Thread Info
  • Replies 41 replies
  • Subscribers 11 subscribers
  • Views 87706 views
  • Users 0 members are here
Options
Suggested

[Sandboxie Beta] Sandboxie Beta 5.31 (Latest version 5.31.2)

Barb@Sophos

All,

Please find Sandboxie Beta 5.31.2 below:

Combined installer 
Sandboxie Beta 64 bit installer 
Sandboxie Beta 32 bit installer 

Changes in 5.31.2
- Internet Explorer new tabs will no longer open a new window instead
- Addressed an issue in which certain installers would not start if triggered via forced folders

Known Issues
 - Win 7 and 8.1 only - Internet Explorer - Program downloads will not initiate if Sandboxed (no workaround other than using a different browser)

Previous changes
Changes in Sandboxie 5.31.1
- Addressed a permissions issue that would prevent files from downloading or saving when Sandboxed on Windows Fast ring versions 18362/ 1903

To report a problem in this thread, please follow these guidelines:
How to report problems with Sandboxie

  • in reply to Barb@Sophos

    Hi Barb,

    Barb@Sophos said:
    Please test disabling Applocker, reboot and retry.

    You're right! Disabling AppIDSvc solved the problem. I will continue the experiments and let you know when I find the cause.

    Barb@Sophos said:
    What Windows version was installed (the clean install) and which update did you apply exactly? 

    Microsoft Windows 10.0.17763.316 Enterprise LTSC Version 1809 (release in March 2019). Updates were made via Windows update in July. Tomorrow I will check everything from the very beginning and provide accurate data.

    Thank you very much!

  • in reply to Kon Diter

    Hi Kon,

    Try adding Anonymous Logon to your Applocker rules, as that is the user Sandboxie programs run as. 

    As an update, I tested Win 10 Enterprise 1809 (17763.316) and encountered no issues with Sandboxie 5.31.2  So between this test and your previous response, looks like the issue is related to your environment settings.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • in reply to Barb@Sophos

    Hi Barb,

    Barb@Sophos said:
    Try adding Anonymous Logon to your Applocker rules, as that is the user Sandboxie programs run as. 

    Excuse me, could you show exactly how to do this? I can't add "NT AUTHORITY \ ANONYMOUS LOGON" to "Everyone" in settings Applocker rules. Either one or the other.

  • in reply to Kon Diter

    Hi Kon,

    Unfortunately, I don't know how to configure AppLocker. But sandboxed applications run as Anonymous Logon, you'll need Applocker to consider that in the rules. This was something that was discussed in the past (forums no longer accessible) so I am sharing what I remember from that thread. 

    Perhaps an online search can help.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • in reply to Barb@Sophos

    Problem is back.

      

    1- Sandboxie and Windows version (For example Sandboxie 5.30 , Windows 10 x64 bit 1809)

    - Sandboxie Beta 5.31.2
    - Windows 10 Education, Version 1903, Build 18362.239

     

    2 - Affected applications version (if using a browser, include any extensions as well)

    - Chrome Version 75.0.3770.142 (Official Build) (64-Bit)

    Chrome Extensions (active):

    - dict-cc 1.6.89
    - Google Translator 2.0.7
    - uBlock Origin 1.21.6

    - Thunderbird 60.8.0 (32-Bit)

    - Origin Version 10.5.43.28287 - 0

    - VirtualBox 5.2.26

    (just a few examples)

     

    3 - List any antivirus installed, and their version.

    Windows Defender (latest updates)

     

    4 - Steps to reproduce the issue.

    While sandboxed Chrome is running, do the following:

    - Thunderbird: Click on link in Mail or open the Online Help (press F1 or use the menu)
    - Origin:: Open the Online Help (press F1 or use the menu)
    - VirtualBox: Menu -> Help -> VirtualBox Website

    Mouse cursor shows the loading spinner shortly and then nothing happens anymore.

     

    5 - Does it occur in a new sandbox with default settings?

    When I run Chrome in a new sandbox and open a link (like explained in 4.), it will open BUT it will start a new instance of Chrome in the DefaultBox and opens in there and NOT in the already running sandbox.
    The newly created Chrome will have an extra icon in the taskbar instead of using the existing one which is used when Chrome is started normally.
    In this instance of Chrome any other clicked link will open properly.

     

    6 - Full error message and screenshots of it if applicable.

    SBIE2101 ConnectPort (C0000022) access=001F0000 initialized=1

    appears 3 times, when opening Chrome in the Sandbox.

  • in reply to snowball one

    Hi snowball,

    I tested Thunderbird and pressing F1, Chrome opened fine in the Sandbox where is forced to run.

    Are you running Thunderbird outside Sandboxie? If so, and you have Chrome forced in a default Sandbox, then Chrome will be launched there (default forced box) instead of in a different box, regardless of whether Chrome is already running in a non forced Sandbox. That is the expected behavior (the SBIE messages are not, however).

    Can I please get a copy of your configuration file? Configure --> Edit configuration
    Copy paste the contents here

    Thanks!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • in reply to Barb@Sophos

    Ok, here are my settings:

    (I have a Thunderbird Sandbox, but I don't use it.)

    Have you tried to start Chrome in the Sandbox first and then open a link from Thunderbird as well?

