Sandboxie Technologies (SBIE Open source)

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by bo elam, Apr 22, 2020.

  1. zoril

    zoril Registered Member

    Joined:
    May 31, 2005
    Posts:
    247
    I very much liked the last Sophos version 5.33.6 and stayed with it until 2021 with no issues.

    However since 2021, after Windows and browser updates, I noticed in Firefox, spinning cursors, error messages, lag, etc. This should not be surprising as the final Sophos update was about April 2020.

    I decided to switch to David's open source version. I found that all has gone very well for me up to now. I am no expert, but hopefully the vast majority of Sandboxie users will at least try out David's software, as he deserves the support. He clearly knows what he is doing.

    As an analogy - If you are changing your car and have a choice of 2 "identical" models, one with no availability of parts if things go wrong, I know which model I would chose^_^

    Best wishes - Zoril:)
     
    Last edited: Mar 18, 2021
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    I am glad the switch has gone well for you but for what is worth, I am having no issue whatsoever between Firefox and Sandboxie. In W10, I am on Firefox 85, and on W7, started it yesterday for the first time in a couple of months, I updated Firefox to 86.0.1, and all is well with Sandboxie 5.33.6.

    I write "all is well" all the time about this old version. A good friend in another post a couple of months ago took issue with those words so this time, I ll also say this about the interaction between Firefox and Sandboxie in my computers, "as of right now, it couldn't be any better".

    Your issue could have been caused by many things, and not necessarily because your SBIE version was old. Do you use AV? Antiviruses or other security programs can cause issues, the problem can be started by a simple signatures update and be fixed by another. Or an extension, how many extensions do you use? Some people use 20 or more. In my case, I use no AV or other security programs along SBIE, and only one extension. A setup like this helps my chances for not developing issues beteen Firefox and SBIE, and also makes it easier to detect the cause of a problem if you develop one. Greetings.

    Bo
     
  3. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    686
    Location:
    Canada
    My System is Win. 10 Pro 20H2 64bit. Just to add, I am also using Sandboxie 5.33.6 with FF 86.0.1, and occasionally, Edge with no problems what so ever. I have two addons in FF and one in Edge. On top of that (unlike Bo :cool:), I do have Windows Defender running as well as Malwarebytes running in real time minus the web protection with nary a problem here. Of course anyone can choose what version they want to use; whatever works best for them. Ciao.
     
  4. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    224
    Ditto here, but with Win Pro v2004.
     
  5. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    146
    Hello! I have upgraded my Windows 10 to 20H2 today (from 1909) and I'm happy to say that (at least so far) I have no problems with Sandboxie 5.33.6, everything seems to work just like it was before the Windows upgrade.

    There is one little problem I've been having for a while now (but with the Windows 10 version 1909 already) and that is that, in certain cases, Sandboxie won't terminate when I close Firefox, as there's RuntimeBroker.exe running (lingering).

    Something similar was happening a couple of years before and at that time I solved it by adding the RuntimeBroker.exe to the Lingering programs. But now (maybe after I upgraded Firefox to version 85, or 86, or even before, but not too long ago) this doesn't help.

    RuntimeBroker.exe keeps lingering after I close sandboxed Firefox, until I:
    a) manually terminate the sandbox
    or
    b) open Firefox again and close it immediatelly afterwards.

    Sounds familiar to anyone? Any idea how to fix this?

    EDIT: I've just read that RuntimeBroker.exe is a process (or service, don't remember exactly) which has something to do with Metro apps and privacy. Is there a way to set Sandboxie so that it doesn't allow for it to execute/start? If not, the only other way to maybe fix this would be to create a FirefoxBox and make Firefox.exe a Leader program?

    EDIT 2: CompPkgSrv.exe is involved (sometimes) too and has to be terminated for the sandbox to terminate. Also, I've noticed that RuntimeBroker.exe gets invoked/started if I search for something that displays a video in Google results. If it's just a text page, sandbox termiantes OK upon closing Firefox (I'm not 100% sure on that though).
     
