Sandboxie Plus (Sbie fork)

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Apr 9, 2020.

Thread Status:
Not open for further replies.
  1. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    385
    Location:
    VPN city
    I can't get most games to run sandboxed. They act funny, if they work, they never work quite right.

    Also I still can't get the 64 bit version of the tor browser to start inside of sandboxie
     
  2. reincarnatez

    reincarnatez Registered Member

    Joined:
    Sep 27, 2020
    Posts:
    16
    Location:
    United States
    That's true, but you never can be totally sure. Take for example, the recent release of the game "Genshin Impact" that introduced an "anti-cheat" permanently onto your computer, that remained even if the game is closed (or uninstalled, for that matter.) For that reason, I mostly just run whatever I can inside of a sandbox, and if it doesn't work, I'll explore my other options. Would really be great if I could figure out all the Nvidia stuff though!
     
  3. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    385
    Location:
    VPN city
    That's malware-like tactics that the devs of that game are doing.
     
  4. Lorina

    Lorina Registered Member

    Joined:
    Mar 13, 2018
    Posts:
    13
    Location:
    EU
    I've downloaded 5.43.5 64bit via Majorgeeks (https://www.majorgeeks.com/files/details/sandboxie.html), and I'm afraid Windows Defender now flags SbieDrv.sys as malicious. I suppose it's also related to the signing, but if WD started blocking it, that is a bit cumbersome as far as the general public's trust is concerned.

    The checksums for the file I have were:

    SbieDrv.sys
    CRC16: DFCD
    CRC32: 0C13B1A5
    CRC64: 76AA55CB49A73F56
    MD5: C85B2BD58F2E2D6F4D5462532F9F0384
    SHA1: 1C25F411957728524F07A81256F420DF28DD1DF6
    SHA256: 533B26504AA9854BBDE21056982121E2A7DAF7AEEB74B32B966A7C2844A37687
    SHA512: 1F9EF44847FEE8B91EC016DDD9040EFE440F3C42B7E9E23E4AA4F4DEE2DE56CB7D4AA6F67B54474143B4C17CD3F438A0F7E7DF9BED1A55DE4C1CD464363C476F
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,099
    Location:
    Viena
    Bug fix release resolving a critical chrome 68+ incompatibility and fixing many resource leaks.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.4.2

    ChangeLog
    [0.4.2 / 5.43.6] - 2020-10-10

    Added
    • added explore box content menu option
    Fixed
    • fixed thread handle leak in SbieSvc and other components
    • msedge.exe is now categorized as a chromium derivate
    • fixed chrome 86+ compatybility bug with chroms own sandbox
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,965
    Location:
    .
    SandboxieInstall 5.43.6 overwrite 5.33.6 with exclusions for my Norton objections re 5.43.6
    SandboxieInstall 5.43.6 > Chrome 86.x and Edge 86.x appear to launch and feel okay.
     
    Last edited: Oct 11, 2020
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,980
    Typo
    ;)
    I run chromium v87 and now v86 and having no problems. Is there a special test case to evaluate?
     
  8. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    850
    Location:
    usa
    I know a lot of smart people posting in this thread about the Sandbox programming.

    I just have a question.
    Yesterday, I downloaded Sandbox Plus. Installed it (after creating a new exception on the Bitdefender list), restarted my computer, but, after logging in, I could not find anywhere Sandbox Plus Icon. The Sandbox Plus folder had only one or two files. Nothing on the right-click mouse list.
    Is there any information how to work with Sandbox Plus for an absolute beginner?
    Thank you.
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,310
    Location:
    UK
    I ended up having to uninstall 5.33.6 for some reason first as 5.43.6 didn't seem to want to behave itself.

    On this machine upstairs I have Defender as antivirus.
    Obliviously Smart Screen stopped the download until I said to keep it.
    At install Defender told me there were 2 Trojans so I had to right-click on the findings and tell it to allow them.
    Then the install went through and I restarted the machine

    At start it said the Sbie Service wasn't started :)
    Started it in Services (it was listed as stopped)
    No sbie icons on desktop to run browser with or in taskbar.