     

     


    [GlobalSettings]

    Template=WindowsRasMan
    Template=Logitech_G15_Keyboard
    Template=7zipShellEx
    Template=OfficeClickToRun
    Template=WindowsLive
    Template=nVidia_Stereoscopic3D
    Template=OfficeLicensing
    ActivationPrompt=n
    TemplateReject=Avira_Antivirus

    [DefaultBox]

    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    Enabled=y
    CopyLimitKb=818178
    ForceProcess=firefox.exe
    ForceProcess=chrome.exe

    [UserSettings_25500394]

    SbieCtrl_UserName=snowball-pc
    SbieCtrl_NextUpdateCheck=1564750497
    SbieCtrl_UpdateCheckNotify=n
    SbieCtrl_ShowWelcome=n
    SbieCtrl_WindowCoords=881,174,1039,698
    SbieCtrl_ActiveView=40021
    SbieCtrl_ProcessViewColumnWidths=250,70,300
    SbieCtrl_AutoApplySettings=n
    SbieCtrl_RecoverTarget=D:\snowball\Downloads\SandboxieDLs
    SbieCtrl_SaveRecoverTargets=y
    SbieCtrl_ExplorerNotify=n
    SbieCtrl_HideWindowNotify=n
    SbieCtrl_BoxExpandedView=DefaultBox,firefox_portable,mi2,NewTestBox,TestBox1,Thunderbird,tor1

    [TestBox]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl

    [USB_Box]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    CopyLimitKb=357378

    [ChromePortable]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl

    [Thunderbird]

    ConfigLevel=7
    AutoRecover=y
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y

    [test1]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=Thunderbird
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    CopyLimitKb=359426

    [tor1]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    CopyLimitKb=357378
    ForceProcess=firefoxportable.exe

    [tester]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    CopyLimitKb=349188

    [mi2]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl
    CopyLimitKb=349186

    [firefox_portable]

    ConfigLevel=7
    AutoRecover=y
    Template=AutoRecoverIgnore
    Template=Firefox_Phishing_DirectAccess
    Template=Chrome_Phishing_DirectAccess
    Template=LingerPrograms
    Template=BlockPorts
    Template=WindowsFontCache
    RecoverFolder=%Desktop%
    RecoverFolder=%Favorites%
    RecoverFolder=%Personal%
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    BorderColor=#00FFFF,ttl
    Enabled=y
    CopyLimitKb=581634
    ForceProcess=chrome.exe
    ForceProcess=firefox.exe

    [NewTestBox]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl

    [TestBox1]

    Enabled=y
    ConfigLevel=7
    AutoRecover=y
    BlockNetworkFiles=y
    Template=qWave
    Template=WindowsFontCache
    Template=BlockPorts
    Template=LingerPrograms
    Template=Chrome_Phishing_DirectAccess
    Template=Firefox_Phishing_DirectAccess
    Template=AutoRecoverIgnore
    RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    BorderColor=#00FFFF,ttl

     

  • in reply to snowball one

    Hi snowball,

    I was finally able to repro the issue, unsure as to what has changed. 

    Next steps for you
    First, please try this test setting (you will be lowering the protection of the Sandbox, but if possible, give it a quick test it and let me know if this alleviates the issue for you - it does for me):
    Right-click on your Sandbox--> Sandbox settings --> Resource Access ---> Window Access
    Hit Edit/Add and enter the below listed:
    *
    Apply and Okay your way out
    Delete the contents of your Sandbox, try reproducing the issue.

    Regarding the SBIE messages (I cannot repro this) you are receiving and the lingering processes when you close Chrome (I can repro this part if software reporter tool is running):
    1 - Remove-reinstall Google Chrome, ensure you do not check the box for sending crashes, shown at the beginning of the installation (this will exclude installing the software reporter tool, which is why you are seeing those extra processes when you close Chrome).
    2 - Empty your Sandbox and re-test, see if the SBIE message is gone after that / processes are gone.

    Let me know how both tests go please.

    Thank you!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • in reply to Barb@Sophos

    Barb@Sophos said:

    First, please try this test setting (you will be lowering the protection of the Sandbox, but if possible, give it a quick test it and let me know if this alleviates the issue for you - it does for me):

    Right-click on your Sandbox--> Sandbox settings --> Resource Access ---> Window Access
    Hit Edit/Add and enter the below listed:
    *
    Apply and Okay your way out
    Delete the contents of your Sandbox, try reproducing the issue.

     

    With this settings opening links work again.

     

    Barb@Sophos said:

    Regarding the SBIE messages (I cannot repro this) you are receiving and the lingering processes when you close Chrome (I can repro this part if software reporter tool is running):
    1 - Remove-reinstall Google Chrome, ensure you do not check the box for sending crashes, shown at the beginning of the installation (this will exclude installing the software reporter tool, which is why you are seeing those extra processes when you close Chrome).
    2 - Empty your Sandbox and re-test, see if the SBIE message is gone after that / processes are gone.

    Let me know how both tests go please.

    Thank you!

     

     
    Thanks for the advice! Maybe I will try that later, but at the moment I don't want to reinstall Chrome.

  • First of all thank you :) Sandboxie Unable to run on windows1909 (This is Google Translate English Please forgive me)

    1 - window10 1909 18363.329 Sandboxie 5.31.2
    2 - all programs
    3 - no AV installed
    4 - SBIE1222 Error with security token: [C0000058 / 62]
         SBIE1222 Error with security token: [C0000022 / 61]
         SBIE2314 正在注销进程 Start.exe [16652 / 12]
    5 - yes under all conditions this error happens
    6- abload.de/.../2019-09-07151213drkvp.png

Unfiltered HTML