New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypted confidential box with red box preset blocks box access to its own root directories #3475
Comments
This fixes the "The system cannot find the file" error, but this time it gives an "Access is denied" error when root protection is enabled. create and mount encrypted box with root protection:
from sandboxed cmd:
Result: |
wow that one was fun 3 bugs breaking this use case all at once |
Will these be fixed in a new version? or a hotfix? |
will be fixed in 1.12.4 |
Few days? Or week+ you think? |
very soon, may be before the end of the weekend |
[1.2.5] "The system cannot find the file" problem is back.
|
the fix in 1.12.5 is broken when FileRootPath is not set and the default value is used by the driver, setting FileRootPath to the default value fixed the issue, as a workaround |
After I added the FileRootPath, I tried it again and this time I get a different error message.
Result:via sandboxed cmd: The current directory is invalid. CMD:
Explorer: (Windows 11 only)
|
hmm... strange i cant reproduce these, please try the attached sbiedll.dll do you still get those errors with it? |
What's the default value of FileRootPath that will make this work? Mine is set to the active box directory. |
any value should work the issue was that when its nto set at all the driver picks a default but the dll reads an empty string from the config. |
I left the FileRootPath set to the default it generated when I started the program for the first time, but I'm still getting the same error. I made another demo showing my box and it's settings if you have a minute, I just wanna know if I'm doing something wrong. https://www.youtube.com/watch?v=dDrTotrsJqU |
@DavidXanatos Can you try with black + red box
sbie3475brb01.mp4 |
seams UsePrivacyMode=y seams to break it working on it |
Does the latest (731a579) CI build include this fix? Because when I tried it with it, I got the same error. |
that one you linked was not complete, this one should work: 8d82b43 |
It's fixed in Windows 11, but I'm still getting the same error in Windows 10. |
this is very strange I was debugging it on windows 10, |
I tried again after resetting the virtual machine (with 8d82b43) and it works now. However, if you try to run an application located in the sandbox folder from the sandboxed Windows Explorer, you will get an error. (Windows cannot find ...) [Windows 10 and 11]
Also, some applications use the sandbox path as the target/image path when running from the sandbox. (e.g. Firefox.exe, FirefoxPortable_121.0_English.paf) |
@offhub i would like to release the build soon could you please verify if this fix works for you as well |
I could verify it for you if thats ok with you |
sure just grab the latest CI build, don't forget to enable test signing on your system, and you can test https://github.com/sandboxie-plus/Sandboxie/actions/runs/7298502176 |
Confirmed. Thank you for being so attentive with the recent bugs 👍 Just to be sure, is this expected behavior? Still works, just this error each time I click browse. Is it because explorer.exe is trying to access the sandbox when its protected? |
Perhaps |
I haven't had time to test it extensively, but it seems to be fixed. |
What does NormalFilePath do? |
1.12.6 is out can we close this |
The main problem seems to be solved, but there seems to be a problem caused by the use of OpenFilePath. |
that one is now solved to with the latest CI build so I'll close this |
Describe what you noticed and did
I'm trying to create an encrypted confidential box via imdisk with the "Hardened Security With Data Protection" red preset.
With these presets, I cannot launch anything, even from inside the box.
The installer is at this directory, and spoofed admin rights are on. I've also tried installing the program without the hardened box without any issues and even just trying to run Firefox after its already installed, still produces this error if red box is on.
How often did you encounter it so far?
Whenever Security Hardened with Data protection is on
Affected program
Any
Download link
N/A
Where is the program located?
I tried to install it only inside a sandbox, but I wasn't able to achieve it.
Expected behavior
Create Confidential Encrypted box and under box settings select "Security Hardened Box with Data Protection" red preset.
Mount Encrypted Box with "protect box root" temporarily disabled.
Move Firefox installer into
C:\Program Files
directory of encrypted confidential box (Sandbox\%Sandbox%\drive\C\Program Files
under context outside box)Run installer via sandbox run prompt, this time with root protection enabled, and invoke the isntaller via it's path
C:\Program Files\FirefoxPortable_120.0.1_English.paf.exe
My intention is to install the browser within the sandbox, and block the host from reading or writing in and block the sandbox from reading or writing outside the box.
What is your Windows edition and version?
Windows 10 22H2
In which Windows account you have this problem?
A local account (Administrator).
Please mention any installed security software
Windows Security
What version of Sandboxie are you running?
1.12.3
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression?
N/A
In which sandbox type you have this problem?
In an encrypted sandbox (black sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
Did you previously enable some security policy settings outside Sandboxie?
I do have TPM Virtualization-Based Security with Memory Integrity enabled and running on my system, but I tried disabling them both and I still encounter the same problem.
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration
The text was updated successfully, but these errors were encountered: