Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Plus 1.3.3] classic net block with UseRuleSpecificity causing SBIE2112 messages in standard isolation box #1955

Closed
RandomGOTI opened this issue Jun 16, 2022 · 15 comments
Closed

[Plus 1.3.3] classic net block with UseRuleSpecificity causing SBIE2112 messages in standard isolation box #1955

RandomGOTI opened this issue Jun 16, 2022 · 15 comments
Labels
Workaround Temporary or alternative solution

Comments

@RandomGOTI
Copy link

What happened?

When using ClosedFilePath=!<InternetAccess>,InternetAccessDevices

SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=0016019F initialized=1
SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=00120089 initialized=1

Other than those two lines appearing in the message log for a few more times the program works if allowed/not blocked by wf

Download link

.

To Reproduce

add ClosedFilePath=!<InternetAccess>,InternetAccessDevices to box
start program that will try to connect to the net
┐(゚~゚)┌

Expected behavior

no SBIE2112

What is your Windows edition and version?

Windows 7 Ultimate SP1 x64

In which Windows account you have this problem?

I use the built-in Administrator account.

Please mention any installed security software

None/WD disabled

What version of Sandboxie are you running?

Plus 1.1.2 x64

Is it a regression?

No response

List of affected browsers

No response

In which sandbox type you have this problem?

In a Standard isolation sandbox (yellow sandbox icon).

Where is the program located?

The program is installed only outside the sandbox.

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response
@RandomGOTI RandomGOTI added the Confirmation Pending Further confirmation is requested label Jun 16, 2022
@DavidXanatos DavidXanatos added Status: Fixed in Next Build Fixed in the next Sandboxie version and removed Confirmation Pending Further confirmation is requested labels Jun 16, 2022
@RandomGOTI RandomGOTI mentioned this issue Jun 16, 2022
Closed
@RandomGOTI
Copy link
Author

RandomGOTI commented Jun 22, 2022
edited
Loading

Can still reproduce it with Plus 1.1.3 x64 , Logs bellow with promt off and without allow ,happens regardles of what settings i use
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=0016019F initialized=1
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=00120089 initialized=1
mpc-hc64.exe (3172): SBIE1307 Program cannot access the Internet due to restrictions - mpc-hc64.exe
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=0016019F initialized=1
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=00120089 initialized=1
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=0016019F initialized=1
mpc-hc64.exe (3172): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=00120089 initialized=1
(...)

@RandomGOTI RandomGOTI changed the title [Plus 1.1.2] SBIE2112 classic net block [Plus 1.1.3] SBIE2112 classic net block Jun 23, 2022
@DavidXanatos
Copy link
Member

I cant reproduce this issue with 1.1.3, how does this behave for others?
does it only happen with mpc-hc64.exe or with others liek firefox as well?

@DavidXanatos DavidXanatos reopened this Jun 26, 2022
@RandomGOTI
Copy link
Author

Happens with any process that asks for internet access

@isaak654 isaak654 added Confirmation Pending Further confirmation is requested and removed Status: Fixed in Next Build Fixed in the next Sandboxie version labels Jun 28, 2022
@RandomGOTI RandomGOTI changed the title [Plus 1.1.3] SBIE2112 classic net block [Plus 1.2.3] SBIE2112 classic net block Jul 14, 2022
@RandomGOTI RandomGOTI changed the title [Plus 1.2.3] SBIE2112 classic net block [Plus 1.2.5] SBIE2112 classic net block Jul 22, 2022
@isaak654
Copy link
Collaborator

add ClosedFilePath=!,InternetAccessDevices to box
start program that will try to connect to the net
┐(゚~゚)┌

I tried to reproduce it with your same OS / MS Edge on Sandboxie Plus v1.2.5, but with no success.

@isaak654 isaak654 added More Info Needed More information is needed to move forward Issue: Can't Reproduce The issue cannot be reproduced internally and removed Confirmation Pending Further confirmation is requested labels Jul 22, 2022
@RandomGOTI
Copy link
Author

RandomGOTI commented Jul 25, 2022
edited
Loading

add ClosedFilePath=!,InternetAccessDevices to box
start program that will try to connect to the net
┐(゚~゚)┌

I tried to reproduce it with your same OS / MS Edge on Sandboxie Plus v1.2.5, but with no success.

Just found out that Tor 11.5 (based on Mozilla Firefox 91.11.0esr) (64-bit) is not working at all with the classic net block but works flawlessly with WFP
even if i add it as allowed , i still get asked to allow the process access when i use PromptForInternetAccess , after spamming yes to allow all the firefox and tor processes it will freeze if i try to connect having the tor process crash

ProcessGroup=<InternetAccess>,tor.exe,firefox.exe
ClosedFilePath=!<InternetAccess>,InternetAccessDevices

For some reason going back to the initial mpc-hc problem if i use allow list like i did upper for tor i am not getting the sbie message anymore , but if its just block all it will show them , that may point to the problem ?

