0.7.1 SBIE2214 Installer msi #600
Comments
|
I appreciate your continuous contribution here and I think you could be of greater help whether David invites you to test the releases internally (imho). I can reproduce this issue too, for all msi installers with "FakeAdminRights=y" and "DropAdminRights=y" in my sandbox. Another issue is that Sandboxie Plus 0.7.1 doesn't display the follow up message 2220, while in Classic 5.48.5 is correctly displayed and I can use it to disable drop rights (in this case, with a double click):
|
|
What's the issue? It's literally telling you that it's failing to start due to "dropped rights". |
|
It should work for all installers, according to the changelog of the latest version:
|
|
Chrome n' Edge don't like Drop Rights. And ScreenToGif msi doesn't like Drops Rights. |
|
No problem with .exe files here, it's just allergic to .msi installers. |
Yeah, exe feels okay. |
|
Key word is "should". You're playing a compatibility game here, some things won't like a setting, and some are fine with them, you cannot have both an On & Off light switch, either have a hardened sandbox that will more often break compatibility, or a more laxed one without that setting. Or have both for different reasons. |
|
emm... what fails here is that with drop admin rights enabled you cant start services (like MSI installer) in the sandbox at all, With the new setting to (by default) not run services as system the aforementioned behavior can be changed though, i.e. allow service starts when drop rights is off and they are than started with a normal user token. Also note that the problems with elevated processes were since since 3.0x to 4.x or even earlier present, just after fixing like half a dozed Security Vulnerabilities recently that all were caused by allowing to much to elevated processes, I thought screw it sandboxed processes should not have to be elevated in the first place. Hence the new feature and the recommendation. |
|
You need to start leaning more on the side of compatibility, more then security for the default settings. Sandboxie was never meant to be some malware testing tool, its for running legitimate stuff while keeping your system clean, untouched, prevent win-rot, etc. If people want a super-hardened box for malware/shady installers then they can tweak their own settings away from the defaults to do so and then can expect more breakage with software. All IMO of course, what are your thoughts? |
Regarding "default settings". Drop Rights is not default with 0.7.1 DefaultBox. Drop Rights is default with 0.7.1 Hardened box. |
@DavidXanatos Confirming with "FakeAdminRights=y" and "DropAdminRights=n" msi feels okay. |
|
@DavidXanatos So, IDK if "Make applications think" without "Drop rights" is/was intended designed option. |
|
My goal is to really only need the 3 options in the presets menu, but untill everything runs perfectly fine its intended to also be able to use the settings to set a more advanced preset by only checking the emulate admin option without checking the drop rights. |
|
Okay....I hear ya'. Thanks |
DavidXanatos
added
Status: Fixed in Next Build
|
In the next build MSI server will be able to work correctly when DropAdminRights is in place :D |
[https://www.screentogif.com/] Installer msi
ScreenToGif.2.27.3.Setup.zip
The text was updated successfully, but these errors were encountered: