Sandboxie technical tests and other technical topics discussion thread

Discussion in 'sandboxing & virtualization' started by MrBrian, Oct 17, 2014.

  1. DX2

    DX2 Guest

    Yes, that's what I meant. :) Just keep it in the sandbox. Thanks
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Rasheed, I tested Opera 26.0.1656.32 in my W7 32 bits laptop. I was able to set opera.exe as the only program allowed to run and connect, all went well.

    Opera has a few programs that try to start and have access to the internet when the browser starts, to make things convenient, I unticked the issuing of Sandboxie messages 1307 and 1308. And Hid messages 2314 for opera_autoupdate.exe and opera_crashreporter.exe. Do something like that and you ll get Opera running nicely under SBIE.

    If auto updating the browser or the checking for updates can be set to off, do it, that would make things a lot nicer. Creating a dedicated sandbox for Opera its also a good idea.

    Sin títulosss.jpg

    Bo
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    So if I'm correct you can run both Opera 12 and 26 inside the same sandbox? To clarify, I can do that too, but Opera 26 can't access the web when "Opera.exe" is the only app with network access.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What I meant is that perhaps it would be better if SBIE could do "path-based sandboxing". So if you sandbox the desktop, only apps that are stored on the desktop will be sandboxed. If you want to sandbox all shortcuts on it, you should also sandbox "Program Files". This way you wouldn't even need a "tracking system". Of course it might complicate things, but I'm not sure.
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I only ran Opera 26. After reading the post above, I get that your problem is that when you run both, 12 and 26, in the same sandbox, 26 doesn't connect. I will install both versions and run then in the same sandbox to check it out.:)

    Bo
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Rasheed, for me, with both versions running in the same sandbox, 26 connect alright. I tested using a default settings sandbox and an internet restricted sandbox where only Opera was allowed internet access.The other day I tested in W7, now I did it in XP.

    untitled.JPG


    Bo
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think there might be some bugs in SBIE when combined with Win 8. Sometimes Opera 26 freezes, and another thing I noticed is that SBIE refuses to make a fourth sandbox on my system. I will do some more testing, and thanks for checking it out.
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Perhaps reinstalling Sandboxie solves that problem. Its not a bug.:)

    Bo
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    Last edited: Dec 10, 2014
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi act, Rasheed can answer the questions on Opera and the HIPS program. I don't use Opera or HIPS. I used version 12.16 for my testing because it is the latest version 12 that I found at File Hippo.

    But about sandboxing explorer.exe, I can tell you a few things. Blocking explorer.exe in the firewall have nothing to do with sandboxing it. As a Sandboxie user, you don't want to sandbox explorer all the time but if you yourself started using Sandboxies free version tomorrow, there are certain situations in which using one would be perfect for you.

    For example, you can use one to navigate to your USB drives and run files from someone elses flash drive. Or navigate to your Downloads folder. If you download a suspicious file, you can use the sandboxed explorer to reach that file too and if you click on something thats malicious, you are not gonna get infected. The infection is contained and gone when you delete the sandbox. There are more reasons to use one. In short, anything that you do with the regular explorer, you can do it with the sandboxed one. So you, yourself can come up with ways of using one based on what you do with explorer.

    I have the paid version and even though I force most programs and a few folders, I still use a sandboxed explorer sometimes. I specifically use one to reach any file that I have any suspicious about. Using a sandboxed explorer in Sandboxie is the safest way to run files. There is nothing that will not run sandboxed when you use a sandboxed explorer. I always keep that in mind. I also use one to open pictures. I dont download many pictures and save only a few. But if someone sends me pictures, I am going to get to them via a sandboxed explorer. I do that automatically.

    About the firewall and explorer. When you create a sandbox for Windows explorer, in Sandbox settings you can set things up so no program is allowed internet access. In my case that's kind of important to do because I don't use a firewall other than Windows. By setting it up like that, any program that runs in the explorer sandbox can not connect. If its malware, it can not phone home.

