Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.4.2] [W11 22H2] Most programs can't be opened in the hardened sandboxes #2341

Closed
isaak654 opened this issue Oct 12, 2022 · 9 comments
Closed

[1.4.2] [W11 22H2] Most programs can't be opened in the hardened sandboxes #2341

isaak654 opened this issue Oct 12, 2022 · 9 comments
Labels
Issue: Reproduced Issue reproduced without uncertainties RePosted Originally shared by another user Status: Fixed in Next Build Fixed in the next Sandboxie version Win 11 Windows 11 issues Workaround Temporary or alternative solution

Comments

@isaak654
Copy link
Collaborator

isaak654 commented Oct 12, 2022
edited
Loading

Originally reported in #2287 (reply in thread)

Thanks to the reply above, I was able to reproduce an error with Windows 11 22H2 x64 (22621.674) inside the hardened sandboxes: it seems it is related to a hook named PowerSettingRegisterNotification that can't be run:

PowerSettingRegisterNotification_hook

Standard sandboxes + W11 22H2 = unaffected
Hardened sandboxes with data protection + W11 22H2 = affected
Security Hardened sandboxes + W11 22H2 = affected
@isaak654 isaak654 added the Win 11 Windows 11 issues label Oct 12, 2022
@okrc
Copy link
Contributor

okrc commented Oct 12, 2022

Correction, it seems that most software cannot be opened.

@isaak654 isaak654 changed the title [1.4.2] [W11 22H2] MS Edge can't be opened in a new Security hardened sandbox [1.4.2] [W11 22H2] Most programs can't be opened in a new Security hardened sandbox Oct 12, 2022
@isaak654 isaak654 added the Issue: Reproduced Issue reproduced without uncertainties label Oct 12, 2022
@isaak654 isaak654 changed the title [1.4.2] [W11 22H2] Most programs can't be opened in a new Security hardened sandbox [1.4.2] [W11 22H2] Most programs can't be opened in the hardened sandboxes Oct 12, 2022
@isaak654 isaak654 mentioned this issue Oct 15, 2022
Closed
2 tasks
@isaak654 isaak654 added the Help Wanted Extra help is needed label Oct 20, 2022
This was referenced Oct 20, 2022
Closed
Closed
@isaak654
Copy link
Collaborator Author

isaak654 commented Oct 24, 2022
edited
Loading

Workaround:
Security_options

Also, I see a connection with #2278

PowerSettingRegisterNotification lines in the source code:
https://github.com/sandboxie-plus/Sandboxie/search?q=PowerSettingRegisterNotification

@isaak654 isaak654 added the Workaround Temporary or alternative solution label Oct 24, 2022
@DavidXanatos
Copy link
Member

on my win 11 test VM insider dev channel orange boxes work just fine, strange...
how can i reproduce this issue?

@isaak654
Copy link
Collaborator Author

I'm on the stable branch of Windows 11 22H2 x64 - fresh Windows installation without third-party apps or tweaks involved.
Opening MS Edge or Windows Explorer as sandboxed is enough to reproduce it.

@isaak654
Copy link
Collaborator Author

As far as I know, there is a security feature that can only be used on new Windows 11 installations: Smart App Control

In the system in question, it is currently set to evaluation mode:
Smart_App_Control

@DavidXanatos
Copy link
Member

So when you disable this smart app controll sandboxie works fine?

@isaak654
Copy link
Collaborator Author

I'm not encouraged to disable it, because that would be a permanent change that could only be reversed with a new Windows 11 reinstallation... Microsoft is actually discouraging it with such bold claims.

@DavidXanatos DavidXanatos added the Status: Fixed in Next Build Fixed in the next Sandboxie version label Oct 29, 2022
@DavidXanatos
Copy link
Member

Fix for the general sandboxie operation:
NormalFilePath=\Device\SrpDevice

@isaak654 isaak654 removed the Help Wanted Extra help is needed label Oct 29, 2022
@DavidXanatos
Copy link
Member

I'm not encouraged to disable it, because that would be a permanent change that could only be reversed with a new Windows 11 reinstallation... Microsoft is actually discouraging it with such bold claims.

For testing I have created a clean fresh Win 11 VM and set this Smart App Control to activated.
The result:

  1. You can not install sandboxie, or as far as I see it install anything that uses Inno Setup, as it creates a unsigned binary in the temp folder and SAC does not allow that to run.
  2. You can just paste an unpacked signed sandboxie installation and it will work with SAC not just in evaluation but activated
  3. When SAC fully is activated sandboxed edge crashes complaining that it can not load SbieDll.dll that will need to be fixed if possible, but given that other processes start its probably som parameter when creating edges worker processes which we can kill being injected in the main process

@isaak654 isaak654 mentioned this issue Oct 29, 2022
Open
@isaak654 isaak654 mentioned this issue Nov 6, 2022
Closed
@isaak654 isaak654 added the RePosted Originally shared by another user label Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue: Reproduced Issue reproduced without uncertainties RePosted Originally shared by another user Status: Fixed in Next Build Fixed in the next Sandboxie version Win 11 Windows 11 issues Workaround Temporary or alternative solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DavidXanatos @isaak654 @okrc