    Ran the installer again over the top.
    Restarted the machine again.
    All is working fine :thumb:
    Edge and Vivaldi (Chromium 86 ) work as they always have done. Downloads work, recovery at close of browser works.
    All looks and behaves exactly the same as 5.33.6 did.
    No need for any 'targets' or workarounds.
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,980
    Darn! Your installer still do NOT recognize previous installation (5.43.5 -> 5.43.6).
    Code:
    C:\Program Files\Sandboxie
    Is not my target folder! tzuk his installer did.
    example code
    Code:
    Function detect_sandboxie2
      StrCpy $ERROR "0"
      ${If} $SANDBOXIE = 0
        ${registry::Read} "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie" "DisplayIcon" $R9 $R7
        ${IfNot} $R7 == ""
        ${AndIfNot} $R9 == ""
          Push $R9
            Call GetParent      Pop $R9
        ${EndIf}
      ${EndIf}
      Call detect_sandboxie3
    
      ${If} $SANDBOXIE = 0
        ${registry::Read} "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\SbieDrv" "EventMessageFile" $R9 $R7
        ${IfNot} $R7 == ""
        ${AndIfNot} $R9 == ""
          Push $R9
            Call GetParent
          Pop $R9
        ${EndIf}
      ${EndIf}
      Call detect_sandboxie3
    FunctionEnd
    
    Function detect_sandboxie3
      ${If} ${FileExists}    "$R9\SbieCtrl.exe"
      ${AndIf} ${FileExists} "$R9\Start.exe"
        StrCpy $SANDBOXIE "1"
        StrCpy $SANDBOXIEPATH $R9
      ${EndIf}
    FunctionEnd
    ;----------------------------------------
    getparent is a well given function.
     
    Last edited: Oct 11, 2020
  11. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    124
    Location:
    Vienna, Austria
    Hello, just downloaded and installed v5.43.6 which fixed the problem of chrome-extensions not working any more since some recent chromium update.
    However my default-browser is Opera, now in v.71. And to log into various web-sites I have installed Offline-Roboform together with the proper chrome-extension (also working in Opera).
    Unfortunately between "Opera v71.0.3770.171" and "Opera_71.0.3770.228" now this Roboform-Plugin has stopped working and all my login-data are no longer accessible.

    The phenomenon will go away if Opera is run outside Sandboxie. So I was assuming that this might be caused by the same change in Chromium that crippled all the chrome-extensions in Sandboxie and would therefore also go away when installing the sandboxie-update.

    Unfortunately this has not been the case.

    Anybody any guess which path I would have to open or what else to change in sandboxie.ini for the Roboform-extention to keep working in co-existence with Sandboxie - as it has done so until recently?
     
  12. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,597
    Location:
    USA
    I had a very similar problem including everything working in the end. I am only posting this to give David more info. Very happy things seem to be back to working
    as they should :thumb:
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,310
    Location:
    UK
    Yes as far as I can see 5.43.6 works just as well as 5.33.6 did. Looks the same too :)
    Also has the bonus that you don't have to change 'targets' or add 'arguments'
     
  14. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    850
    Location:
    usa
    Would you be so kind and help me with Sandboxie Plus issue?

    I've downloaded that Sandboxie Plus.
    Added it as exception to my BitDefender exception list.
    Installed it.
    Restarted the computer.
    After logging in, I could not find any Sandboxie Plus Icon, any mentioning in the right-mouse click drop-down list.
    The Sandboxie Plus folder had very few remnant files; therefore, I've installed the classic David's version.
    What did I do wrong?

    Thank you.
     
  15. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,310
    Location:
    UK
    Did you look in Services to see if Sandboxie Service was started?
    If it isn't (it wasn't for me) start the service, ask if you have forgotten how to do that.
    Then reboot again.
    If that still doesn't work. try running the 5.43.6 installer over the top of the 5.43.6 install and restart again.
    I'm sure David might have something to add
     
  16. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    850
    Location:
    usa
    Thank you for you help.

    LOL.

    Somehow on my own, I was able to install David's Sandboxie Plus (that I've read a lot of good things about!)
    My problem was that the installation of Sandboxie Plus has required to go through the installation procedure TWICE!
    You run that Sandboxie Plus installation and get a message to restart the computer.
    After you restart the computer, you start the installation once again, and at the end, it says, "You've installed Sanboxie Plus".
    Now, I just need to inform my wife that there is no more "pizza" on the monitor. Check for "Children cookie-toys"o_O
     
  17. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    850
    Location:
    usa
    LOL!!!
    Sorry, another question.
    After my successful Sandboxie Plus installation, I can right-click any browser and start it in Sandboxie Plus, but...
    Now, I need to resolve another issue.
    When I click on the main Sandboxie Plus ICON on the monitor, I get a PROBLEM.
    I can easily go around it by right-clicking on any browser, but for my wife it's an ISSUE.

    Instead of an opened Browser window, I get the following:

    SandboxiePlus.PNG

    To be continued...

    I know how difficult is to get any info from our very busy smart commentators; therefore, I've decided to "fix" my second problem on my own again. LOL.
    In the Target space of Sandboxie Plus icon - properties, I've added a line that includes Start.ex." default_browser.
    LOL.

    SandboxiePlus2.PNG

    It worked. Just immediately the icon Sandboxie Plus icon on the monitor got changed back to the Classic icon.
    But I'm trying...
    LOL.
     