    Last edited: Mar 20, 2021
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    Hi Bell. Regarding RuntimeBroker.exe, I always have 2 and sometimes up o 4 of those running in the system but never in the sandbox. My every day Firefox sandbox is highly restricted, in it I don't allow RuntimeBroker.exe to run. Perhaps it has a few times in the past tried to run but I cant recall if it ever has. So, is not something we need to allow and I can't remember it ever running in the sandbox. Unless you have an extension or another program that you run along Firefox in the same sandbox and this program triggers or uses RuntimeBroker.exe, then you don't need to allow it to run.

    So, you could setup a Start/Run restricted sandbox and don't allow RuntimeBroker.exe to run. Also, you can make firefox.exe the Leader program (as indeed, in the Firefox sandbox, firefox.exe is the Leader program). And then for convenience, you could hide the messages about RuntimeBroker.exe wanting to run. I probably would stay away for a little while from hiding the messages so I could perhaps figure out what triggers RuntimeBroker.exe to wanting to run.

    Regarding CompPkgSrv.exe. A while back, long time ago, I saw it a few times when closing the sandbox. It became an annoyances. I remember doing the reading about it, and came up with the conclusion that the most convenient way to go with it was to allow it to run. So, I allow it to run. It is safe to allow it to run as it is a MS file. So, no big deal.

    Bo
     
  7. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    146
    Hi Bo, I have Firefox forced in my DefaultBox, but I get the RuntimeBroker.exe running with only Firefox opened in the DefaultBox, nothing else. I think I can only list programs that are allowed in a sandbox under the Start/Run settings? Is there a way to set programs that are not allowed to run in a certain sandbox? Thank you.
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    re: RuntimeBroker.exe - Plus 0.7.2
    my Firefox box vs. DefaultBox
    [Firefox]

    Enabled=y
    ConfigLevel=8
    RecoverFolder=%Desktop%
    BorderColor=#00ffff,ttl,6
    NotifyInternetAccessDenied=y
    ProcessGroup=<StartRunAccess>,firefox.exe,notepad.exe,rundll32.exe
    ProcessGroup=<InternetAccess>,firefox.exe
    ClosedFilePath=!<InternetAccess>,InternetAccessDevices
    ClosedFilePath=%Personal%\
    ClosedFilePath=%{374DE290-123F-4565-9164-39C4925E467B}%\
    ClosedFilePath=%My Pictures%\
    NotifyStartRunAccessDenied=y
    AutoDelete=y
    NeverDelete=n
    BlockNetworkFiles=y
    DropAdminRights=y
    Template=Firefox_Force
    Template=SkipHook
    Template=FileCppy
    Template=Firefox_Bookmarks_DirectAccess
    BoxNameTitle=n
    CopyLimitKb=81920
    CopyLimitSilent=n
    ClosedIpcPath=!<StartRunAccess>,*
    BlockNetParam=y
    FakeAdminRights=n
    ClosePrintSpooler=n
    OpenPrintSpooler=n
    AllowSpoolerPrintToFile=n
    OpenSmartCard=n
    AllowRawDiskRead=n
    NotifyDirectDiskAccess=n

    ===================================

    [DefaultBox]

    Enabled=y
    ConfigLevel=8
    AutoRecover=n
    BlockNetworkFiles=y
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    Template=SkipHook
    Template=FileCopy
    Template=qWave
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    png_9796.png png_9797.png
    Edit: just realized I'm off topic - My bad.
     
    Last edited: Mar 28, 2021
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    Understood, you get RuntimeBroker.exe running by just running Firefox under Sandboxie.

    Perhaps one reason I dont see it running is because I disable Multiprocess. Another reason could be because I use the 32 bits version of Firefox. This are just guesses. You could try testing with a new Firefox profile, and see if RuntimeBroker.exe runs before you make changes to Firefox or install extensions. Now that I remember, when I test using new profiles and I do this all the time (MP is on), I don't recall seeing runtimebroker running.

    As of today, this is what I allow to run in my every day Firefox sandbox.

    2.jpg



    @bjm I am not sure what you are trying to show by posting the pictures. Other than perhaps, that runtimebroker doesn't run for you either.

