Microsoft Edge Browser - Force to Run in Sandbox?

I see support in the GUI for Firefox, Chrome, etc., but nothing for Microsoft Edge.  I'm running Windows 10 (1909) and would like to force Edge to run in its own sandbox whenever Windows automatically invokes it (as from the Windows Search box).  What's the best way to do this?

I want these Windows features (like search) to run correctly, but I also want to limit the damage that Edge can do to my system... -- jclarkw

  • bj m said:

    Um, are you asking how to force new Edge. 

     

    Not sure I understand your question:

    The Microsoft Edge that comes built into Windows 10 Pro vs. 1909 calls itself 44.18362.449.0 and Build 18363.

    (This information is buried in non-obvious places...) -- jclarkw

  • jclarkw said:

     

     
    bj m

    Um, are you asking how to force new Edge. 

     

     

     

    Not sure I understand your question:

     

    The Microsoft Edge that comes built into Windows 10 Pro vs. 1909 calls itself 44.18362.449.0 and Build 18363.

    (This information is buried in non-obvious places...) -- jclarkw

    Old Microsoft Edge (original) 44.x is not supported. 

    New Microsoft Edge (based on Chromium) works with Sandboxie (for me) like Chrome.

    https://www.microsoft.com/en-us/edge

    https://support.microsoft.com/en-us/help/4501095/download-the-new-microsoft-edge-based-on-chromium

    https://blogs.windows.com/msedgedev/2020/01/15/upgrading-new-microsoft-edge-79-chromium/

  • >>...Old Microsoft Edge (original) 44.x is not supported. 

    New Microsoft Edge (based on Chromium) works with Sandboxie (for me) like Chrome.

    ...https://blogs.windows.com/msedgedev/2020/01/15/upgrading-new-microsoft-edge-79-chromium/<<

     

    Thanks for opening my eyes!  I upgraded, created a new sandbox for the new Edge (only default permissions for Google Chrome), and forced Edge to run in it.  It appears to open correctly either from the desktop shortcut or from Windows Web search, except that the first search I tried either way ("Microsoft Edge") produced the following three Sandboxie errors:


    SBIE2303 Could not hook CoGetObject (33, 1655)
    SBIE2303 Could not hook RegisterDragDrop (33, 1655)
    SBIE2318 DLL initialization failed for 'ole32.dll'

    Not sure what any of this means... Suggestions?

  • bj m said:

    Also, how did you manage to get the 64-bit version of Edge 80.x?  When I followed those links (on a 64-bit machine running 64-bit Windows 10 Pro), it installed "msedge.exe" in the Program Files (x86) folder without giving me any choice!

    Further problems are encountered when I try to examine Menu/Help and feedback/About Microsoft Edge (in the forced sandbox).  It throws up a UAC warning asking for administrator rights to run "Sandboxie Start."  (I normally run everything except installations in a Standard User account as recommended, and I haven't ever forced a program before now.)  I don't know why this is happening, but if I click "No," I get the same three Sandboxie errors again.  I'm hoping you encountered some of these problems with your installation and can explain...

    Closing the error box, however, I can see the attached page, which suggests that I have the 64-bit version after all but that it cannot contact it's update location.  Again I don't know what this means...

    Sorry this all seems to be mushrooming out of control.  Can you explain what's going on? -- jclarkw

  • jclarkw said:

     

     
    bj m

     

     

    Also, how did you manage to get the 64-bit version of Edge 80.x?  When I followed those links (on a 64-bit machine running 64-bit Windows 10 Pro), it installed "msedge.exe" in the Program Files (x86) folder without giving me any choice!

     

    Further problems are encountered when I try to examine Menu/Help and feedback/About Microsoft Edge (in the forced sandbox).  It throws up a UAC warning asking for administrator rights to run "Sandboxie Start."  (I normally run everything except installations in a Standard User account as recommended, and I haven't ever forced a program before now.)  I don't know why this is happening, but if I click "No," I get the same three Sandboxie errors again.  I'm hoping you encountered some of these problems with your installation and can explain...

    Closing the error box, however, I can see the attached page, which suggests that I have the 64-bit version after all but that it cannot contact it's update location.  Again I don't know what this means...

    Sorry this all seems to be mushrooming out of control.  Can you explain what's going on? -- jclarkw

     

    FWIW ~

    First:  new Edge 80.x installs in Program Files (x86) same as Chrome.  It's not an issue.  It's just how it is. 

    Second: I suggest you create a new discrete default sandbox for new Edge as with any browser. 
    When I launch my new Edge sandbox'd and check About.  I get error in my restricted sandbox.

    Do you have separate restricted or non-restricted sandboxes for each browser?

    Update new Edge as you would any browser from your Administrator user account....and not sandbox'd.

    If I ran Standard user account.  I'd perform program maintenance from my Administrator user account.

    I imagine users run daily activities from their Standard user account. 
    Program maintenance is not normal daily activity. IMO

    I do not run Standard user account.  I'd have to test new Edge sandbox from my Standard user account.

    YMMV

  • jclarkw said:

    SBIE2303 Could not hook CoGetObject (33, 1655)
    SBIE2303 Could not hook RegisterDragDrop (33, 1655)
    SBIE2318 DLL initialization failed for 'ole32.dll'

    Not sure what any of this means... Suggestions?

    FWIW ~  my Sandboxie Configuration includes:

    SbieCtrl_HideMessage=2303,ReleaseStgMedium (33, 1655)
    SbieCtrl_HideMessage=2303,CoGetObject (33, 1655)
    SbieCtrl_HideMessage=2303,RegisterDragDrop (33, 1655)

  • >>I suggest you create a new discrete default sandbox for new Edge as with any browser.  
    When I launch my new Edge sandbox'd and check About.  I get error in my restricted sandbox.<<

    >>my Sandboxie Configuration includes:

    SbieCtrl_HideMessage=2303,ReleaseStgMedium (33, 1655)
    SbieCtrl_HideMessage=2303,CoGetObject (33, 1655)
    SbieCtrl_HideMessage=2303,RegisterDragDrop (33, 1655)<<


    I do  updates in an administrator account, but I wasn't expecting one when checking "About..."  I don't have an administrator sandbox -- probably not necessary as would only be for updates?

    Sounds as though I'm doing everything right and should expect the behavior I'm seeing.  Thanks again! -- jclarkw

  • FWIW ~ IMO interesting Topic and pages to read
    https://www.tenforums.com/windows-10-news/148517-new-chromium-based-microsoft-edge-now-generally-available.html

    pages 8 & 9 talk about new Edge in Program Files (x86)

    Regards w Respect