94e9666 going back before this point i remember that after allowing the connection with the promt mpc would start to play right after , now it seems to give the failed to render the file and have to press play , starting the player via playlist with url
Starting the player normally without anything to load will show just as OP , no duplicate messages

@RandomGOTI RandomGOTI changed the title [Plus 1.2.5] SBIE2112 classic net block [Plus 1.2.7] SBIE2112 classic net block Aug 3, 2022
@RandomGOTI
Copy link
Author

RandomGOTI commented Aug 9, 2022
edited
Loading

fixed in 1.3

Update : #2124

@RandomGOTI RandomGOTI reopened this Aug 12, 2022
@RandomGOTI RandomGOTI changed the title [Plus 1.2.7] SBIE2112 classic net block [Plus 1.2.8] SBIE2112 classic net block Aug 12, 2022
@bastik-1001
Copy link
Collaborator

bastik-1001 commented Aug 13, 2022
edited
Loading

I got SBIE2112 randomly today, with 1.2.8b.

SandboxieCrypto.exe (3604): SBIE2112 Objekt ist nicht zugänglich: \Device\Afd\Endpoint, Aufruf CreateFile (C0000022) access=0016019F initialized=1

I have no idea why SandboxieCrypto wants to access the internet.

@DavidXanatos
Copy link
Member

Because it wants to check certificate revocation lists, its normal, and if it wants to do so or not depands on other software running in the box and what it its requesting the sandboxed crypto service to do

@bastik-1001
Copy link
Collaborator

I had not seen the SBIE2112 before and looked it up, where this issue came up. Now SandboxieCrypto.exe gets network access, due to me adding it to the list of allowed processes to access the network.

@RandomGOTI RandomGOTI mentioned this issue Aug 13, 2022
Closed
@isaak654 isaak654 removed More Info Needed More information is needed to move forward Issue: Can't Reproduce The issue cannot be reproduced internally labels Aug 14, 2022
@RandomGOTI
Copy link
Author

RandomGOTI commented Aug 14, 2022
edited
Loading

UseRuleSpecificity=y also is the cause of this issue , added UseRuleSpecificity=n to the test boxes and the message nowhere to be seen

Update Plus 1.3.1 :

New Configs for vid :

Global 
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
Template=RTSS
Template=InternetDownloadManager
Template=7zipShellEx
Box 
Enabled=y
AutoRecover=y
BlockNetworkFiles=y
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
UseRuleSpecificity=y
PromptForInternetAccess=y
Awkward.Silence.Popcorn.Time.mp4

Self Note : next one will be in dark theme if i don't forget... flashbang out

@bastik-1001
Copy link
Collaborator

UseRuleSpecificity=y also is the cause of this issue (...)

This is most likely true, since I applied that setting to a box, which then made SandboxieCrypto.exe ask for network access and producing this message.

@RandomGOTI RandomGOTI mentioned this issue Aug 27, 2022
Closed
@Simba98
Copy link

Simba98 commented Sep 14, 2022
edited
Loading

I have a similar issue on 1.3.2, but only when the UseRuleSpecificity=y or Privacy Enhanced Sandbox (which includes UseRuleSpecificity=y).
And the git version is 2.37.3.windows.1, and installed outside of the sandbox
Use a new and clean default box (The yellow one, standard) and add the following options.
PromptForInternetAccess=y
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices // Auto added by GUI option block by denying access to network services
ClosedFilePath=!<InternetAccess>,InternetAccessDevices // Auto added by GUI option block by denying access to network services
UseRuleSpecificity=y
ProcessGroup=<InternetAccess>,C:\Program Files\Git\

And clone from github.
git-remote-https.exe (9396): SBIE2112 Object is not accessible: \Device\Afd\Endpoint, call CreateFile (C0000022) access=00120089 initialized=1

The git-remote-https is located in C:\Program Files\Git\mingw64\libexec\git-core
For testing,
ProcessGroup=<InternetAccess>,C:\Program Files\Git\ // Won't work
ProcessGroup=<InternetAccess>,*\git-remote-https.exe // Won't work
ProcessGroup=<InternetAccess>,*\git-core\* // Won't work
ProcessGroup=<InternetAccess>,git-remote-https.exe // Will work
ProcessGroup=<InternetAccess>,*git-remote-https.exe // Will work
ProcessGroup=<InternetAccess>,C:\Program Files\Git\mingw64\libexec\git-core\git-remote-https.exe // Won't work, and most confused one
image
Compare with:
ProcessGroup=<InternetAccess>,git-remote-https.exe // Will work
image

And we may consider: #2124 (comment)

@Simba98
Copy link

Simba98 commented Sep 14, 2022

Is it only try to match the exe name git-remote-https.exe?
ProcessGroup=<InternetAccess>,*https* // Works
ProcessGroup=<InternetAccess>,*core* // Won't work, which try to match C:\Program Files\Git\mingw64\libexec\git-core\git-remote-https.exe

@RandomGOTI
Copy link
Author

Another confirmation UseRuleSpecificity is causing the message with classic block

@Simba98 yes , blocking is done with name not paths

@RandomGOTI RandomGOTI changed the title [Plus 1.2.8] SBIE2112 classic net block [Plus 1.3.3] classic net block with UseRuleSpecificity causing SBIE2112 messages in standard isolation box Sep 19, 2022
@RandomGOTI RandomGOTI mentioned this issue Oct 4, 2022
Closed
7 tasks
@RandomGOTI
Copy link
Author

🍝 workarounds available

@RandomGOTI RandomGOTI closed this as not planned Won't fix, can't repro, duplicate, stale Oct 8, 2022
@isaak654 isaak654 added the Workaround Temporary or alternative solution label Oct 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Workaround Temporary or alternative solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bastik-1001 @DavidXanatos @Simba98 @isaak654 @RandomGOTI