlier on some systems (mine included) they still refuse to launch under Sbie_v.0.7.5 with numerous error-messages "Werfault.exe (xxxxxxxx=various different numbers), object not found".

    This incompatibility has shown not to be Sbie's fault but rather has been introduced by Chrome "upgrading" to Chromium-engine >=v.90. - But still, Chrome is an important browser and it would be nice if Sbie could handle it again on all systems in the future.

    For now I'll stay put with Opera v.75 which still uses Chromium v.89 and therefore continues to work flawlessly with Sbie.

    And once again many thanks for your effort fixing things you didn't cause yourself - it is highly appreciated.
     
    Last edited: Jun 7, 2021
  9. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    Untill I can reproduce this issues locally I cant fix them.
    If it is super urgent you could give me full remote access to one of the affected amchines, we woudl install visual studio nd so on and I could take a look
     
  10. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    235
    Location:
    Vienna, Austria
    As I've already stated it is not that super-urgent and unfortunately there are sensitive scientific data on these machines, too. So contract-clauses prohibit me to share these systems with outsiders.
    But if there are any specific tests or logs that would help you identifying the problem please let me know and I am willing to send you the results/logs as desired.

    Do those "Werfault.exe (xxxxxxxx)"-numbers/"object not found" error-messages bear any significance? If so are they accumulated in some log-file? Or can Sandboxie be run in some verbose/debug-mode that would explicitly specify which operation caused it to hang?
     
  11. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    240
    Location:
    uk
    David, is fixing MS Office/365 on your horizon?
     
  12. settttttt

    settttttt Registered Member

    Joined:
    Jan 26, 2021
    Posts:
    8
    Location:
    virginia
    Using 5.49.8 with Edge, I was not able to type in Facebook chat box once the focus was taken off of that box. No issues with 5.49.7
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    was that a one off thing or reproducible?
    does anyone else has this issue?
     
  14. settttttt

    settttttt Registered Member

    Joined:
    Jan 26, 2021
    Posts:
    8
    Location:
    virginia
    Emptied the box a couple times with the same result and went back to 5.49.7, hardware acceleration was off.
     
  15. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,171
    Location:
    .
    as test ~ minimized chat window and switched between my open tabs a few times > returned to facebook page > opened chat box n' resumed typing okay.
    png_10811.png
    0.7.5 / 5.49.8
     
    Last edited: Jun 8, 2021
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    well if you seam to have consistently problems with hw acceleration on than try turning it off
     
  17. bluemine99

    bluemine99 Registered Member

    Joined:
    Jun 8, 2021
    Posts:
    1
    Location:
    US
    @DavidXanatos - I'm having same problem as @algol1 regarding werfault issues on chromium 90+ based browsers. I have a machine that I can give you access to in order to fix. It's 11th gen Intel running 91.04472.77 Chrome on latest Sanboxie build with updated dll. Thanks again for all your time and effort to get us all running smoothly!

    @DavidXanatos - sorry, I spoke too soon. Apparently, I also have restrictions re: sharing due to some projects I'm working on. However, happy to assist in any other way that I can. Let me know...
     
  18. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    235
    Location:
    Vienna, Austria
    Hard to imagine that THAT would make the difference - but all those machines showing the issue of no longer launching browsers with Chromium >=v.90 here, with error-messages

    WerFault.exe (16932 etc.): SBIE2101 Object name not found: Unnamed object, error OpenProcess (C0000022) access=001FFFFF initialized=1

    are all "11th gen Intel", too. Mostly Lenovo Yoga laptops, all on Win10pro 21H1.
     
  19. superkryo

    superkryo Registered Member

    Joined:
    Jun 9, 2021
    Posts:
    40
    Location:
    Anywhere
    This might help to narrow down on 11th gen a bit:

    Two machines both with Windows 10 x64 21H1: one with AMD 3950X can run x64 Chrome/Vivaldi/Brave 90+ without problem in own sandbox on 5.49.8; the other with 11th gen i7 1165G7 throws WerFault.exe on all chrome 90+ based browsers with the exception of Edge 90. Edge Canary 91 doesn't work sandboxed. Also note all x86 variants work fine.
     
