Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[0.9.8b] incorrect "No INet" status for "Allow access" | Internet restrictions feedback #1312

Closed
Coverlin opened this issue Oct 19, 2021 · 4 comments
Closed

[0.9.8b] incorrect "No INet" status for "Allow access" | Internet restrictions feedback #1312

Coverlin opened this issue Oct 19, 2021 · 4 comments
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version

Comments

@Coverlin
Copy link

Describe the bug
Opening the Internet restrictions tab in sandman will write ClosedFilePath=<BlockNetDevices>,InternetAccessDevices if the user presses ok/apply when default option Allow access is set for unlisted

To Reproduce
Steps to reproduce the behavior:

  1. Right click any sandbox
  2. Go to Sandbox options

(or just double click a sandbox to skip the above)

  1. Click on Internet Restrictions Tab
  2. Click OK/Apply or change tab and then apply settings

System details and installed software

  • What is your Windows edition and version? (e.g. Windows 10 Pro 20H2 64-bit) w7 64
  • What is your current Sandboxie edition and version? (e.g. Sandboxie Plus 0.9.6 64-bit) 0.9.8b
  • What was your previous Sandboxie version before the update, if any? 0.9.8
@DavidXanatos
Copy link
Member

Whats wrong about that?
the line is there in case some processes gets added to the BlockNetDevices group.

@Coverlin Coverlin changed the title [0.9.8b] incorrect "No INet" status for "Allow access" [0.9.8b] incorrect "No INet" status for "Allow access" | Internet restrictions feedback Oct 20, 2021
@Coverlin
Copy link
Author

Sorry forgot to mention the important piece of info : The list was empty and the specified group is not used , as things are, users may even end up with all boxes with No Inet status if they click Internet restrictions tab and apply "unset" setttings

TL:DR If's version

  • If the list/processgroup is empty and Allow unlisted is used , the box status should not be No Inet
  • if Network Restrictions (NetworkAccess) option is used to block all or defined programs box status should be No Inet

Long Version

image a and b are added to Process Restrictions tab , neither are used since they are in a different group than BlockNetDevices
A. Without the experimental WFP enabled :

  1. Set to Allow Access for unlisted
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ProcessGroup=<InternetAccess>,a.exe,b.exe
*Missing the ClosedFilePath=<InternetAccess>,InternetAccessDevices to work as a block list*
  1. Set to Block with Netwrok device (classic) for unlisted
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ProcessGroup=<InternetAccess>,a.exe,b.exe
*Now that process group thats listed becomes an allow list*

B. With the experimental WFP enabled :

  1. Set to Allow Access for unlisted
ProcessGroup=<InternetAccess>,a.exe,b.exe
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
  1. Set to Block with WFP for unlisted
ProcessGroup=<InternetAccess>,a.exe,b.exe
AllowNetworkAccess=!<InternetAccess>,n
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
  1. Network Restrictions tab
    It worn't change status to No INet if : NetworkAccess=Block or NetworkAccess=someapp.exe,Block;Protocol=Any is used
    Or Block everything except defined (whitelist/allow list)
NetworkAccess=Block 
NetworkAccess=someapp.exe,Allow

@DavidXanatos
Copy link
Member

DavidXanatos commented Oct 20, 2021
edited
Loading

I think there is some miss conception about how that list works
grafik

As you see here you can set in the allow column what to do with the processes.

Each of the 3 entries here has a different Allow value and hence ends up in a different group

ProcessGroup=<BlockNetAccess>,789.exe
ProcessGroup=<BlockNetDevices>,456.exe
ProcessGroup=<InternetAccess>,123.exe

the 3 different values in the drop down set the following presets
Allow:

AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

Block WFP:

AllowNetworkAccess=!<InternetAccess>,n
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

Block:

AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

So as far as I see it there everythign works fine.

What does not work fine is the Status column in the main window, that is indeed showing a wrong "No Inet" status in for certain configurations.
I'll fix that asap.

@DavidXanatos DavidXanatos added the Status: Fixed in Next Build Fixed in the next Sandboxie version label Oct 20, 2021
@Coverlin
Copy link
Author

Well thats embarrassing to say , i have never seen the access column before this and i never have reset my Sandboxie-Plus.ini
I am changing screen resolutions frequently and if it happens to run sandman when i am at a highter resolution than the one i normally use, the window size , positions , columns are altered that may explain why i haven't got to see the access column before this; I honestly though the Name column was just streched way off view and not used the bottom scrollbar
Yes that was not fully accurate, now with the column revelation i see i was wrong about the related groups

Thanks for clearing that up ! :D

Spoiler not to have another wall of tex... something (sorry darkmode users for the first image)

A version pre 0.9.x , for exaple 0.8.7 :
untitled3
And my 0.9.8b until just now
untitled
After seeing the image with the column
untitled2
Oh hey surprise

@offhub offhub mentioned this issue Mar 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidXanatos @Coverlin