Sandboxie Plus (Sbie fork)

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Apr 9, 2020.

Thread Status:
Not open for further replies.
  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    A better network restrictions management is planned for the over next build.
    Not sure though if I'll add a proper packet filter driver or if I'll implement the limitation only in user space, that would be the easiest way but would be by passable by a sufficiently determined malware.

    btw: the next build will have an option to in real time allow process to access the internet i.e. if they are blocked and want to sandman UI will show a pop up where the user can allow or deny the request.

    And an other feature also in the pipeline although may be for the over over next build would be finally the whiteliste mode for access to the user profile and non standard file locations.
     
  2. cisko99za

    cisko99za Registered Member

    Joined:
    Nov 29, 2020
    Posts:
    7
    Location:
    Zurigo
    i hope on next version to find this option....!
     
  3. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    already in it ;)
     
  4. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    132
    Location:
    Land of Oz
    Sounds promising. :thumb:
    In theory one can do this already by allowing SB net connection and trigger the Win10 FW as the stop, though it is tedious, at least it would be on system level, I think, I honestly never checked but suppose it is not user space as you need admin.

    However I would think as the traffic can be controlled by SB, as it can block Internet in general, it should be able to allow exit to specific IP and block the others. In the end it is the same Internet stop or isn't it, you just check before if the program is allowed and if that IP is allowed as well. Or am I mistaken in the Internet block?
     
  5. cisko99za

    cisko99za Registered Member

    Joined:
    Nov 29, 2020
    Posts:
    7
    Location:
    Zurigo
    no, sorry, don't have now.
    if u create a shortcut on your desktop from <settings-integration with windows-add more shortcuts> and then move it to a folder other than the desktop, the shortcut will no longer be valid! That's the problem. Test it!
     
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    You are, the internet block the way its implemented is all or nothing, it block's the application access to socket devices that is long before the app even things where to connect to.
     
  7. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    Well do you have the version 0.5.0 already? I don't think so as its not released yet.
     
  8. Sandboxer

    Sandboxer Registered Member

    Joined:
    Sep 22, 2020
    Posts:
    19
    Location:
    Sydney
    I am very happy indeed with classic Sandboxie as it is, and I use it all the time when browsing. I have set up various shortcuts in Directory Opus that make very quick all the things that I need to do. My two requests are (I am not using Plus):

    * A command-line command to secure-wipe the contents of one or more sandboxes. I do this with CCleaner at the moment, but it would be good to be able to clean just the sandboxes, or just one sandbox, with a command that I can put into a Directory Opus button. Not a priority, though.

    * A certificate, because although I thought I had solved everything with ESET conflicts (thanks to @stapp and @_blm), ESET woke up again and made a tremendous fuss when I installed the current version 5.44.1 over the first version 5.44.0. I dread the next version.

    David, thank you very much for your work.
     
  9. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    * I'm not adding new features to the old UI generally its to much work, also with the next version 0.5 the plus ui wil have full feature parity with the old one so really no reason to use the old one.
    if you want to delete a sandbox run "start.exe /box:<box name> delete_sandbox" thats equivalent to delting the sandbox content from the classical UI

    * Working on that in fact for W 10 it already succeeded just today morning, yea! all WHL tests passed, trying right now to get it signed for win 7 that should be possible but needs a different set of tests to be run with a an older test setup.
     
  10. robert147

    robert147 Registered Member

    Joined:
    Jun 29, 2020
    Posts:
    22
    Location:
    Netherlands
    @DavidXanatos, about the signing: that's very good news and thank you very much for this !
     
  11. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    206
    Location:
    uk
    :cool::thumb:
     
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,035
    +1.
     
  13. reincarnatez

    reincarnatez Registered Member

    Joined:
    Sep 27, 2020
    Posts:
    16
    Location:
    United States
    Not sure what the issue with your situation is, but a shortcut is typically independent of where you have it saved on your computer... I just created a shortcut through the windows shell integration menu (Windows 10, Sandboxie 5.44.1 64 bit) , and it places it on the desktop like normal, and it works like it should. I then take that shortcut, and copy it to anywhere else (even other drives, like my G: drive), and it still works just like it did when it was on my Desktop. Maybe try checking the "Target" and "Start in" boxes of your shortcut to make sure they're filled out correctly?
     
