Hello everyone!
First of all, I would like to thank the developer for a wonderful and very useful software. It almost solved my problem, just a little bit left
The problem is that during tests, the program is launched only in one instance in one of any 3 same sandboxes. If the copy in the sandbox is already running, the copy in the other sandbox tries to start, fails. In the logs remains:
04:27:28.672 Start.exe (3556): SBIE2101 AlpcConnectPort (C0000022) access=001F0001 initialized=1
04:28:38.728 Start.exe (3772): SBIE2101 AlpcConnectPort (C0000022) access=001F0001 initialized=1
04:29:06.137 Start.exe (3924): SBIE2101 AlpcConnectPort (C0000022) access=001F0001 initialized=1
The program allows you to run 2 copies: one in the sandbox and on a computer without a sandbox.
I tried to set the settings to hide processes from other sandboxes in the advanced settings on all three sandboxes, but it did not help.
This is a 32 bit program (I guess, dont know exactly. But in the Task manager it has *32 mark, so I suggest it is) that runs on Windows 7 64 bit in 64 bit Sandbox Plus. When running outside of sandboxes, when trying to start a new copy, the program opens its own new window (it has such an option), but it is always one process. I need multiple processes of this program.
Also, the program in the course of work writes a little to the registry and creates a couple of files. There are no problems with this, separately in different sandboxes these parts work normally.
Other software in these sandboxes works fine.
The same weird stuff hapening on 32 win10 PC .
Both win7 and win10 are VMware machines. but all other programs works well from sandboxes in this enviroment.
Can you please tell me how I can run several copies of such a capricious process in neighboring sandboxes?
Many thanks!
Only one copy of program can run
- DavidXanatos
- Posts: 340
- Joined: Fri Mar 19, 2021 11:26 am
Re: Only one copy of program can run
hmm... what program is it?
I assume you have not configured any open paths int he access control options?
Seams strange that you can run one out of the box one inside one box but then non in an otehr box :/
Have you set any custom IpcRoot Path or alike in your sandboxie.ini?
I assume you have not configured any open paths int he access control options?
Seams strange that you can run one out of the box one inside one box but then non in an otehr box :/
Have you set any custom IpcRoot Path or alike in your sandboxie.ini?
Re: Only one copy of program can run
Hi David!
no, I didnt add any IpcRoot Path manually, just tried add or disable some options in GUI
Thats a little cleared ini file (before send this I tried box3 with all "Template=" options removed from ini, so they are missing in that part)
//Didnt find "spoiler" BBcode here, sorry...
no, I didnt add any IpcRoot Path manually, just tried add or disable some options in GUI
Thats a little cleared ini file (before send this I tried box3 with all "Template=" options removed from ini, so they are missing in that part)
//Didnt find "spoiler" BBcode here, sorry...
Code: Select all
#
# Sandboxie-Plus configuration file
#
[GlobalSettings]
Template=WindowsRasMan
[DefaultBox]
ConfigLevel=9
BlockNetworkFiles=y
Template=OpenSmartCard
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl,6
Enabled=y
[UserSettings_087401AF]
SbieCtrl_UserName=ivan
SbieCtrl_NextUpdateCheck=-1
SbieCtrl_WindowCoords=291,55,1236,543
SbieCtrl_ActiveView=40021
SbieCtrl_AutoApplySettings=n
SbieCtrl_ProcessViewColumnWidths=250,70,300
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_BoxExpandedView=1111,box1,box2,box3,DefaultBox
SbieCtrl_AutoStartAgent=SandMan.exe
[1111]
Enabled=y
ConfigLevel=9
BlockNetworkFiles=y
Template=Super_Socks5Cap
Template=HmaProVpn
Template=HideMyIp
Template=EasyHideIp
Template=Proxifier
Template=VPNTunnel
Template=OpenSmartCard
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl,6
OpenIpcPath=protonvpn.exe,base filter engine
[box1]
Enabled=y
ConfigLevel=9
