Sandboxie Plus (Sbie fork)

The next build will com with an installer for the plus branch,
actually probably i will even update the current build with an installer to test is slowly.

> I asked Tzuk many years ago, but any chance of allowing recover & explore to be sticky?
what do you mean exactly?

Was a bit busy the last 2 weekends with other stuff hence less progress than usual.. sorry for that.

 

Using Immediate Recovery there are options for "Recover", "Recover & Explore" and "Recover & Run", selected by the control to the side. The default is Recover and whatever else is selected the next time it is used it defaults back to Recover. I have always wanted the recovery mode/choice to be sticky, for me "Recover & Explore", and while I understand there may be a slight increase in risk Sbie users are generally fairly cognisant of dangers.

 

DavidXanatos -- Could this be a problem introduced by your code changes: I just followed the "official" steps to create a sandboxed shortcut to Outlook (outlined for me yesterday by Bo Elam in the other thread). It still doesn't work. After displaying the "Updating Office, please wait a moment..." for a while, it displays an "application unable to start" error.

Nothing like this happens with the original (un-sandboxed) link used to create this shortcut. This also worked fine under Sandboxie 5.33.1. Am I doing something wrong relative to your software, or is this a bug? -- jclarkw

 

@jclarkw I don't think the changes have a large potential of breaking things.
Can you test what is the last sandboxie version outlook worked for you in?
If I know where the issue was introduced I can fix it much easier.

 

David -- Can you please give me some links and other information in preparation for this testing?

1) From where do I download the specific Sandboxie Plus loads (ZIP files) that I should test (subsequent to 5.33.1, my last working version at which I would plan to start over, and which Bo Elam has suggested might no longer work with Outlook because of Office and/or Windows updates)?

2) Where is the active Sandboxie Plus configuration file stored in case I have to over-write that from my backup?

3) What's the simplest way to update Sandboxie from one version to the next, starting from 5.33.1? (If the other ZIPs are like 5.42.1, they expand into version-named folders -- "SbiePlus64-v0.3.5" in the current case. This makes it more difficult to simply over-write the older version with the newer.)

It will take me some time to do this chore, but I'm game given sufficient information. -- jclarkw

 

Comodo firewall set to automatically block all unknown and known malicious things instead of sandboxing them works great with sandboxie plus.

Configurations: "Proactive security"

Firewall: Enable "do not show popup alerts" select "block requests"

HIPS: The HIPS can cause problems during windows updates, you may not want to use it, but if you do want to use it, do the same thing with HIPS that you just did to the firewall component.

Containment: Containment settings: disable the two things that say "do not virtualize access to: _____"

disable automatic startup for services installed in the container

enable "do not show privilege elevation alerts" select "block"

Containment: Auto-containment: double-click the setting that currently says "run virtualized" at the top of the window that will come up next, change that setting to "block"

File Rating: File Rating settings: enable "do not show popup alerts"

Advanced protection: Virusscope: Enable "do not show popup alerts" and disable the setting that says "monitor only applications in the container"

Advanced settings: Micellaneous: Enable "Apply the selected action to unrecognized autorun entries" select "terminate"

Enable "don't detect shellcode injections in "these applications" add all of sandboxie plus's EXE's to that menu. ALL OF THEM, not just the ones in the main sandboxie folder in program files (you may have to add more EXE's of sandboxie plus if Mr Xanatos adds new EXE's to his fork of it later on)

click okay, open the settings one more time, and then add all of sandboxie plus's EXE's to the file list and apply the "trusted" rating to all of them (you will have to repeat this last step every time you update to a new version of sandboxie plus)

You're good to go after that.

 

It seems that a lot of antivirus programs have let up a little bit on MOST of the files related to sandboxie plus, except for that fricken driver file.

On the list of good products that DON'T label things based on just a glorified name tag,

Comodo, SecureAge APEX, VoodooAI, HitmanPro, Sophos, Emsisoft and handful of others.

 

1) you can find the new releases here:https://github.com/sandboxie-plus/Sandboxie/releases

2) C:\Windows\Sandboxie.ini

3) just run the installer over the old version

For testing disregard the plus version for now and go for the legacy release with the old installer

 

Thanks, David --

3) Now I finally see the installers, not just the ZIP files!

4) I think you mean I should start with 5.33.1, 5.33.3, and 5.33.6, right? -- jclarkw

 

4) right

 

David -- All three of 5.33.1, 5.33.3, and 5.33.6 64-bit work fine with Outlook 2019, although I did have a few glitches along the way to getting the first one, 5.33.1, up and running right in my Standard User account under Windows 10 Pro 1909 -- no idea why.

I guess I'll move on to your installers at https://github.com/sandboxie-plus/Sandboxie/releases and try working up the list starting at 5.40...

Or is there something else I should do first? -- jclarkw

 

David -- FYI, both Firefox and Chrome refused to download three of your releases, as illustrated here:
I don't know what this means. Doesn't seem to be about driver signatures since you said they all suffer from that problem. -- jclarkw

 

David -- Using your installers, 64-bit 5.40 and 5.40.1 also worked fine with Outlook. When I tried to install 5.41.0, however, Windows Defender claimed it found (and I told it to delete) a trojan as shown here:
This warning was generated after I clicked "Finish" in the installer but before Sandboxie Control started up, and Sandboxie Control would not start on subsequent attempts.

