Sandboxie Plus 0.7

Batch is not really comfortable to perform your request. A more decent coding language like AutoIt could help out - if SB plus accept the commands like the classic version. The classic can send return codes for its current state and based on the return codes a tool can decide where to jump.

 

Okay, why I asked about Classic UI.

Spoiler: RMDIR = default

Okay, I've not always directly configured Sandboxie.ini.
Maybe, I've reproduced your Test 2 - #74.
Cheers

 

I've done some additional testing in a virtual machine with SBIE+ 0.6.7, 0.7.0 and 0.7.1.

The problem with auto-deleting does NOT occur in 0.6.7 and 0.7.0. So 0.7.1 is where the problem started.

To create the problem in 0.7.1:

• Create sandboxes 'a' and 'b' and configure both to auto-delete contents when the sandbox is closed.
• Start sandbox 'a'
• Start sandbox 'b'
• Close sandbox 'b'

The contents of 'b' should now be deleted, but that doesn't happen. But if you then close 'a', the contents for both sandboxes will be deleted immediately.

 

@DavidXanatos
From Task Manager: SandBox Manager CPU usage is fluctuating between 0.6% - 0.9%, it never gets to 0%.
Is this normal?

 

@DavidXanatos

some installation or process can detect they are running in sandbox, Could there be a system to prevent this?

 

Well there are ways to hide it a bit but sbie changes so much that a detection would _always_ be possible.
Hence I opt for not implement any hiding scheme such as to allow people who need to hide it to do so on their on as
I don't engage in arms races with people who want their software to detect being run in a sandbox.

if sandman is minimized it shoudl be around 0 when its open since its cinstantly querying the status and updating the lists it wil not be 0

 

Maybe, I've reproduced with Plus UI 0.7.1
Edge 'a' & Firefox 'b'.

I've not reproduced with Classic UI 5.48.5

 

I still can't run the 64 bit version of the Tor Browser inside of sandboxie plus. I get an error about a DLL that can't start.

The 32 bit version of the Tor Browser works just fine inside of sandboxie.

I use it to prevent my online search activity from being used in targeted advertising.

 

I'm on the same boat.

 

https://github.com/sandboxie-plus/Sandboxie/issues/538

 

I just realized that resetting a Facebook password on Firefox running in Sandboxie-Plus is impossible. I get the code in my email but the site never sends me to the page where I'm supposed to enter it.

Spoiler: sandboxie.ini

Code:

[GlobalSettings]

FileRootPath=E:\Sandbox\%SANDBOX%
SeparateUserFolders=y
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
EditAdminOnly=n
ForceDisableAdminOnly=n
ForgetPassword=y
Template=KeyScrambler
TemplateReject=WindowsRasMan
TemplateReject=WindowsLive
TemplateReject=OfficeLicensing
StartRunAlertDenied=y
NotifyStartRunAccessDenied=y
AlertFolder=R:\
AlertFolder=F:\
AlertFolder=G:\
AlertFolder=H:\
AlertFolder=I:\
AlertFolder=J:\
AlertFolder=K:\
AlertFolder=L:\
AlertFolder=M:\
AlertFolder=N:\
AlertFolder=O:\
AlertFolder=P:\
AlertFolder=Q:\
AlertFolder=S:\
AlertFolder=T:\
AlertFolder=U:\
AlertFolder=V:\
AlertFolder=W:\
AlertFolder=X:\
AlertFolder=Y:\
AlertFolder=Z:\

[UserSettings_08DA01C0]

SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=y
SbieCtrl_HideMessage=1301, runas.exe
SbieCtrl_HideMessage=1307, mpc-hc64.exe [DefaultBox]
SbieCtrl_HideMessage=2205, ConsoleInit (C00000D4)

[DefaultBox]

