SBIE 3.31.02 Questions

Does anyone have any idea how I can configure SBIE to allow spawned WinPatrol processes to use IE? The new version of SBIE allows the user to control what can be run inside the sandbox, and I think that might be what the problem is. As it is now WinPatrol cannot launch IE and use it to look up "plus" info. My IE config is below. Any help would be greatly appreciated.

 

From MitchE323 from over at SB's forum:

For any future issues it would be better to post over there maybe?

 

I suggest that you create a new sandbox and compare it to the sandboxes created with old sandboxie.ini. Some settings arent needed anymore because the new beta comes with the new "Restrictions" feature for example ClosedFilePath=!<restricted>,* is not needed. Now it looks like this: ProcessGroup=<StartRunAccess_Firefox>,firefox.exe for Firefox

 

Thanks. I've gotten WinPatrol to work; I just deleted the sandbox and re-created it. But I have another concern. I've been able to succesfully terminate process that are (or should be) protected. I ran APT in a sandbox and kill method 07 was able to terminate. I've put my SBIE configuration below because I have a feeling this is due to errors, or 'unoptimizations' or the file. If anyone can help me get it 'correct' I would appreciate it.

 

Nothing wrong with the ini that I can see. I got the same result with Kill Method #7 so I posted the concern on APT (Advanced Process Termination) over at Sandboxie.
http://sandboxie.com/phpbb/viewtopic.php?t=4148

 

Just a couple of minor things on the ini while we wait on an answer at Sandboxie;
The Miranda - Opera - System sandboxes do not have the full amount of Internet Access lines (Like the IE box does);
ClosedFilePath=!<InternetAccess_IE>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_IE>,\Device\Udp6
ClosedFilePath=!<InternetAccess_IE>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_IE>,\Device\Ip6
ClosedFilePath=!<InternetAccess_IE>,\Device\RawIp
ClosedFilePath=!<InternetAccess_IE>,\Device\Udp
ClosedFilePath=!<InternetAccess_IE>,\Device\Tcp
ClosedFilePath=!<InternetAccess_IE>,\Device\Ip
ClosedFilePath=!<InternetAccess_IE>,\Device\Afd*

So they are missing the Udp lines.

In the User settings;

SbieCtrl_BoxExpandedView_Main=Y
SbieCtrl_BoxExpandedView_JRiver=Y
SbieCtrl_BoxExpandedView_Amazon=Y
SbieCtrl_BoxExpandedView_removeable=Y
SbieCtrl_BoxExpandedView_Removable=Y
SbieCtrl_BoxExpandedView_VideoGet=Y

These are from sandboxes of the past and can be deleted.

 

You're right. Thanks for that. Also, there's a little more to it than the termination of unprotected processes I'm afraid. I'm running the beta version of SBIE and I was able to terminate processes that were supposed to have been protected (sandboxed); Kerio, MBAM, and Anvir were all terminated while sandboxed. APT was also run in my "system" sandbox.

 

I understand that. Are we going to have two threads on this? I posted the link to this thread in the very first sentence of my post at Sandboxie. You spotted the issue (Good Job). I thought it would be better to get an answer from Tzuk as quickly as possible so I posted there.

 

You are alarmed backwards. I think it is far more understandable if the APT.exe is running in a sandbox, and terminates programs running in that same sandbox. That may or may not be preventable with ClosedFilePaths and such. What it should not be able to do, IMO, is terminate programs running in other sandboxes (I cant get it to do that) but big-time especially should not be able to terminate a non-sandboxed app - like an AV or other security program (or really any program).

 

there is a new beta 3.31.06 download at sandboxie's website,maybe the new one will fix this isue

 

No, that does not fix the issue. However, there was a version just released today that fixes every process ternination issue I have. Now processes that are sandboxed cannot terminate any other process. This is great news; AVs, firewalls, and other secirity software cannot be rendered useless now. For more information see this thread at the SBIE forum.

 

ok and thanks for the link and info

 

Of course. I think it worth mentioning 'tzuk' fixed all my issues with process termination is literally two days (at the most). Service like this is extremely rare. If you can afford it, I recommend everyone purchase an SBIE license based on that fact alone. It's nice to see someone that actually cares about user protection. Tzuk certainly suts that description.

 

i got my self a life time licence last year

 

Does this mean that i dont need to block paths to my security apps anymore because the process termination is blocked by default?

 

Theoretically, yes. But, given that this is a beta there still vould be changed made to SBIE. What would be the harm in keeping those entries listed? I think this is a case where it is better to be safe than sorry.

 

That would be very nice. My sandboxie.ini is getting a bit chaotic with the amount of blocked paths

 

Send me you config file and I'll see if I can help you make sense of it.

 

Thx for your help . I know what is in the .ini. The problem is that the .ini is not sorted and therefore it takes some time searching things (my fault) . But its no biggie at all.