What I want to achieve isn't anything special I assume but after literally hours upon hours of trial and error, pinpointing the specific settings involved, I gave up and have to ask.
My baseline settings are at the end of the post.
It's just not working when "Force Programs" is active, either via "Program Control" or via "App Templates --> Force Vivaldi" (doesn't matter).
When I open a link (e.g. going in the "Help" or "?" menu in any software and clicking on a go to home page entry) I can see Sandboxie opening a new instance of the vivaldi.exe but the process get's terminated soon after. Nothing is send to the open sandboxed Vivaldi window.
When I disable the force (pun intended), it works.
I am also getting the notification (more on that one later):
Code: Select all
vivaldi.exe (9684): SBIE2321 Cannot manage device map: [C0000034 / 11]
I found one other way to to make it work without removing the force, adding:
Code: Select all
OpenWinClass=*
It's not enough to use OpenWinClass=# but after the error message I mentioned, I got a hunch that the window name is involved somehow.
I searched through Github issues and found a similar question from last year. The answer given was adding
Code: Select all
OpenWinClass=vivaldi.exe,Chrome_MessageWindow
Not for me (when Force Programs is still on).
Furthermore I looked through the (outdated) documentation and found a hint while reading about Open Win Class about using a tool called WinSpy.
Used that and got a slightly different window class name from that, namely Chrome_WidgetWin_1.
I added that and a third one (because trial and error) and had the following three:
Code: Select all
OpenWinClass=Chrome_MessageWindow
OpenWinClass=Chrome_WidgetWin_1
OpenWinClass=Chrome_WidgetWindow
I disabled the force again and noticed the error message again (which I suppressed in the meantime and now re-allowed message SBIE2321): Using OpenWinClass=Chrome_MessageWindow has an effect in the way that the error is gone. I assume it resolves the problem C0000034 / 11.
But still the main problem is still present: How in the world can I have the security of forcing vivaldi.exe into the sandbox as well as opening http and https requests into it (without using OpenWinClass=*)?
Code: Select all
AllowNetworkAccess=!<InternetAccess>,n
AutoRecover=y
BlockNetworkFiles=y
BorderColor=#3939ef,ttl,4
BoxNameTitle=n
ClosedIpcPath=!<StartRunAccess>,*
ClosePrintSpooler=y
ConfigLevel=10
CopyLimitKb=81920
DropAdminRights=y
Enabled=y
ForceProcess=<Vivaldi>
NotifyDirectDiskAccess=y
NotifyNoCopy=y
ProcessGroup=<InternetAccess>,vivaldi.exe
ProcessGroup=<Vivaldi>,vivaldi.exe,update_notifier.exe,SandboxieCrypto.exe,RuntimeBroker.exe
ProcessGroup=<StartRunAccess>,<Vivaldi>
PromptForInternetAccess=y
Template=AutoRecoverIgnore
Template=BlockPorts
Template=FileCopy
Template=LingerPrograms
Template=SkipHook
Template=BlockTelemetry
UseFileDeleteV2=y
UseRegDeleteV2=y