    Bell. Regardless of why RuntimeBroker.exe is attempting to run for you. It is safe to allow it to run. You can restrict it from running or allow it, either way you are OK.

    If you allow it to run, you wont see messages anymore when it attempts to run.

    If you dont allow it to run, you can get rid of the messages by either, unticking the box in the Start Run Window that states: "Issue message 1308 when access is denied", or by Clicking Hide in the SBIE message that pops up in the middle of the screen telling you that runtime wants permission to run.

    To disallow something from running, you have to add programs that are allowed to. You can't set the sandbox to allow everything to run but not this or that.

    You could test the new Firefox profile in a sandbox. Use the path below to create a sandboxed shortcut for the Firefox Profile Manager. It is set for the Profile manager to run in a sandbox named Test. So, you need to create a new sandbox and name it Test. And run the shortcut afterward. My Firefox is 32 bits but the way it is written below is for 64 bits Firefox.

    "C:\Program Files\Sandboxie\Start.exe" /box:test "C:\Program Files \Mozilla Firefox\firefox.exe" -no-remote -P "NewProfile"

    Bo
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    I showing my Firefox running in [DefaultBox] vs my Firefox running in my [Firefox] box.
    Plus creates [DefaultBox].
     
    Last edited: Mar 21, 2021
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    I see the difference now. In Default, RuntimeBroker.exe does run for you.

    Bo
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    Yes....I can post Classic UI pics. Since, @Bellzemos mentions DefaultBox #907. I posted Plus UI pics.

    my [Firefox] box #908
    ProcessGroup=<StartRunAccess>,firefox.exe,notepad.exe,rundll32.exe
    ProcessGroup=<InternetAccess>,firefox.exe

    I also have RuntimeBroker.exe with my HideMessage=
    SbieCtrl_HideMessage=2222,RuntimeBroker.exe [Firefox]
    SbieCtrl_HideMessage=1308,RuntimeBroker.exe [Firefox]
    Edit: just realized I'm off topic - My bad.
     
    Last edited: Mar 28, 2021
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    In my opinion, Bell should not let this RuntimeBroker.exe thing annoy him. I think he should just click Hide in the messages and forget about it (You hear me, Bell :cool:). But if he decides to go the other way and allow it to run, it is also OK as the only RuntimeBroker.exe that would be allowed to run is the one in his computer and that is a Microsoft file. Either way, you dont lose.

    Bo
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    In my opinion, best to run Firefox in discrete [Firefox] box.
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,926
    Location:
    Mexico
    This the correct approach.
     
  16. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    146
    Hi, thank you all. I've run Firefox in the DefaultBox since I started using Sandboxie over 11 years go so I think I'll have a hard time getting used to it running in a dedicated/restricted FirefoxBox. For example, I've often downloaded someting in the DefaultBox through Firefox and then opened it in a DefaultBoxed Windows Explorer. I won't be able to do that in FirefoxBox if only Firefox.exe (and a couple of other executables) will be allowed to run.

    Is there a way to restrict RuntimeBroker.exe from running in the DefaultBox?

    Bo, you mentioned something about disabling multiprocess? I use 64-bit Firefox. What could I try?

    Again, thank you!
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    DefaultBox today is different from default box of 11 years back.
    Plus DefaultBox is baked-in. Plus DefaultBox cannot be removed nor renamed.
    Do you run Plus build or Classic build. Do you run Plus build - Plus UI or Classic UI?
    Please review my Firefox box vs. DefaultBox > #908
    Edit: just realized I'm off topic - My bad.
     
    Last edited: Mar 28, 2021
  18. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    165
    Location:
    uk
    But it can be disabled
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,939
    Location:
    .
    Okay....I've not tried. I maintain DefaultBox as reference box. Just me.

    as test ~
    Classic 5.49.0 clean install - creates DefaultBox and Sandboxed Web Browser (default) shortcut.
    Classic 5.49.0 clean install - Classic DefaultBox may be renamed, may be removed (after creating new box).
    Edit: just realized I'm off topic - My bad.
     
