Release v1.0.16 / 5.55.16 (pre-release)

[DavidXanatos]

This build fixes a couple of issues, but also introduces a major change in how sandboxie controls access to process memory.
Before this build sandboxie allowed sandboxed programs to read the memory of any unsandboxed program belonging to the current same, this is obviously a bad idea if your goals is not only infection prevention but also data protection. Hence with 1.0.16 onwards sandboxie will not allow for PROCESS_VM_READ on unsandboxed processes or processes belonging to other boxes.
To facilitate compatibility this build introduces a IPC options, with ReadIpcPath=$:program.exe any unboxed process can be configured to allow for PROCESS_VM_READ, it is also possible to restore the old behavior entirely by specifying ReadIpcPath=$:*
By default the only process whos memory can be read is explorer.exe many processes want that and explorer should not keep any secrets normally anyways. To block this you can use ClosedIpcPath=$:explorer.exe

To facilitate optimal process isoaltion the EnableObjectFiltering option is now on by default, although this only applies for new installations, hence its recommend for existing installation to go to settings->advanced and enable it explicitly.

Other changes in this build include a simple resource access monitor mode and a change how process paths are resolved for sandboxed processes, this should fix a couple of issues.

Given that this build changes a couple of core mechanics it is possible that in some special cases this can lead to an incompatibility.

If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

You can support the project through donations, any help will be greatly appreciated.

ChangeLog

Added

• FIXED SECURITY ISSUE: memory of unsandboxed processes can no longer be read, exceptions are possible
  -- you can use ReadIpcPath=$:program.exe to allow read access to unsandboxed processes or processes in other boxes
• Added "Monitor Mode" to the resource access trace, similar to the old monitor view of SbieCtrl.exe

Changed

• EnableObjectFiltering is now set enabled by default, and replaces Sbie's old process/thread handle filter
• the $: syntax now accepts a wildcard $:* no more specialized wildcards though

fixed

• fixed NtGetNextProcess being fully disabled instead of properly filtered
• fixed reworked image name resolution when creating new processes in a sandbox
• fixed regression with HideOtherBoxes=y #1743 #1666

---

This discussion was created from the release Release v1.0.16 / 5.55.16.

[BilleBarrett]

installed update and got this when I started Chrome Version 100.0.4896.60 (Official Build) (64-bit)
|Time| |Message|
08:48:29.813 chrome.exe (14664): SBIE2101 Object name not found: Unnamed object, error OpenProcess (C0000022) access=00001410 initialized=1
Edge Chrome did the same
msedge.exe (19072): SBIE2101 Object name not found: Unnamed object, error OpenProcess (C0000022) access=00001410 initialized=1

[DavidXanatos]

Ok please enable the trace log and look for a $:somethign.exe entry caused by chrome/msedge and tell me that is this somethign.exe chrome/msedge tried to access

[BilleBarrett]

I just got a crash report Remote Desktop Services 517 Miltwood Dr, Greensboro, NC 27455-2709 (336) 988-0891 ***@***.***> ***@***.*** Is your computer up to date and secure “NO” lets talk "Your operating system and Data are only as good as your last backup" Life is not a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming... 'Wow! What a ride!’ From: DavidXanatos ***@***.***> Sent: Saturday, April 2, 2022 9:06 AM To: sandboxie-plus/Sandboxie ***@***.***> Cc: BilleBarrett ***@***.***>; Comment ***@***.***> Subject: Re: [sandboxie-plus/Sandboxie] Release v1.0.16 / 5.55.16 (Discussion #1746) Ok please enable the trace log and look for a $:somethign.exe entry caused by chrome/msedge and tell me that is this somethign.exe chrome/msedge tried to access — Reply to this email directly, view it on GitHub <#1746 (reply in thread)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJ3MQJIRFAYU2FSBXFH72RTVDBA3VANCNFSM5SKSAKEQ> . You are receiving this because you commented. <https://github.com/notifications/beacon/AJ3MQJL63TJLRSSTYGKOG3TVDBA3VA5CNFSM5SKSAKE2YY3PNVWWK3TUL52HS4DFWFCGS43DOVZXG2LPNZBW63LNMVXHJKTDN5WW2ZLOORPWSZGOAATAGEI.gif> Message ID: ***@***.*** ***@***.***> >

[DavidXanatos]

do you have a crash dump?

[isaak654]

@BilleBarrett In case you have a crash dump to share, you need to zip the .dmp file locally and drag the resulting compressed file to a new GitHub message box (or an existing one to edit). For further instructions: working-with-advanced-formatting/attaching-files

[BilleBarrett]

SandMan-v1.0.16 02.04.2022 09-02-29,878.zip

[BilleBarrett]

I have to go back to version 15 as my office is open until Lunch time today

[BilleBarrett]

My computer settings maybe the cause, I totally uninstalled Sandboxie-Plus and dumped the ini file
Then reinstalled the update and it is working :-(

[BilleBarrett]

I installed the updated on one of my other computers and so far, it has not reported errors This may be my computer that is causing the problem Remote Desktop Services 517 Miltwood Dr, Greensboro, NC 27455-2709 (336) 988-0891 ***@***.***> ***@***.*** Is your computer up to date and secure “NO” lets talk "Your operating system and Data are only as good as your last backup" Life is not a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming... 'Wow! What a ride!’ From: DavidXanatos ***@***.***> Sent: Saturday, April 2, 2022 9:06 AM To: sandboxie-plus/Sandboxie ***@***.***> Cc: BilleBarrett ***@***.***>; Comment ***@***.***> Subject: Re: [sandboxie-plus/Sandboxie] Release v1.0.16 / 5.55.16 (Discussion #1746) Ok please enable the trace log and look for a $:somethign.exe entry caused by chrome/msedge and tell me that is this somethign.exe chrome/msedge tried to access — Reply to this email directly, view it on GitHub <#1746 (reply in thread)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJ3MQJIRFAYU2FSBXFH72RTVDBA3VANCNFSM5SKSAKEQ> . You are receiving this because you commented. <https://github.com/notifications/beacon/AJ3MQJL63TJLRSSTYGKOG3TVDBA3VA5CNFSM5SKSAKE2YY3PNVWWK3TUL52HS4DFWFCGS43DOVZXG2LPNZBW63LNMVXHJKTDN5WW2ZLOORPWSZGOAATAGEI.gif> Message ID: ***@***.*** ***@***.***> >

[BilleBarrett]

Not to be sarcastic, but you have to consider your audience when you describe the changes made
I have been using Sandboxie for years, been a Tech for over 55 years, and sometimes it is hard for me to figure out what you updating
This is a fantastic product, I have literally hundreds of my clients on it [thye do some stupid things and Sandboxie has saved their A$$'s]
I will be starting my Sandboxie Seminar for seniors soon and I need to understand some of the new settings
Thank you for your work
Bill e. Barrett