 |
 |  |
|
tzuk
|
|
I don't know what Ruhe pointed out. (This is a long topic and I have to admit I have only read the last few posts.) Version 3.29.14 writes the new settings that we talked about here. It won't auto-upgrade old settings, though, so you'll have to turn off Internet Access restrictions and then turn it back on, to get the new settings.
Again this is a little vague for someone who hasn't read throughout the entire topic.  Are you talking about restricting executable programs? I do see there is too much interest in this feature to leave it for manual Ini editing. So if we're talking about the same thing then I agree. |
|||||||||||||||
|
_________________ tzuk
|
|||||||||||||||||
 |
| |
|
MitchE323
|
|
Precisely.
 Thanx Tzuk! |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
MitchE323
|
|
3.29.14 Works just fine with this, nice. |
|||||||||||||
|
|||||||||||||||
|
| |
|
arran
|
|
HI can some one please help me here. I am trying to make it so as only firefox and admuncher can run in my default box. I edited the config file and tested it by downloading a movie clip and before I recovered the movie clip from sandboxie I was able to run it inside sandboxie, so unfortunatly for me other things besides firefox and admuncher can still run in the sandbox.
Here is how my ini file is what have I done wrong?????? [GlobalSettings] ProcessGroup=<RunAccess_DefaultBox>,admunch.exe,firefox.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe ProcessGroup=<InternetAccess_IExplorer>,fdm.exe,iexplore.exe,admunch.exe ProcessGroup=<InternetAccess_DefaultBox>,admunch.exe,firefox.exe [DefaultBox] ConfigLevel=4 AutoRecover=y AutoRecoverIgnore=.jc! AutoRecoverIgnore=.part RecoverFolder=%Personal% RecoverFolder=%Desktop% LingerProcess=trustedinstaller.exe LingerProcess=wuauclt.exe LingerProcess=devldr32.exe LingerProcess=syncor.exe LingerProcess=jusched.exe LingerProcess=acrord32.exe Enabled=y NeverDelete=n OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\places* OpenFilePath=seamonkey.exe,%AppData%\Mozilla\Profiles\*\bookmark* OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places* OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark* ClosedIpcPath=!<RunAccess_DefaultBox>,* ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip* ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp* ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd* ClosedFilePath=E:\ ClosedFilePath=F:\ ForceProcess=admunch.exe [UserSettings_0C700215] SbieCtrl_UserName=arran SbieCtrl_ShowWelcome=N SbieCtrl_NextUpdateCheck=1555555555 SbieCtrl_UpdateCheckNotify=Y SbieCtrl_HideWindowNotify=N SbieCtrl_WindowLeft=665 SbieCtrl_WindowTop=59 SbieCtrl_WindowWidth=660 SbieCtrl_WindowHeight=425 SbieCtrl_Hidden=N SbieCtrl_ActiveView=40021 SbieCtrl_BoxExpandedView_DefaultBox=Y SbieCtrl_AutoApplySettings=N SbieCtrl_SettingChangeNotify=N SbieCtrl_ColWidthProcName=250 SbieCtrl_ColWidthProcId=70 SbieCtrl_ColWidthProcTitle=310 SbieCtrl_BoxExpandedView_IExplorer=Y SbieCtrl_ReloadConfNotify=N SbieCtrl_EditConfNotify=N [IExplorer] Enabled=y ConfigLevel=4 AutoRecover=y AutoRecoverIgnore=.jc! AutoRecoverIgnore=.part RecoverFolder=%Favorites% RecoverFolder=%Personal% RecoverFolder=%Desktop% LingerProcess=trustedinstaller.exe LingerProcess=wuauclt.exe LingerProcess=devldr32.exe LingerProcess=syncor.exe LingerProcess=jusched.exe LingerProcess=acrord32.exe ForceProcess=iexplore.exe ForceProcess=admunch.exe ForceProcess=fdm.exe NeverDelete=n ClosedFilePath=!<InternetAccess_IExplorer>,\Device\RawIp ClosedFilePath=!<InternetAccess_IExplorer>,\Device\Ip* ClosedFilePath=!<InternetAccess_IExplorer>,\Device\Tcp* ClosedFilePath=!<InternetAccess_IExplorer>,\Device\Afd* |
|||||||||||
|
|||||||||||||
|
| |
|
Oneder
|
|
Add under [DefaultBox]
ClosedIpcPath=!<RunAccess_DefaultBox>,* |
|||||||||||
|
|||||||||||||
|
| |
|
MitchE323
|
|
@Oneder; That line is in there, just a little buried
@arran777; That ini file is basically set up fine. Your problem with the test was one of two things. The movie clip opened as a "Child Process" to your browser or you need to empty the sandbox for the new settings to take effect. I notice you do not have AutoDelete in a line, so I assume you empty the sandbox manually or not at all. The only problem with the ini file is that you have ForceProcess=admunch.exe in two different sandboxes. Sandboxie will accept the one listed first in the ini file so it is ok in the DefaultBox but the ForceProcess line has no meaning in the other sandbox. You can list it in multiple ProcessGroups as you have done. If you are not having a problem with AdMunch in the IE box, maybe it also is opening as a Child Process to IE. I am not familiar with AdMunch. Is there a definitions file for AdMunch? Consider trying it unsandboxed with an openfilepath to that definitions file for updates - then you will be able to delete the sandbox after each session and not lose your AdMunch updates. |
