Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Isolation enhancement] Block elevated processes from uninstalling devices #552

Closed
hg421 opened this issue Feb 12, 2021 · 0 comments
Closed

[Isolation enhancement] Block elevated processes from uninstalling devices #552

hg421 opened this issue Feb 12, 2021 · 0 comments
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version

Comments

@hg421
Copy link
Contributor

hg421 commented Feb 12, 2021

It is possible to run the windows device manager (devmgmt.msc) inside a sandbox (by starting it from an elevated command prompt).

This allows the user to view installed devices, and also provides an "uninstall" option:
screen
However, it looks like the uninstall operation is also possible from inside the sandbox and really removes the device from the system (e.g. removing the audio device disables any audio output, etc.)

It is my understanding that sandboxed processes should generally not be able to make any changes affecting the whole system (and that persist after deleting the box),
so is there any way to block this ability?
@DavidXanatos DavidXanatos added the ToDo To be done label Feb 12, 2021
@bastik-1001 bastik-1001 mentioned this issue Feb 13, 2021
Closed
@DavidXanatos DavidXanatos added Status: Fixed in Next Build Fixed in the next Sandboxie version and removed ToDo To be done labels Feb 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidXanatos @hg421