BlockNetworkFiles=y
Template=OpenSmartCard
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl,6
DropAdminRights=y
HideOtherBoxes=y
HideHostProcess=OmHookWnd
HideHostProcess=C:\temp\data\program.exe
IpcTrace=*
UseSbieWndStation=y
RunServicesAsSystem=y
ClosedIpcPath=program.exe,\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
OpenWinClass=!program.exe,
[box2]
Enabled=y
ConfigLevel=9
Template=OpenSmartCard
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
DropAdminRights=y
FakeAdminRights=y
BoxNameTitle=n
OpenClipboard=n
CopyLimitKb=81920
HideOtherBoxes=y
HideHostProcess=C:\temp\data\program.exe
HideHostProcess=program.exe
CallTrace=*
FileTrace=*
PipeTrace=*
KeyTrace=*
IpcTrace=*
GuiTrace=*
ClsidTrace=*
NetFwTrace=*
DebugTrace=y
ErrorTrace=y
InjectDll=\LogAPI\logapi32.dll
InjectDll64=\LogAPI\logapi64.dll
[box3]
Enabled=y
ConfigLevel=9
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl,6
CallTrace=*
IpcTrace=*
UseSbieWndStation=y
RunServicesAsSystem=y
HideOtherBoxes=y
HideHostProcess=C:\temp\data\program.exe
HideHostProcess=OmHookWnd
[box4]
Enabled=y
AutoRecover=n
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
ConfigLevel=9
UsePrivacyMode=n
Re: Only one copy of program can run
I found out that the program seems to be using some mechanism (maybe mutexes or semaphores) to keep track of the number of copies running.
If you first run the program on the host system, the program will not start in the sandbox.
If you run a program in a sandbox, you cannot run a new copy in another sandbox.
But it is possible to run one copy on the host system.
I absolutely do not understand what IPС's have to forbid to get normal isolation.
Can someone advise?
If you first run the program on the host system, the program will not start in the sandbox.
If you run a program in a sandbox, you cannot run a new copy in another sandbox.
But it is possible to run one copy on the host system.
I absolutely do not understand what IPС's have to forbid to get normal isolation.
Can someone advise?
Re: Only one copy of program can run
it shows the same behaviour even with UsePrivacyMode=y option in choosen sandboxes or on global level.
So, the isolaion of sandboxie is not quite enouh. Have anybody seen something like that before in sandboxie?
Even bunch of IPC path restrictions, which this program using did not help:
So, the isolaion of sandboxie is not quite enouh. Have anybody seen something like that before in sandboxie?
Even bunch of IPC path restrictions, which this program using did not help:
Code: Select all
UsePrivacyMode=y
ClosedIpcPath=\Sessions\*\BaseNamedObjects\windows_shell_global_counters
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_*
ClosedIpcPath=\Sessions\*\BaseNamedObjects\Global\__ComCatalogCache__
// ClosedIpcPath=\RPC Control\SbieSvcPort (if allow this program cant start)
ClosedIpcPath=\Sessions\*\BaseNamedObjects\*SboxSession*
ClosedIpcPath=\Sessions\*\BaseNamedObjects\DBWinMutex
ClosedIpcPath=\RPC Control\epmapper
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch
ClosedIpcPath=\BaseNamedObjects\windows_shell_global_counters
ClosedIpcPath=\Sessions\*\BaseNamedObjects\Global\windows_shell_global_counters
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_DummyEvent_*
ClosedIpcPath=\Sessions\*\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch
ClosedIpcPath=\ThemeApiPort
ClosedIpcPath=\KernelObjects\MaximumCommitCondition
ClosedIpcPath=\ThemeApiPort
ClosedIpcPath=\RPC Control\lsapolicylookup
- DavidXanatos
- Posts: 340
- Joined: Fri Mar 19, 2021 11:26 am
Re: Only one copy of program can run
I had time to take a look, its really strange I'll have to investigate that further...
Re: Only one copy of program can run
I think that some kind of global variable space is used here, or something like that, which has its own Sandboxie and differs from that of the host system. But for all sandboxes, it is also common, and the program manages to carry out its check in neighboring sandboxes too