  20. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    235
    Location:
    Vienna, Austria
    Sounds strange indeed, the "11th-gen-theory", but who knows. I forgot to add to my info given that everything here runs 64bit, from OS21H1 to browsers Opera and Chrome and of course also Sbie-plus.
     
  21. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,388
    Location:
    Viena
    can you try starting he browsers with --disable-gpu to see if thy then work fine
     
  22. ft11

    ft11 Registered Member

    Joined:
    Jun 9, 2021
    Posts:
    1
    Location:
    Online
    Found this thread and am having the same issue with Chrome 91 as @algol1. Had also posted on github on this issue (https://github.com/sandboxie-plus/Sandboxie/issues/845). The --disable-gpu didn't work for me, one thing to note is that the machine I am having an issue on is running with an AMD 5900X. My previous machine was working fine with Chrome 90, Windows 10 Pro with latest updates, but on a 2nd generation intel i5 (2500K).

    Setting default browser as Edge (Version 91.0.864.4) allows for the browser to open fine in sandbox. Changing the default browser back to Chrome results in error again.
     
  23. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    235
    Location:
    Vienna, Austria
    --disable-gpu doesn't seem to make any difference with Chrome. Didn't test with Opera so far as I am not sure that Opera would recognize such a switch at all and also I need a working browser and so I prohibited updating to v.76 which won't launch any longer. Opera v.75 on the other hand works well even without that switch.

    Oh, and btw.: edge, albeit v.91, doesn't seem to be affected by the Chromium-launch-problem in its latest/current version, interestingly enough. Still, not my kind of browser.

    Update: Just tested with a clean new and separate install of Opera v.76. Won't launch with and without "--disable-gpu", will launch outside Sandboxie-plus though, as expected.
     
    Last edited: Jun 9, 2021
  24. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    419
    Location:
    VPN city
    What entries do I need to add to the global rules to auto-deny smart-card reading and bluetooth stuff?
     
  25. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    227
    Location:
    New Zealand
    @DavidXanatos I can confirm there is a problem with Sandboxie (any version - tried back as far as 5.45), with the combination of 11th gen CPUs and Chrome, Vivaldi, Brave version 90 onwards. The problem began with updating to version 90, before that all was fine with Sandboxie 5.49.7.

    Sandboxie 5.49.8 has fixed the version Chromium version 90/91 problems on 6 of 7 machines here, but NOT the 11th gen PC. On my 11th gen PC I cannot run >89 Chrome, Vivaldi or Brave under Sandboxie at all (with or without HW acceleration on). I cannot bypass this error message below. Selecting "close" closes the error box but the browser does not go on to open. Waiting changes nothing (have left it 1hr). My machines are configured identically, down to the last software, setting, and update.

    sandboxie fail chrome 91.png

    I came across this article which specifically mentions possible software breakage with running the combination of Chrome v 90 and 11th gen CPUs and AMD Zen 3 CPUs. See: https://security.googleblog.com/2021/05/enabling-hardware-enforced-stack.html I'm wondering if that is the problem.
    To confirm suspicions I jumped on a friend's new ultrabook with the same i7-1165G7 + Iris Xe graphics combination as mine. I installed Sandboxie and it behaves exactly the same way - fine with FF and Edge, same un-bypassable error box with Chrome, Vivaldi and Brave.

    Interestingly, when Edge first moved to v 90 it behaved the same way on the 11th gen machine - same error window. But after a Windows update a few weeks later (I forget which - one of the monthly patches) it fixed Edge + Sandboxie, but made no difference to other Chromium browsers. I suspect, although I'm not sure, that MS implemented a change to Edge due to complaints about broken software with the combination of this "Hardware-enforced Stack Protection" and processors with Control-flow Enforcement Technology (CET) such as Intel 11th Gen or AMD Zen 3 CPUs.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.