Sandboxie Plus (Sbie fork)

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Apr 9, 2020.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    The new GUI does indeed look pretty good. Exept for the ugly focus rectangle. But how to make this new GUI replace the old one, that didn't become clear to me.
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    @Rasheed187

    > focus rectangle

    o_O

    > But how to make this new GUI replace the old one, that didn't become clear to me.

    Just close sbiectrl.exe and start sandman.exe

    Its a pre-release so not everything is automatized, and some things are missing for which sbiectrl is useful to still have, the next build will be more feature complete.

    The current release is intended as a preview.
     
  3. diversenok

    diversenok Registered Member

    Joined:
    Oct 7, 2018
    Posts:
    18
    Location:
    Russia / Netherlands
    Yes, and the fix for at least one of them will be available soon. I will make all the details public after we see them patched in both branches of Sandboxie.
     
  4. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    746
    Nice, thanks!

    About making details public I have my doubts. I feel like many Sandboxie users still use old versions just because they work and because downloading from Sophos was a pain in the ass. Not to mention David's fork probably is unknown to most Sandboxie users. So if malwares take advantage of the vulnerabilities, I'm afraid a big % of Sandboxie users will be exposed.
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    Yea I don't know myself what to best to do I cant release a fixed driver and wait a few weeks with releasing the source because of the GPL.
    Now on one hand the fix is important as a sandbox escape is a big no no, on the other hand if most users wont get the patch that it may be a bigger problem in total.
    Than I don't know from seeing the fix how easy it would be to figure out how the exploit worked.
     
  6. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    746
    If I had to take a decission about what to do, I'ld release the new version but I'ld not explain publicly how the exploit work and I'ld stop talking about that. In fact I'ld talk with persons that participated in the conversation (diversenok, you and me) and I'ld ask for permission to get comments removed by administration.

    In general I'm positive about public disclosure of exploits and vulnerabilities but this case has special circumstances that suggest the best idea is to keep all this in private.

    You know what they say (Oh, people can come up with statistics to prove anything, Kent. Forty percent of all people know that) but I think over 80-90% of Sandboxie users will not download and install the version patching the vulnerabilities soon or even in the near future. So this is a delicate question.
     
  7. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    I assume you've told Tom, too?
     
  8. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    746
    This comment should be for diversenok as he found the vulnerabilities, not me.
     
  9. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    387
    Location:
    VPN city
    So now I know I can still use hitmanpro alert with it. But I never got an answer to my question from my own post here. Does the latest release sandboxie plus work with the latest build of windows 10? (2004)
     
  10. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    387
    Location:
    VPN city
    So without talking details of this exploit you speak of. Has @DavidXanatos fixed it in his fork? Have you fixed it in buster sandbox?

    Would HitManPro.Alert be helpful for mitigating it?

    by the way, if anyone wants to beef up any version or fork of sandboxie, get hitmanpro alert to go with it and add

    Template=HitmanProAlert

    to the global rules in the INI file
     
  11. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    ahh, sorry mate, @diversenok, i assume you've told Tom, too?
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    The new build is up: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.2

    This build brings a much more feature complete SandMan (Sandboxie Manager) it is now capable of installing/uninstalling and controlling the driver/service from the Sandbox->Maintenance menu these options are available.
    If a Sandboxie-Plus.ini is created in its root directory it will operate in a fully portable mode.

    Please note that if you want to use the existing Sandboxie installation it must be updated to version 5.41

    [0.2 / 5.41] - 2020-06-08
    Added
    • IniWatcher, no more clicking reload, the ini is now reloaded automatically every time it changes
    • Added Mainanance menu to the Sandbox menu, allowing to install/uninstall and start/stop sandboxie driver, service
    • SandMan.exe now is packed with Sbie files and when no sbie is installed acts as a portable instalation
    • Added option to clean up logs
    Changed
    • sbie driver now first checks the home path for the sbie ini before checking SystemRoot
    Fixed
    • Fixed a resource leak when running sandboxed
    • Fixed issue boxed services not starting when the path contained a space
    • NtQueryInformationProcess now returns the proper sandboxed path for sandboxed processes
     
  13. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    Thanks for the new release, in this new files my nod antivirus v13xx has poped up with this message:

    SandboxieInstall32-v5.41.0.exe = NSIS = SbieDrv.sys - Win32/Agent.ABZW.gen Trojan
    SandboxieInstall64-v5.41.0.exe = NSIS = SbieDrv.sys - Win32/Agent.ABZW.gen Trojan

    Yes, probably false positive (guess it's a matter of the digital signature.) but also to say that it has never happened to me before with a release of this application. It would be good to be able to correct what causes this.
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
  15. wissec

    wissec Registered Member

    Joined:
    Apr 11, 2020
    Posts:
    36
    Location:
    Out
    yes really curious... Thanks for all your work on the project.
     
  16. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    upload_2020-6-9_13-35-8.png

    Different colors for different box types, for now we have more colors than types
    yelos is default, the red one will be for boxes that have a logapi.dll injection set up.

    ignore the green check marks its just an overlay in my explorer from tortoisSVN
     
  17. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,840
    @DavidXanatos
    love your job , really
    to run the portable version should I download theSbiePlus64.zip ?
    amazing work
    thanks
     
    Last edited: Jun 9, 2020
  18. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    yes
     
  19. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,484
    Is this a zero-footprint portable that doesn't leave little remnants behind outside of the app such as reg entries, data. etc. after closing?

    I often find apps claiming to be portable leaving their debris behind. Just checking so I can be prepared. :D
     
  20. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,840
    hi @DavidXanatos
    should i run as administrator ?
    Sandboxie 5.41.0 is out ..
    thanks DavidXanatos

    in the past , in the forum you could download the portable and yes it was stealth , no registry no data.
     
  21. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,131
    Location:
    Viena
    Not sure if i like the colors its a bit agressive

    upload_2020-6-9_16-31-26.png

    what do you think?

    about the portable operation,
    its not perfect yet, it leaves behind the C:\Sandbox folder that will be fixed in the next build or so.
    other than that it shouldn't leave anything behind when closed properly.

    When it detects that it was started fully portable it stops and and removes the driver and service,

    Fully portable means here that there is a Sandboxie-Plus.ini in the its root folder, which is not the default (!)
    And the Driver must have been loaded from the same directory SandMan.exe was started so as not to remove anything from an actually installed installation.

    David X.
     
  22. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,484
    I've never used sbie before. Is there a How-To or useful help on how to get started?
    I unpacked the zip, added an empty Sandboxie-Plus.ini and ran Start notepad.exe and nothing happened.
    Does one always have to start and app this way or is there also a GUI to work from?

    When I start sandman I get:
    sbie+.jpg
    Also, the GUI only shows 0.2 and nothing about the driver version. Is the plus package not an all-in-one?
     
    Last edited: Jun 9, 2020
  23. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,840
    @DavidXanatos
    hi , i like the colors , i don't think they are too agressive
    maybe the toolbar icons could be just more clear , i mean more simple and intuitive
     
  24. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,484
    It's probably me since I haven't learned to use this yet, but after closing sandman, I see these left in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SbieSvc
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\SbieDrv
    and Sandbox Manager still lingering in Task Manager
     
  25. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.