    Last edited: Oct 11, 2020
  18. BrendanAdams

    BrendanAdams Registered Member

    Joined:
    Jan 2, 2009
    Posts:
    165
    Location:
    France
    I have had exactly the same issue for a couple of weeks, and the only way to solve it here was to add Opera to Appguard's user space and select No in the include column. If you use a similar software, it could be the cause of your issue, and you might tweak your way out.
     
  19. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    124
    Location:
    Vienna, Austria
    AFAIK Appguard is a malware/antivirus defender program. So you think this might be an Antivirus-issue? Using malwarebytes here for that purpose. But why would an antivirus-program all of a sudden block Roboform only in Sandboxie and not if Opera is run outside the sandbox?
    Do you remember or did you even try if (on your system) Appguard blocked Roboform also with Opera outside the sandbox until you declared Opera as part of the Appguard-user-space?
     
  20. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,834
    hi
    but is it the same of @DavidXanatos devoper ?
    or not ? and about Majorgeeks , who does assembled/compiled it?
    thanks
     
  21. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,099
    Location:
    Viena
    The binary's on MJ are identical with myne on GitHub so they took it from there...
     
  22. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    155
    Location:
    New Zealand
    Hi @DavidXanatos . I downloaded SandboxieInstall 5.43.6 from your github following the link for the new version in your comment #580 above. I saw on your github someone reported a detection by Windows Defender that showed the Windows temp folder as the pathway, and you replied that was not expected behaviour, so I just thought I'd let you know the same thing happened to me too using the exe installer for the classical version. I've attached the results from Windows Defender for you below.

    That was the second detection after allowing the installer to run, the first was one minute earlier according to the timestamp on Windows Defender, and that one was for the SbieDrv.sys in program files, which I was fully expecting a false positive for because of the certificate issue. I allowed both detections. Because of your comment on github about the temp folder thingy being unexpected, I decided to upload the installer (not the driver) to virustotal. Only two engines detected the installer as malicious, but there was
    a comment in the "community" section on virustotal from a bot saying that the installer file was able to be found on a website called malshare.com, with a link to the file on that site. I'm not exactly what that means, as google tells me that's a community for researchers to share malware?? I'm not knowledgeable enough about all this to know if this is something to be concerned about or not, so I'll just let you have a look for yourself.

    I've added SbieDrv.sys to my exclusions on Windows Defender and MBAM (although MBAM didn't protest at all). Aside from the two Windows Defender detections, the installation over the top of 5.33.6 went perfectly, and 5.43.6 is running beautifully on my win 10 2004 rig. Thanks for checking this out, and an even bigger thanks for all your amazing work keeping Sandboxie alive, functional and secure! Really stoked to hear you will continue to provide the legacy version too!

    Anyway here are the two detections:

    SandboxieInstall64-v5.43.6.exe detection temp folder.png SandboxieInstall-533-6.exe detection program files SbieDrv.sys.png
     
    Last edited: Oct 12, 2020
  23. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,099
    Location:
    Viena
    Mmh... yea that's a bit stang, because the way it works is that an obfuscated file gets installed to program files and than from there the kmdutill.exe deobfuscates it.
    Possibly the obfuscation is not good enough or now they trigger on the modified kmdutill.exe...
    Could you send me the Fles from your temp folder for examination.
     
  24. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    155
    Location:
    New Zealand
    Thanks for the response David. I would happily send you the files but unfortunately they are not to be found. When I went to the Temp folder afterwards, they were not showing at all (and I made sure I had ticked the option to see hidden files, and was using an administrator account). I'm not sure if they went away immediately on their own, or if Windows Defender ate them in spite of my allowing them.

    Your explanation goes a little over my head, lol. I'm a nurse and far more knowledgeable about the workings of the body than the workings of my laptop! So where you say "possibly the obfuscation is not good enough now or they trigger on the modified kmdutil.exe" - is there anything about those things I should be concerned about in terms of the integrity of my machine now?
     
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,099
    Location:
    Viena
    No if it were just more advanced false positives than nothing to worry about,
    but for the time being I'll provide Hash Sums of the installer so that you can validate after download that is wasn't tempered some ware on the way.

    Here the SHA256 Check Summs:

    SandboxieInstall32-v5.43.6.exe 77a3c0832826405cd579a3431b511941856cccfadadafd475707b36b5b84b6b5
    SandboxieInstall64-v5.43.6.exe 52ae02dbc7b6f1569adc041daaf5aff27beb3774d82a8f4bb6e0df82494c5f56
    Sandboxie-Plus-x64-v0.4.2.exe af2206bb12a4c33daa126bc92fcf6f2251f09b2df2aa57339b275744d9947d2b
    Sandboxie-Plus-x86-v0.4.2.exe 3fa3244af04b02b4376b7816bcffa0433c152833be89fd72d69009d4272da321
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.