    Last edited: Mar 28, 2021
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    I know you mentioned Lingering programs and Leader program, but sounded like you think you have to use one feature or the other. You can use them both at the same time. So, you could make firefox.exe the Leader program and add RuntimeBroker.exe to lingering programs. And see what happens.

    Or

    I know what you mean about being used to running Firefox in the DefaultBox since you being doing it forever, I stil do that also. But you dont have to restrict yourself to only using one sandbox for Firefox. At all times I have at least 3 sandboxes were I run Firefox. One is usually more than restricted than the rest. So, take full advantage of what Sandboxie gives and create one resticted sandbox for Firefox, and allow all exes for the programs you normally run sandboxed in the default box. You don't have to add all this programs at once. As you start using this new sandbox, and as you go doing what you normally do, you will get SBIE messages telling what's asking to be allowed to run. And then you allow if this are programs you normally have run in the unrestricted DefaultBox. You are familiar with this programs so this should be easy.

    One thing I never do or done is download something and open the file in file explorer before is recover. Never. When I download files, I recover them. And never stop running them sandboxed, almost all files I download, run sandboxed during their lifetime in my computer.

    This is done by either of this 2 ways: You set your Downloads folder as a Forced folder, and make Forced programs most if not all the programs you run in a daily basis. Doing this is really simple, it works, and allows you to get away from what must be tiresome (checking files via sandboxed file explorer before recovering downloads) and inconvenient. I know a lot of people do this but I don't inspect the file and check it and do this and that with the file before recovering it.

    And you have an AV, I don't. The AV already scan the file before starts downloading or when is created in the hard drive. So, IMO, and is only my opinion. Doing all this checking makes no sense.

    Besides that, to avoid doing this checking, you continue running files under Sandboxie's supervision, you dont have to stop running files sandboxed just because they have been recovered. Why stop? Unless you are going to install something, an installer, there is no reason to stop using SBIE.

    In the end, if you go the way above, you can quit opening files with file explorer before recovering them, or if you prefer to continue doing it, then just allow explorer.exe to run in the new restricted sandbox. Or, go to the sandbox folder via unsandboxed File explorer and do what you want to do with the files that are there waiting to be recovered or discarded. Almost all files in the Sandbox folder that you download will run sandboxed if they are clicked on.

    If you decide to try the restricted sandbox, the first time you see Runtime attempting to run, click to Hide the message. It will never annoy you again. :)

    Bo
     
    Last edited: Mar 28, 2021
  21. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    897
    Location:
    Canada
    Does anyone want to try this using the classic version?

    Run Autoruns and notice how many entries are shown.

    Now run it again sandboxed and look at entries again.

    I do this and get 5x the number of entries sandboxed, all Microsoft entries. Anyone know why?
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,101
    Location:
    The Netherlands
    Yes it's certainly in my top 10 all time favorites, I have been using it since 2004. I'm so glad that it's still alive. So a big thanks to Tzuk, Invincea, Sophos and now David. Also, I never had big problems with Sandboxie it has somehow always worked correctly with most major browsers like Opera, Firefox and Vivaldi. I never actually had to upgrade it that much. And I still use it to quickly install and check out apps in the sandbox without any risk to my system.
     
  23. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,803
    hi
    is there a way to open only some links/webpages inside sandboxie?
    thanks
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,971
    Location:
    Nicaragua
    Hi mantra. You can create shortcuts to open links/webpages in a sandbox but after the link opens, you can move away from it and open other webpages or links.

    "C:\Program Files\Sandboxie\Start.exe" /box:All "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" https://www.wilderssecurity.com

    I am not sure but if this is what you like to do, you can use the path above to create the sandboxed shortcut. You can do it by right clicking the Desktop>New, create shortcut by copy pasting the path.The way the path above is set is to open wilders.com in a sandbox named All. So, just change the name of the sandbox to the name of the sandbox you like to use and change the website address to the correct address of the webpage you like to open sandboxed.

    Bo
     
    Last edited: Apr 5, 2021
  25. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,803
    Hi Bo
    it works , I gotta create several links ,seeing I have a list of website to open only inside saboxie
    maybe I know which version of sandboxie do you use?
    thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.