|||||||||||
|
|||||||||||||
|
| |
|
Ruhe
|
|
Hi Mitch, hi tzuk,
I've tried the following (just a part of sandboxie.ini): [GlobalSettings] ProcessGroup=<RunAccess_Sandboxie>,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe ProcessGroup=<RunAccess_sbFirefox>,firefox.exe [sbFirefox] ClosedIpcPath=!<RunAccess_Sandboxie>,* ClosedIpcPath=!<RunAccess_sbFirefox>,* After this it's not possible to start Firefox sandboxed anymore. My intention was to prevent something like this, because of all the redundant Sandboxie entries for each sandbox: [GlobalSettings] ProcessGroup=<RunAccess_Box1>,something1.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe ProcessGroup=<RunAccess_Box2>,something2.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe ProcessGroup=<RunAccess_Box3>,something3.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe Did I miss or misunderstood anything? |
|||||||||||
|
|||||||||||||
|
| |
|
MitchE323
|
|
ClosedIpcPath=!<RunAccess_Sandboxie>,* This line is saying that Firefox can not run in the sbFirefox sandbox; as only sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe can run ClosedIpcPath=!<RunAccess_sbFirefox>,* This line is saying that sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe can not run as only Firefox can run in the sbFirefox sandbox. So, as you have found, it is not going to work.
No you didn't misunderstand anything, it is just the 'workaround' is not possible.
This is the correct way. And then only one ClosedIpcPath=! per sandbox. 
You may find later that some sandboxes do not require the three Sandboxie programs at all. That is Sandboxies' call. The ProcessGroups are only stating what is allowed to run (if called upon) What you are looking for is the ability to form a ProcessGroup into another ProcessGroup but Tzuk may just shut down Feature Requests if we ask for that.
------------------------------------------------------------------------------------- Who knows, maybe it is already possible, if you want to experiment. Example; [GlobalSettings] ProcessGroup=<Sandboxie>,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe ProcessGroup=<RunAccess_sbFirefox>,<Sandboxie>,firefox.exe ProcessGroup=<RunAccess_sbMediaPlayer>,<Sandboxie>,wmplayer.exe ProcessGroup=<RunAccess_sbIExplorer>,<Sandboxie>,iexplore.exe But I have never tested that....... 
------------------------------------------------------------------------------------ Plus, remember Tzuk saying that at some point he will look deeper into all of this, and maybe if it comes to be a part of the GUI then those three Sandboxie programs can be inserted "behind the scenes" within the programing. |
|||||||||||||||||
|
|||||||||||||||||||
|
| |
|
Ruhe
|
|
Thanks for your explanation.
Looks good, but already tried this last night. It does not work either.
That would be very handy - or the above method. |
|||||||||||||||
|
|||||||||||||||||
|
| |
|
Peter2150
|
|
Can we make this thread a sticky??
|
|||||||||||
|
|||||||||||||
|
| |
|
SnDPhoenix
|
|
Haha, you have to ask now Peter out of all the chances we had before?
But yeah, threads like these should be stickied so people can find them. I wanted to sticky the "Xtras" thread, but it got too long and had random unneeded posts, therefore it was too late to sticky it. |
|||||||||||
|
|||||||||||||
|
| |
|
MitchE323
|
|
haha Well of course it would be the UltimateExaltedMysticSupreme accomplishment to become a "Sticky" I have to disagree. These types of threads become history fairly quickly as the ideas are either accepted and utilized or not accepted and discarded. I think stickys should be reserved for "rules of the thread" type stuff. Like
a. state your OS b. state the programs version c. try to describe a way to replicate the problem blah, blah, blah..... |
|||||||||||
|
|||||||||||||
|
| |
|
tzuk
|
|
Sandboxie Control has better configuration now for both Internet Access and a new Start/Run Access. Accessible either through Sandbox Settings -> Restrictions
or through Program Settings. Other than the obvious improvement of not having to manage <ProcessGroups> manually in the Ini file, there are two more benefits: * You can ask to be notified by message (SBIE1307 and SBIE1308) when a program is restricted. * You don't have the burden of having to specify SandboxieRpcss and friends. Programs in the Sandboxie installation folder are immune to Start/Run restrictions. |
|||||||||||
|
|||||||||||||
|
| |
|
SnDPhoenix
|
|
Hooray!!!
The new v3.31.02 beta is awesome! |
|||||||||||||
|
|||||||||||||||
|
| |
|
tzuk
|
|
Thanks SnD !!
|
|||||||||||
|
|||||||||||||
|
 | Control Your Sandbox | |
|
||
Use the RSS feed to watch this topic for replies |
|
|