Sandboxie-Plus 1.0.20

Curious...
Classic UI -> Forced Programs -> Add Program - has Select or Enter program.
Select opens File Explorer

Plus UI -> Forced Programs -> Force Program - has Enter program.
Plus UI does not have Select to open File Explorer?

Curious...is the absence of Select to open File Explorer by design?

 

Tried this thanks. Not working due to this however.

 

Trooper, try running RDP sandboxed instead of forcing mstc.exe. I don't even know if this would work (I have never used RDP) or can be done but the chances of getting the program to run sandboxed are better than trying to force it. Also, since RDP is part of Windows, it doesn't sound to me like a good idea to force it (doing it could harm your system) even if it could be done.

Bo

 

Hi Bo, I will look into that tomorrow. In years past, that is how I got it to work. But it has literally been years. I imagine anything is possible.

 

With the new Sandboxie isolation features, or perhaps even before, is there any point in using Firefox Containers to isolate groups of tabs from one-another?

 

Yea, sure, sandboxie isolates your OS from Firefox but nothing inside firefox from otehr parts of firefox, that is unless you are running multiple firefoxes in individual boxes.
So if you use a separate box instead of a FF container that perfect, if you want to use only one box for the fire fox you can and should use Firefox Containers for separation.

 

Very clear. Many thanks David.

 

Hi David,

Any idea about my problem?

 

nope its just as it is, wil add a browse option to one of the upcoming builds

 

just use "ForceProcess=mstsc.exe"

 

Where do I enter this?

 

or just add mstsc.exe on the forced programs tab

 

Tried that and I previously did the latter. Does not work and the following error appears.



EDIT: Reported in you GitHub earlier today.
https://github.com/sandboxie-plus/Sandboxie/issues/1839

 

have you tried this on windows 10? is it a windows 11 specific issue because i was testing that earlier on 10 and it worked fine

 

I have not. I am running Windows 11 both at home and work.

 

Hi David. On the surface everything looks good regarding 5.55,20 but I noticed something that can not be right. A few hours ago while watching a baseball game (stream), I noticed that if I watched the game in HQ, the computer CPU usage was high, the usage fluctuated between 30% and 70%. This is on Firefox and it is something I never experienced before. If I switched to watching the game in lower quality, the CPU usage became reasonable. I don't use Edge for watching ball games but tested it, and the result was better than in Firefox.

A little while ago, while doing nothing with the computer, I was in SBIE Control for about 20/30 minutes. I created a new sandbox for Edge, and changed settings and checked settings in the 5 sandboxes that I have working so far. Opened and closed sandboxed Edge perhaps 8 times, and when I finished doing all of this and looked at Task manager, I found this:



I never seen something like this before. As you can see, I am not running anything sandboxed. Is this something you know about?

Regards

Bo

 

There were no reports on high cpu usage on the sbiesvc service, can you check if its the primary instance running in session 0 or onr of the helpers running in the user session?

high CPU usage with firefox may be related to one of the recent security fixes, try version 1.0.18 as it does not yet virtualizes symlink objects,
let me know if that brings the cpu usage back to normal for you when wathcing videos,

the other security fix that may be affecting performance is the memory access isolation that now prevents sandboxed processes form reading the memory of unsandboxed processes (yes the old sandboxie allowed for that, very insecure)
this can be disabled by ReadIpcPath=$:*

 

I just tested ReadIpcPath=$:*, it didn't help any. Perhaps I copy pasted the setting in the wrong place (I tried in global first and User settings afterward).

The High CPU with Sandboxie control is very easy for me to reproduce. You don't have to have SBIE control open for a long time. And it doesnt happen just for opening SBIE Control or navigating Sandboxie control. The high CPU is triggered almost every time you click to Apply and Accept a new setting in a sandbox. Or when you create a new sandbox and click OK. It should be easy to reproduce. Just have Task manager on top, and create a couple of sandboxes and change settings, Click and Apply.

You mentioned trying 1.0.18. I installed 5.55,20. I really don't want to try or test Plus. I can dodge around this issues but this is not normal. In all the years I used the original Sandboxie, not even once I saw Sandboxie service using any cpu (and I mean, it always was in 0). That has always being the normal with SBIE.

Bo

 

1.0.18 -> 5.55.18 For every plus build there is a corresponding classic build with the same core components.

I havn't observed that CPU issue with sandman, will do now some testing with the sbiectrl

 

Hi David. Where is the correct link for installer 5.55.18? The thread for that version here, is that the right link?

Also, is 5.55.18 OK with KB5011831?

I rather install 5.55.18 after you get the results from testing sbiectrl. But if you prefer I ll do the testing now, tell me?

Bo

 

David, I just read the firs post in the 5.55.18 thread. Maybe I am wrong but I think this version is the one in which you introduced what you think might be causing the cpu issue. So, Why try it?

Bo

 

How do you feel about adding Select File to Start Restrictions and Internet Restrictions.
Maybe, most Plus users don't miss Select File for Forced Programs, Start Restrictions and Internet Restrictions. IDK
Maybe, I'm thinking Select File because of my years with Classic.

 

To anyone who wants to download Sandboxie, there's a dedicated GitHub page to all past current and future releases. No need to ask and ask and re-ask ad infinitum for download links.
https://github.com/sandboxie-plus/Sandboxie/releases

You just need to scroll down for past releases, on top, up up above, the first one is the latest version available.

All flavor there....

Geez

 

No why? The change in question is

• fixed allowing NtCreateSymbolicLinkObject to be safely used in the sandbox

and that's in 1.0.19,
let me elaborate on the issue a bit more:
You see NtCreateSymbolicLinkObject can be used to redirect the entire C drive (or any other DosDevice for that mater) to an arbitrary location, for example a path inside the sandbox, over which you have full control, not good.

With build 1.0.15 this syscall was blocked entirely, which for most applications was just fine as most don't create any symlink objects, but some like minGW do and fail if they can't so with build 1.0.19 NtCreateSymbolicLinkObject got the same name space virtualization treatment other IPC objects have which meant that also NtOpenSymbolicLinkObject needed to be changed accordingly, and this is what caused the netflix playback not to work in firefox, hence with build 1.0.20 I added the ability specify sym link locations with ReadIpcPath to be used without name virtualization and added the required exception for pipe objects.
Now probably there is an additional exception needed for some aspect of video acceleration which is yet missing.

Hence test 5.55.18: https://github.com/sandboxie-plus/Sandboxie/releases/tag/1.0.18