After this unexpected problem I uninstalled 5.41 clean, copied my saved configuration file back into C:\Windows, and tried to re-install 5.40.1 (which had worked before). This time, however, 5.40.1 refused to run Outlook, showing the same bogus information box as previously described for 5.42.1 (installed in that case from the ZIP file):

My provisional guess: Some glitch having nothing to do with Sandboxie Plus (but maybe something to do with your installer?) is causing this problem to re-appear. I have only one idea left: Uninstall, go back and try to get Sandboxie 5.33.1 working again, then stop at Sandboxie 5.33.6 while awaiting further suggestions.

I was really hoping to get to 5.42.1, but it doesn't look as though I'm going to make it... -- jclarkw

 

Hello,
I'm new to the party here - although not to Sandboxie.
Since Saturday, August 8th. I have run into severe problems with v5.42.1. The only thing I changed before was to finally copy Sbie_v0.3.5 over the install directory and having started Sandman for the first time.

Since then upon re-boot of my Win_10_64bit-for_Workstations-system, build 2004, every time upon re-boot the UAC will pop up asking permission for MS-service-host to modify the system. As I've found out that operation tries to unsuccessfully start SbieSvc-Service. As a consequence the Sbie-Tray-icon will come up in dark yellow with an exclamation-mark on top and Sbie does not work any more.

The strangest thing is that Sbie64_v5_42_1 has been working flawlessly for ~3 weeks before.

Upon manual inspection of the service its status is "stopped" and when I tried starting it manually an error message came up that the service had immediately stopped again after the manual re-start.

Of course I did many new installations with the 64-bit installer. Not all of them went exactly the same, interestingly enough. Sometimes a re-boot was required by the installer, sometimes not. Sometimes the installation seemed to work well, sometimes the exclamation-mark-icon was there from the beginning. Sometimes Sbie even survived ONE re-boot but at the latest upon 2nd re-boot the UAC and the exclamation-mark-icon were coming up again.

I then even purged the registry completely of everything "Sandboxie", "Sbie", "Xana" and "SandMan" and then one more clean install with 64bit-installer-v5.42.1. Didn't do the trick either. Yet on this last try a Windows error message even offered more detailed information about the certificate used.

So in my opinion the perceived correlation to the Sbie_v0.3.5-installation and SandMan might rather have been pure coincidence and the true culprit is that something must have gone wrong with the certificate used from the internet.

Any ideas? Someone? For now I'm back to v5.33.3 and at least that one works reliably for now.

 

Oh, by the way, I forgot to mention that all operations described above have been performed under an Administrator-account.

 

Well the SbieDrv.sys is the driver that is not properly signed, that's why anti malware fools complain and why if you don't allow it SbieCtrl.exe will not work.

Some of the zip releases have the driver unobfuscated inside that's why some patronizing browsers will not let you download it. I have changed it in later releases to have the driver file obfuscated such that no one can see that its signed with a leaked certificate and hence the complaints start only when you are far enough with the setup and the file gets decrypted and saved as SbieDrv.sys

Cheers
David X.

 

David -- Is this the answer you were looking for? This startup problem with Outlook cropped up the first time after the installation of 5.42.1 from ZIP and the second time after I ran the installer for 5.41.0 (after finding no problems with 5.40 and 5.40.1 -- couldn't download 5.40.2).

OK, David -- I get it now and won't badger you again about this, although neither of the first two of your builds, nor even the 5.42.1, which I originally installed from ZIP, raised a fuss about this. Anyhow all I have to do is allow SbieDrv.sys in Windows Defender, and I can proceed with my progressive testing...

Note that the downloads that were rejected by both browsers were not the ZIP files, but installer (EXE) files like all of my recent downloads (though maybe they are really executable ZIPs?). Anyhow I can test the ones that I have, which is most of them...

The real puzzle for me is not why this startup problem with Outlook crops up in the first place (triggered the first time by the installation of 5.42.1 from ZIP and the second time by the installer for 5.41), but why it's so hard to get rid of after it appears (persists even in Sophos releases after it starts).

I also still don't understand what eventually worked to get rid of it -- I just floundered around looking for traces of Sandboxie that I could clean up before trying again -- but I did notice that the uninstalls didn't all delete the last DLL file from C:\Program Files\Sandboxie. I deleted the directory by hand, but that wasn't what solved my problem. Any thoughts on this would be most appreciated! -- jclarkw

 

Sandboxie really does not do much in the system, almost all it does only relates to sandboxed applications.
So the only thing deleting should have any effect on the phenomenon should be
c:\windows\sandboxie.ini
or C:\Sandbox where by default the variouse sandboxes are located.

 

Thanks, Dave -- I think you said you wanted me to narrow down which release introduced my problem. It appears to have been 5.41 (or perhaps 5.40.2, which I can't download). Is there any other testing that should I be doing on my end? -- jclarkw

 

Hallo,
since the new Windows update Sandboxie could not be started.
SBIE 2231 something like: 22/5 access denied, cannot start drivers.
Is there any help?

 

@stapp
I just did what you suggested in my initial post yesterday. All the detailed information wanted is there. And I somehow cannot imagine that the problem described there concerns my individual situation only. Still - no comments so far.

 

try reinstalling

 

I'm aware that this hint hasn't been directed towards me and I have no intention of "hijacking" someone elses topic, so I apologize if such an impression might arise.

But re-installing certainly did not work for my issue described above.