  14. cisko99za

    cisko99za Registered Member

    Joined:
    Nov 29, 2020
    Posts:
    7
    Location:
    Zurigo
    you're right! doing other tests i understood my problem: this is due to the fact that i do not use the normal Windows Explorer but another file manager (xyplorer). When i move the shortcut from the desktop to another folder and then run it, the destination parameter changes the path from C:\Program Files\Sandboxie to C:\Program Files (x86)\Sandboxie and this obviously no longer does.... now i'm going to ask for explanations in the XY forum.
    thank you for your report, made me understand the real problem!
     
  15. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    132
    Location:
    Land of Oz
    That was missunderstood, now it is all or nothing, sure, what I meant is, instead of all or nothing, SB can also check the target IP and program and block upon the setting. In general the mechanism is the same, you let it pass or not. So the security is the same as now. If that makes sense. So I suppose the block now is also on user level and I guess it cannot be worked around, except there is a bug in the code? The other way would be to utilize the MS FW, as you do with you privatewin10. :) Though you rely on MS not changing it.

    Oh and I am looking forward to 0.5.0, sounds all like nice progress.
     
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    No the block currently is on kernel level but it blocks the required IO devices for networking a program that wants to network, first opens those devices and only later makes calls that contain the IP/port values. So we can't do with the current method of blocking a decision in the driver based on the IP/port.
    What we could to would be to add a new system wide packet filter that filters only for sandboxed processes on a packet level.
     
  17. Survivor

    Survivor Registered Member

    Joined:
    Jul 11, 2020
    Posts:
    132
    Location:
    Land of Oz
    IC, which is a cool method, you can't use what "isn't there". And I guess, like interfacing the MS one would be only for 10, as 7 and 8 might have a different API, if at all. The well uninformed guess :) I better stop guessing and let you make the call. :confused:
     
  18. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    392
    Location:
    VPN city
    the most recent "experimental build" running fine here
     
  19. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    something is broken with the signing process for windows 7 not sure what, but working on it.
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,188
    Location:
    Viena
    What do you think about a properly signed driver for window 10 only and the pirate signed for windows 7?
    Still trying to figure out why MSFT gives ma a signed driver for 7 based on HCK tests run on a win 7 that for whatever reason does not load on win 7, WTF.
     
  21. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,768
    Location:
    UK
    I think more people use Win 10 now, so that may be the way for you to go until you get the Win 7 thing sorted.
     
  22. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    206
    Location:
    uk
    Can you tell how what % of users are on Win7? If low, then the decision should not be too difficult, albeit would be unpopular with those on 7.
     
  23. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    61
    Location:
    Spain
    Latest Sophos build works perfect on Windows 7 and who is using a dead OS anyways?

    If u can sign the Windows 10 driver do it now and release a new build as soon as possible! Windows Defender is driving me crazy.

    Thanks for ur efforts to keep alive this program!
     
  24. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,035
    An option: Sandboxie Plus for Windows 10 available now and Sandboxie Plus for Windows 7 soon.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,037
    Location:
    Mexico
    On W10 + Chrome 87.0.4280.88

    Code:
    SBIE1308 Program cannot start due to restrictions - cmd.exe [Chrome]
    SBIE2222 To add the program to Start/Run Access Restrictions, please double-click on this message line
    SBIE1231 Initialization failed for process  [C0000001 / 06]
    
    SBIE2303 Could not hook CM_Add_Driver_PackageW (33, 1655)
    SBIE2318 DLL initialization failed for 'cfgmgr32.dll'
    SBIE2303 Could not hook SetCurrentProcessExplicitAppUserModelID (33, 1655)
    I see no malfunction but ...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.