Sophos Central Admin: Sophos Central Engineering will be performing routine maintenance to Sophos Central on Saturday February 1, 2020 starting at 13:00 (UTC). For more info please see KBA 133402.
We'd love to hear about it! Click here to go to the product suggestion community
I have Windows 10 Pro x64 v1903 and Sandboxie v5.31.2 - paid license. Sandboxie is my favourite program and I've been using it for about 10 years now.Today, I've noticed that file download info stays in Internet Explorer after terminating and deleting contents of my DefaultBox. :(
Afterwards, after auto-deletion of the contents of the DefaultBox I checked in Windows Explorer and the DefaultBox folder was gone, as it should be.Then, I run IE in my second sandbox named Disabled Internet (which has internet disabled for all programs) and, to my suprise, was able to see the downloaded files from the previous session in the DeafaultBox. Which means that the downloaded files info got saved outside of the sandbox. :(
Then, I checked with CCleaner and saw that I had a ton of cookies on my system, even though all my sandboxes are deleted/emptied and I have no exceptions that allow cookies or anything enabled.So, I then created a new sandbox named LeakBox, with forced IE and no exception allowed + drop rights feature enabled (as it's in all my sandboxes anyway). I run IE in the LeakBox and downloaded CCleaner installation file, to test it again.And it leaked again. :(https://i.imgur.com/O24rvi3.png
I have downloaded CCleaneer with Firefox, closed FF and deleted the content. Now the downloaded file is gone, as expected.
Maybe this is an IE issue? As far a I know Edge can not be sandboxed, so maybe MS has changed something in IE to the same effect?!
I agree that Sandboxie appears to be leaking running IE. I'm seeing cookie files with modified dates that happened only while running IE in the sandbox. And sites I've visited only inside the sandbox are showing the 'visited link' coloration outside of the sandbox, or inside the sandbox again after I've wiped the sandbox.
There's most definitely a leak.