    Since you liked the pictures, I got one for you:). The picture shows that I ran a sandboxed explorer, navigated to a PDF file that is in my desktop and open it. All in the Windows explorer sandbox.

    untitled.JPG

    Bo
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It was because some security issue. And SBIE does work on Win XP SP2 combined with SSM, but sometimes it will give errors when trying to sandbox some app, perhaps because SBIE is not fully compatible with XP SP2, but I suspect it might also because of conflicts with other HIPS like SSM.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It would be weird if that is the solution, but I'm also thinking of downgrading, because if 'm correct the architecture of SBIE was changed in 4.14, perhaps that's why it acts a bit weird on Win 8.

    But anyway, 2 new questions:

    1 I noticed that if you have shortcuts to .exe files inside the sandboxed desktop, these apps will open unsandboxed on double click. But shortcuts to audio/video files do open sandboxed. Is this normal?

    2 What should happen with a file when you choose "send to ----> Sandbox" from the context menu? Shouldn't it open in the sandbox of your choice? I noticed that when I select a file inside "sandbox 1" and I want to sandbox it in "sandbox 2", SBIE gives some error message and sandboxes it in "sandbox 1", is this a bug?
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Rasheed, you keep mentioning W8 but I think you are actually using W8.1. If that's correct, then you should not downgrade. New SBIE versions are designed to work in W8.1 but I know soon, W8 is not going to be supported anymore. I read that W8 has problems and because of the fixes implemented in W8.1, Sandboxie works better with W8.1 and thats the system that will continue to be supported.

    About 1. I just did a Desktop "send to ----> Sandbox", when I clicked on a Flash installer that I have laying there, the installer ran sandboxed. If you run your Desktop (which works out to be the same as running Windows explorer) sandboxed, nothing should not run sandboxed when you click on a file, program, exe, whatever.

    About 2. This is what I think you did. You navigated to the folder of your sandbox 1 in C drive and did a "send to ----> Sandbox" 2, in my case, I see the same as you with the file opening in sandbox 1. I think that's how that should be. But I know that wont work that way with all type of files. And I don't get any kind of message or error.

    I still think you should do a reinstall.

    Bo
     
  14. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Service Pack 3 is required for use on Windows XP. (Sandboxie Version 4.02+)
    Can sometimes cause conflicts with HIPS depending on settings and apps used. Not sure on SSM.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, that's what I said.

    @ bo elam

    Yes I'm using Win 8.1. But I think you misunderstood.

    About 1, when I open the desktop folder inside the sandbox (explorer.exe is not sandboxed) this strange behavior happens. Why would it ignore the shortcuts pointing to .exe files, is this by design? Of course .exe files that are placed inside this folder do get sandboxed correctly.

    About 2, yes you're correct. What I'm basically trying to achieve is to run files downloaded in "sandbox 1", inside "sandbox 2", but apparently SBIE will not let you do this with the "send to" menu.
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Rasheed, when you right click your Desktop and click Run sandboxed or you do a Desktop sent to a sandbox, your desktop folder opens up sandboxed using a sandboxed version of Windows explorer. If you open up Sandboxie control, you ll see explorer.exe there.

    By "shortcuts pointing to .exe files," you mean something like a shortcut for Firefox or IE, Right? if thats the case, those browsers should run sandboxed in the sandbox where you are running the Desktop when you click on them. Thats what you should be seeing. Thats how that works.:)

    Please tell me, How do you "open the desktop folder inside the sandbox," In other words, how are you running the desktop sandboxed if you are not doing it as I described in the first paragraph of this post.

    Bo
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ bo elam

    I will try to explain with some screenshots.

    I open this folder that is not sandboxed (explorer.exe is not sandboxed): C:\Sandbox\MyPC\Opera\user\current\Desktop

    In pic 1, the shortcuts to the picture and Windows Installer files will run sandboxed. But the shortcuts to DriverView and ExtractNow will run non-sandboxed. I think this is weird. In pic 2, all files run sandboxed as expected. Keep in mind, I'm not using the "run sandboxed" context menu item, otherwise it would work of course.
     

    Attached Files:

  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    1. If you open a folder non sandboxed, Why are you expecting files, etc, to run sandboxed?

