SANDBOXIE LEAKING? :(

I have Windows 10 Pro x64 v1903 and Sandboxie v5.31.2 - paid license. Sandboxie is my favourite program and I've been using it for about 10 years now.

Today, I've noticed that file download info stays in Internet Explorer after terminating and deleting contents of my DefaultBox. :(

https://i.imgur.com/WJzwIzW.png


Afterwards, after auto-deletion of the contents of the DefaultBox I checked in Windows Explorer and the DefaultBox folder was gone, as it should be.

Then, I run IE in my second sandbox named Disabled Internet (which has internet disabled for all programs) and, to my suprise, was able to see the downloaded files from the previous session in the DeafaultBox. Which means that the downloaded files info got saved outside of the sandbox. :(

https://i.imgur.com/k0o5iv9.png


Then, I checked with CCleaner and saw that I had a ton of cookies on my system, even though all my sandboxes are deleted/emptied and I have no exceptions that allow cookies or anything enabled.

So, I then created a new sandbox named LeakBox, with forced IE and no exception allowed + drop rights feature enabled (as it's in all my sandboxes anyway). I run IE in the LeakBox and downloaded CCleaner installation file, to test it again.

And it leaked again. :(


https://i.imgur.com/O24rvi3.png


I have no idea why this is happening and for how long it's been going on, I'm clueless. My Sandboxie user settings and the new LeakBox settings are posted below:

[GlobalSettings]

Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
ActivationPrompt=n

[UserSettings_0C880214]

SbieCtrl_UserName=user
SbieCtrl_NextUpdateCheck=-1
SbieCtrl_UpdateCheckNotify=y
SbieCtrl_ShowWelcome=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_EnableLogonStart=y
SbieCtrl_EnableAutoStart=y
SbieCtrl_AddDesktopIcon=n
SbieCtrl_AddQuickLaunchIcon=y
SbieCtrl_AddContextMenu=y
SbieCtrl_AddSendToMenu=n
SbieCtrl_TerminateNotify=n
SbieCtrl_TerminateWarn=n
SbieCtrl_ExplorerNotify=n
SbieCtrl_ExplorerWarn=n
SbieCtrl_EditConfNotify=n
SbieCtrl_ReloadConfNotify=n
SbieCtrl_ProcSettingsNotify=n
SbieCtrl_SettingChangeNotify=n
SbieCtrl_ShortcutNotify=n
SbieCtrl_ShouldDeleteNotify=n
SbieCtrl_AutoApplySettings=n
SbieCtrl_WindowCoords=999,606,930,573
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView=LeakBox

[LeakBox]

Enabled=y
ConfigLevel=7
BlockNetworkFiles=y
Template=IExplore_Force
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
BorderColor=#00FFFF,ttl
AutoDelete=y
NeverDelete=n
DropAdminRights=y

  • I have downloaded CCleaneer with Firefox, closed FF and deleted the content. Now the downloaded file is gone, as expected.

    Maybe this is an IE issue? As far a I know Edge can not be sandboxed, so maybe MS has changed something in IE to the same effect?!

    Kind regards.

  • I agree that Sandboxie appears to be leaking running IE. I'm seeing cookie files with modified dates that happened only while running IE in the sandbox. And sites I've visited only inside the sandbox are showing the 'visited link' coloration outside of the sandbox, or inside the sandbox again after I've wiped the sandbox.

    There's most definitely a leak.

  • Most definitely. It has been there for a while now and I've spent time reproducing it and trying to see why or fix it. I give up, but the path,

    C:\Users\(user)\AppData\Local\Microsoft\Windows\INetCache is written to right through the sandboxie to the harddrive. No I do not or ever have opened up IE cookies in settings, and it makes no difference that setting was tested.

    Sandboxie cannot sandbox IE11 cookies and I got stuck with some un-deleteable cookies. Simply use IE11 entire browser reset to remove un-deleteable content ,.... but still if cookies leak thats a vector....I am wondering how and what else can leak.

    It's a sign to stop using IE11, I've been with sandboxie from the beginning and back then it's primary goal was ONLY sandboxing Internet Explorer without crashing, and anything else Tzuk could make work at first was a bonus. 

    People need to be realistic. Sophos is busy building their business and sandboxie is not a product that's easy to configure/use or market. We are lucky they did not kill it off, but realistically I doubt any programmers with the experience and skill will work for free keeping sandboxie up to date. Let's hope Sophos continues with minimal but functional fixes.

    If you have a sandboxie problem that nobody else is having, it's most likely your PC's particular configuration as problems with sandboxie are usually widespread problems and quickly pop up in this forum. Lets hope for the best but be realistic in Sophos role. Even Tzuk didn't work for free.