I have a new idea. Those resource and debug logs, they show the names of windows that were accessed by a program running in the sandbox. However the program in the sandbox might create a window with a specific name, and then wait for some other component (like a service outside the sandbox) to access this window. Normally, Sandboxie would manipulate the names of the created window, and this might interfere with the component outside the sandbox, trying to find this window. But when there is a Window Access setting for * or #, Sandboxie no longer manipulates the names. This might explain why these settings make a difference.

So what I'd like you to do is use WinSpy this time on the web browser process in the sandbox, and see if you can identify any windows within this process that look like they might belong to your logitech software. Then, add those names as Window Access settings.

If you will experiment without having * or # in effect, then expect to find window class names that begin with a prefix of " Sandbox:DefaultBox: ". You will need to strip this prefix when you add the window class names to Window Access.

You will probably need to add all the other window names as well. In other words:

OpenWinClass=LOGI_DEVICE_LISTENER
OpenWinClass=KodiakHiddenWndClass
OpenWinClass=KHALHIDC_MainWindow
OpenWinClass=KHALMOU_MainWindow
OpenWinClass=KHALHIDN_MainWindow
OpenWinClass=KHALHIDM_MainWindow
OpenWinClass=KHALUSB_MainWindow
OpenWinClass=KHAHLHPP_MainWindow
OpenWinClass=KHALITouch_MainWindow
OpenWinClass=KHALMouseware_MainWindow
OpenWinClass=KHALMainProcessWindow
OpenWinClass=$:Setpoint.exe
OpenWinClass=$:KHALMNPR.EXE
OpenWinClass=any window class names that you identify within the web browser process

Then restart your web browser under Sandboxie, and check if the class name appears without the Sandbox:DefaultBox: prefix. If the prefix is gone, then the setting was applied correctly, and hopefully things will actually work.

Added all of Maxthon's window classes listed by WindowSpy - nothing.

Used the Finder Tool over the Maxthon website frame and a new class came up: Internet Explorer_Server


I have deleted all other classes and it is working with only this one.

Good work. So I'm going to have Sandboxie look for the registry key,

ReadKeyPath=\REGISTRY\MACHINE\SOFTWARE\Logitech\SetPoint

And in that case, add

OpenWinClass=Internet Explorer_Server

And I hope this will take care of this issue. I'm going to add this auto-detection in the next beta build ( 3.45.10 ), and would appreciate if you could test it.

Thanks.

Will do, and thanks for guiding me through to finding a solution.

Is this compatibility setting going to have any effect on security or is there a scenario where you think it would make a difference?


As you probably already know, but I still want to point it out, this problem isn't exclusive to Maxthon but more to all Internet Explorer shells.

I'm wondering if an underscore is missing between Internet and Explorer
(one of the OpenWinClass entries in the earlier posts,except U's last post, have a blank space).

See here:



Besides, Internet_Explorer_Server does not work.

Thanks for the quick confirm of your original setting. Much appreciated.

From what I read on the net, this window is used by IE to expose a COM object which represents the web page open in the browser.

http://support.microsoft.com/kb/249232

However, sandboxed programs can't get to COM objects outside the sandbox, so the bottom line is that I don't think it is a concern in any real sense.

And certainly, if you don't have IE running outside the sandbox at all, then it's a complete non-issue.



While we're on the subject, how about non-IE browsers, and for that matter, other applications altogether?

The horizontal scrolling is working in all windows I have tested except for programs that make use of the IE engine to display content, which would be when they are using the "Internet Explorer_Server" class.

So unless someone finds a new compatibility issue with special mouse commands in other windows, the problem can be marked as solved.




You were saying that there shouldn't be an issue if no outside IE windows are running. I never run IE itself but as you know, several programs are using its engine. Still nothing to worry about while running Maxthon sandboxed and another unsandboxed instance of an IE window class? This could happen quite often on my computer. I probably should read a little more into the effects of using OpenWinClass as to be honest, I don't fully understand them yet.

Thanks again though for trying to explain.

Let me try to explain it again.

The IE process can offer some services to other programs, like reporting what's in the current web page, and filling forms. To use these services, the other program needs a way to talk to IE. So this "Internet Explorer_Server" window thing has a known name that programs can look for, and so is the starting point to access the services. So a program sends a message to the window, asking how can I use the services, and the window gives back some number. The program takes this number and goes to COM (whatever it is) and says, here, I have this magic number, let me access the services.

The OpenWinClass will let the program in the sandbox find the magic number this way, but the program in the sandbox can't talk to the COM outside the sandbox (whatever it is). It can only talk to the sandboxed COM. And the sandboxed COM will not be able to associate that magic number with the IE outside the sandbox. So the program in the sandbox can't do much with the magic number. This is why I said there is little cause for concern.

I hope that makes some more sense.

I released version 3.45.10, please test the auto-detection feature when you have a chance.

The template was added after installing beta 10. Scrolling also working.


One question about the "Software Compatibility" dialog that pops up when a new software is being detected. How can I see (without comparing the templates.ini) which listed entry is new or modified since the last update? Maybe Sandboxie could remember which templates were existing before upgrading to a newer version and print the new arrivals in bold or something.


And I have Kaspersky Anti-Virus, not Internet Security installed. If the template will do its job for both software how about generalizing its name to avoid confusion? The service by which KAV is being detected is actually the "Kaspersky Anti-Virus NDIS Filter".

Thanks.

Re Software Compatibility, it never occurred to me that it might be interesting to know what software was already there.

Re Kaspersky, I think originally I aimed for detetion of just the IS suite, not the AV. In any case I will change the name of the template to - Kaspersky Anti-Virus/Internet Security.

In version 3.45.11 I added a new (mostly for internal use) NoRenameWinClass setting, which provides the functionality of OpenWinClass that is needed here, but without any adverse effects to security.