Enabled=y
ConfigLevel=8
AutoRecover=n
BlockNetworkFiles=y
BorderColor=#00ffff,off,6
Template=Firefox_Force
Template=Firefox_Session_DirectAccess
Template=Firefox_Profile_DirectAccess
Template=Firefox_Bookmarks_DirectAccess
Template=Firefox_Cookies_DirectAccess
Template=Firefox_Passwords_DirectAccess
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
DropAdminRights=y
PromptForInternetAccess=n
NotifyInternetAccessDenied=y
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
BoxNameTitle=-
BlockNetParam=y
ClosePrintSpooler=y
OpenPrintSpooler=n
AllowSpoolerPrintToFile=n
CopyLimitKb=-1
CopyLimitSilent=n
NeverDelete=n
AutoDelete=y
ForceFolder=D:\User hämtade filer
ForceFolder=D:\User
OpenSmartCard=n
LeaderProcess=crashpad_handler.exe
LeaderProcess=picotorrent.exe
LeaderProcess=mpc-hc64.exe
LeaderProcess=pingsender.exe
LeaderProcess=firefox.exe
HideOtherBoxes=y
ProcessGroup=<StartRunAccess>,runas.exe,PicoTorrent.exe,msedge.exe,chrome.exe
ProcessGroup=<InternetAccess>,pingsender.exe,picotorrent.exe,firefox.exe,default-browser-agent.exe,crashpad_handler.exe
ProcessGroup=<ChromePrograms>,vivaldi.exe,opera.exe,msedge.exe,Maxthon.exe,iron.exe,dragon.exe,chrome.exe,browser.exe,brave.exe
ProcessGroup=<FirefoxPrograms>,waterfox.exe,seamonkey.exe,palemoon.exe,firefox.exe
ClosedIpcPath=<StartRunAccess>,*
ForceProcess=mpc-hc64.exe
OpenFilePath=firefox.exe,E:\
OpenFilePath=picotorrent.exe,C:\Users\%USER%\AppData\Local\PicoTorrent
OpenFilePath=picotorrent.exe,D:\User\Torrents
OpenFilePath=picotorrent.exe,D:\$RECYCLE.BIN\Dragon Ball
OpenFilePath=mpc-hc64.exe,C:\Users\%USER%\AppData\Roaming\MPC-HC
FakeAdminRights=n
AllowRawDiskRead=n
NotifyDirectDiskAccess=n

[UserSettings_0D160225]

SbieCtrl_UserName=User2
SbieCtrl_WindowCoords=432,179,1082,615
SbieCtrl_ActiveView=40021
SbieCtrl_NextUpdateCheck=1615128447
SbieCtrl_HideWindowNotify=n

[UserSettings_0C02020A]

SbieCtrl_AutoStartAgent=SandMan.exe
SbieCtrl_EnableAutoStart=y

 

This build fixes again a few security issues, as well as brings some new functionality and expands on the tracing features.


Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.7.2

ChangeLog
[0.7.2 / 5.49.0] - 2021-03-05
Added

• added option to alter reported Windows version "OverrideOsBuild=7601" for Windows 7 SP1
• the trace log can now be structured like a tree with processes as root items and threads as branches

Changed

• SandboxieCrypto now always migrates the CatRoot2 files in order to prevent locking of real files
• greatly improved trace log performance
• MSI Server can now run with the "FakeAdminRights=y" and "DropAdminRights=y" options
  -- special service allowance for the MSI Server can be disabled with "MsiInstallerExemptions=n"
• changed SCM access check behaviour; non elevated users can now start services with a user token
  -- elevation is now only required to start services with a system token
• reworked the trace log mechanism to be more verbose
• reworked RPC mechanism to be more flexible

Fixed

• fixed issues with some installers introduced in 5.48.0
• fixed "add user to sandbox" in the Plus UI
• FIXED SECURITY ISSUE: the HostInjectDll mechanism allowed for local privilege escalation (thanks hg421)
• Classic UI no longer allows to create a sandbox with an invalid or reserved device name

 

Completely uneventful OTT install

 

All fine for me too with the new build. Thanks, David.

 

@DavidXanatos

I've attached a simple 'sandboxie.ini' file you can use to reproduce an AutoDelete bug in Sandboxie-Plus 0.7.1 & 0.7.2.

The sandboxie.ini file (uploaded as sandboxie.ini.txt) contains two sandboxes:

• Sandbox named 'a' has 'ForceProcess=wordpad.exe' (note: the forced program can be any program; it doesn't have to be 'wordpad.exe')
• Sandbox named 'b' has 'ForceProcess=msinfo32.exe' (note: the forced program can be any program; it doesn't have to be 'msinfo32.exe')
• Both sandboxes have 'AutoDelete=y'

You can use this sandboxie.ini to demonstrate that the following conditions cause an AutoDelete bug in Sandboxie-Plus 0.7.1 and 0.7.2:

• IF: Sandbox 'a' and 'b' both have processes running in them
• AND: You terminate the processes in sandbox 'b'
• THEN: Sandboxie-Plus WILL NOT perform the AutoDelete on the contents of sandbox 'b'
• UNTIL: The processes in sandbox 'a' are terminated, at which time Sandboxie-Plus performs AutoDelete on BOTH sandbox 'a' AND sandbox 'b'

Spoiler: Steps to reproduce the bug

To reproduce the bug, use the attached sandboxie.ini file with either 0.7.1 or 0.7.2 and do the following:

• Launch 'wordpad' and 'msinfo32' (it doesn't matter which you start first)

• Terminate msinfo32 (after ensuring both programs have started)

You will now see:​

• The UI shows no processes running in sandbox 'b', but
• Windows Explorer shows the folder for sandbox 'b' in C:\Sandbox\%USERNAME% HAS NOT been deleted as it should have been

​

• Terminate wordpad

You will now see:​

• The UI shows no processes running in either sandbox 'a' or 'b', and
• Windows Explorer shows the folders for BOTH sandbox 'a' AND sandbox 'b' in C:\Sandbox\%USERNAME% have been deleted

​

Whether the AutoDelete manifests itself depends on (1) sandbox names and (2) the order in which the processes in the sandboxes are terminated. In general, the bug affects autodeleting sandboxes whose names sort after other sandbox names that still have running processes.

Spoiler: Examples where the AutoDelete bug occurs

Examples:

• Autodelete for sandbox 'b' will not happen if sandbox 'a' has running processes (as demonstrated by the attached simple sandboxie.ini)
  
• Autodelete for sandbox 'firefox' will not happen if sandbox 'edge' has running processes
• Autodelete for sandbox 'test' will not happen if sandbox 'financial' has running processes
• Autodelete for sandbox 'outlook' will not happen if sandbox 'locked' has running processes

It's taken a ot of testing and time to pin down the conditions that cause the AutoDelete bug. I've done the above test in 0.6.7, 0.7.0, 0.7.1 and 0.7.2. The problem started with 0.7.1.

I hope this explanation makes sense. Please let me know if you have any questions about what I've tried to document.

 

OMG I don't know what you have touched in this release, but after more than 2 years I CAN LOG IN again into my Uplay/Uconnect account installed inside a sandbox. Thanks!

 

Much much much better job he has done than others to keep sbie alive.
Thanks @DavidXanatos

 

Hi,

In my setup, I am using Kaspersky Security Cloud Family, and there are no conflict with Sandboxie.......
But, be careful with extensions, especially with Microsoft Edge Browser.......
They can cause problems with Sandboxie.......
That if you use Microsoft Edge Browser......
I only use Microsoft very little.....

PS. My main two browsers are Puffin Secure Browser & Opera GX .
Run like a champ......

 

i have found the AutoDelete bug and it will be fixed in the next build

 

Hi. I just built a new PC and I'm trying Sbie Plus. The UI is quite a bit different but I'll figure it out eventually. If you don't mind I need a bit of help please.

I'm new to NVMe drives. When I used a ssd I set up a ram disk for my sandbox. Is that something some of you use or does the wear and tear of writing to and deleting the sandbox on C:/ not a big deal anymore? If you use a ram disk what program do you use? I was using an older free version of RamDisk. If you use ramdisk would you have a link to how to set it up. I can't seem to find my bookmark and I can't remember whether or not it was a wilders' link or the old sandboxie forum link.

How can I allow direct access to noscript for firefox and be restrictive as possible? I always seem to have trouble setting this up.

 

Hi inerpeace. The way I handle NoScript settings in Sandboxie is like this. In my regular Firefox sandbox, I dont allow access to NoScript settings. The reason being that my NoScript settings are pretty much all set. I have no need to constantly be changing anything. I know many of the people who dont use NoScript think that we have to constantly be fiddling with settings but that is just not true. NoScript can be pretty much set and forget once is set up correctly and understood how it works.

But for the times when I feel is worth it to add some domains to my black list or white list, or make some changes or test something, then I open Firefox in a sandbox where I allow access to NoScript settings. For sandboxed Firefox to have access to NoScript settings, this are the 3 files I allow it access to, they are located inside your Firefox profile folder:

OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\rqyv.default-release\storage-sync-v2.sqlite
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\jrqyv.default-release\storage-sync-v2.sqlite-shm
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\rqyv.default-release\storage-sync-v2.sqlite-wal

Regarding Ram disk, I never used it so I cant help with that. Perhaps someone else can, I think Elwe Singoll used to use it or still use it with SBIE. Perhaps he can help when he comes around.

Bo

 

Here is a link for several ramdisks and basic guides for each:
https://www.ghacks.net/2017/04/03/the-best-free-ramdisk-programs-for-windows/

On WinXP, I use David's sandboxie 5.40 (portable) and Gavotte ramdisk (set up many moons ago).
On Win7 and Win10 (with sbie v5.33.6), I began using softperfect (free version) about a year ago.

 

@DavidXanatos Thank you for your excellent work in enhancing the security and usability of Sandboxie.

I can only imagine the amount of time you have spent and continue to spend to continue making improvements. I just tried to make a donation to help support your work, but Cloudflare returned a 522 timeout error when I tried to connect to "https://xanasoft.com/go.php?to=donate". Then I saw your server was impacted by a fire next door - what bad luck! I hope you'll be able to get it back online without too much effort.

 

Thanks for your help bo. I this the actual location of those files? I get confused when choosing which windows user and appdata file to use. I run in a standard user account named Animal. I add the files right after my sandbox name (Surfbox) in the .ini correct?

https://i.postimg.cc/fRZzHd3L/Sandboxie-Noscript.jpg