    2. You seem to think that you are running the Desktop sandboxed (I know you are not), What are you doing to run the Desktop sandboxed? Be specific.

    Bo
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Why are you making it so complex? :)

    1 Like I said, that's the way SBIE has always worked. If you navigate to one of the sandbox folders, all files will open sandboxed automatically, even shortcuts. You do not have to sandbox explorer.exe.

    2 I do not think this at all, as a matter of fact, I clearly said that I'm not.

    EDIT:
    About 1, I just did a test. If I make a shortcut to some app from inside the sandbox folder (not sandboxed) it works OK. As soon as I copy a shortcut from the real desktop to the desktop folder inside the sandbox (again not running sandboxed), the app will run outside the sandbox, so not under SBIE's control. No surprise because the shortcut is pointing to the real "Program Files". So perhaps I was being silly, sorry for the confusion.
     
    Last edited: Dec 10, 2014
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ bo elam

    To clarify why I was so confused: Everything inside "C:\Sandbox" is automatically sandboxed by SBIE (on double click), you don't have to select "Run Sandboxed" and you don't have to sandbox Windows Explorer.

    But if you copy shortcuts into "C:\Sandbox" that point to for example, "C:\Windows" or "C:\Program Files", SBIE will not sandbox those apps. Of course unless you use the "forced folder" feature.
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Thats exactly how that its supposed to work. But, so you know, when you click on files that are inside, for example, C:\Sandbox>Bo>DefaultBox, those files are treated like if they were inside a Forced folder. So, most files run sandboxed out of there when you double click them. But there are exceptions to that. Some files wont run sandboxed when you double click them, for example, if you click on a video and WMP is the default player for that video, the video wont run sandboxed. Or if you click on a picture and Windows photo viewer is the default program for viewing pictures, the picture wont run sandboxed either.

    A couple of posts back you mention something about me making things complicated. But Rasheed, you complicate Sandboxie for no reason. Sandboxie is a very easy program to work with, I cant understand why you would like doing something like running a shortcut from inside the Sandbox folder when for example, you can force programs and the option for creating sandboxed shortcuts is available. It doesn't make sense to me.

    I personally think that Sandboxie can be tailored according to ones own imagination, many things that we do with SBIE are like, if we think about it, we can do it. But some of the things that you come up lately regarding SBIE, I have to really really think about it. Or read your posts a few times ...and I still don't get it:). Don't get pissed me with me, I like you and I was going to tell you this yesterday but didn't.

    Bo
     
    Last edited: Dec 11, 2014
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ bo elam

    No problem, there's nothing wrong with not liking ideas or don't "getting" stuff. To clarify, this latest "shortcut not running sandboxed" stuff was not a request, but the confusion was caused because "C:\Sandbox" and subfolders are always forced to run sandboxed, like you said yourself. But by mistake I copied some shortcuts (pointing to "C:\Program Files") to it and that's why I was surprised that they opened up unsandboxed.

    I also didn't know that WMP and Windows Photo Viewer will not run sandboxed automatically. And BTW, about my other request, all of a sudden it's working perfectly. Files that I download end up on the real desktop, and on double click they open sandboxed. Shortcuts on the real desktop open unsandboxed just like I want them to. This did not happen at first.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, I was a bit too quick with my conclusion. When you force the real desktop to run sandboxed, it will sometimes force shortcuts pointing to "C:\Program Files" but it will never force them if they point to "C:\Program Files (x86)". This is a bit weird.
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    They will not run sandboxed automatically out of a Forced folder but WMP would run sandboxed if you Force it as a program. Thats what I do in that case. For pictures, you can either be conscious about it and get to them with a sandboxed Windows explorer like I do or change your default picture viewer to one that does work forced out of a forced folder. I use and combine both features, Forced folder and Forced programs as well as the sandboxed explorer to get all files and programs running sandboxed. All done automatically with very little thinking required.

    Bo
     
  25. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    @ bo elam,
    Many thanks for your answer in post#385. I'm slowly warming up to all this, but isn't easy.
     
    Last edited: Dec 11, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.