Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discrepancy in network options between advanced setup and settings #2746

Closed
hippalectryon-0 opened this issue Mar 13, 2023 · 5 comments
Closed

Discrepancy in network options between advanced setup and settings #2746

hippalectryon-0 opened this issue Mar 13, 2023 · 5 comments
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version

Comments

@hippalectryon-0
Copy link
Contributor

Describe what you noticed and did

When creating a new sandbox and checking "Configure advanced options", one can set "Network access" to "Block using WFP" or "deny access".

When doing so, the configuration is different than when setting those exact same options in the settings panel.

.ini with WFP from settings:

AllowNetworkAccess=!<InternetAccess>,n
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

.ini with WFP from new sandbox > configure advanced options

ClosedFilePath=!<InternetAccess>,InternetAccessDevices
AllowNetworkAccess=<BlockNetAccess>,n

.ini with denying access from settings:

AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

.ini with denying access from new sandbox > configure advanced options

AllowNetworkAccess=!<InternetAccess>,n

How often did you encounter it so far?

Everytime

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Expected behavior

Both methods should yield the same configuration

What is your Windows edition and version?

Windows 10

In which Windows account you have this problem?

Not relevant to my request.

Please mention any installed security software

Not relevant

What version of Sandboxie are you running?

Plus 1.8.0

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response
@hippalectryon-0 hippalectryon-0 added the Confirmation Pending Further confirmation is requested label Mar 13, 2023
@DavidXanatos DavidXanatos added the Status: Already Fixed Already fixed at some point label Mar 13, 2023
@DavidXanatos
Copy link
Member

already fixed: #2729

@hippalectryon-0
Copy link
Contributor Author

This issue is not fixed in 1.8.1

Here's the updated .ini:

.ini with WFP from settings:

AllowNetworkAccess=!<InternetAccess>,n
AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

.ini with WFP from new sandbox > configure advanced options

AllowNetworkAccess=!<InternetAccess>,n

.ini with denying access from settings:

AllowNetworkAccess=<BlockNetAccess>,n
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices

.ini with denying access from new sandbox > configure advanced options

ClosedFilePath=!<InternetAccess>,InternetAccessDevices

@isaak654 isaak654 reopened this Mar 23, 2023
@isaak654 isaak654 removed the Status: Already Fixed Already fixed at some point label Mar 23, 2023
@DavidXanatos
Copy link
Member

in fact the single lines are enough to achieve what was set out to do.
At this stage of box existence there will be no entries in BlockNetAccess or BlockNetDevices groups,
only the lines which apply to all programs not in the permitted group are relevant.
Once the user opens the config and adds entries to the two Block groups the needed additional access directives will be added.

@isaak654
Copy link
Collaborator

I would tend to agree with the OP, the additional lines should be cleaned correctly the same moment you return to the default "untouched" network options in Sandbox Settings.

@DavidXanatos
Copy link
Member

I will fix that for 1.8.5 or later

@isaak654 isaak654 added Status: Fixed in Next Build Fixed in the next Sandboxie version and removed Confirmation Pending Further confirmation is requested labels Apr 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Fixed in Next Build Fixed in the next Sandboxie version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DavidXanatos @hippalectryon-0 @isaak654