Green boxes are not as compatible as Yellow boxes

[JPersson77]

Describe what you noticed and did

I've been using sandboxie's standard sandboxes for a long time to run apps and games and it's mostly worked well (owned a lifetime license when Tzuk was running the project back in the days). I've recently noticed however that performance is affected by running sandboxed. I don't think it's a new issue I just never cared til now. It does not necessarily affect perceived real world performance but I've seen upwards of 40-50% performance regression (defined as average, max and min fps) in benchmarks and games in a standard sandbox vs unsandboxed. Some quick benchmarks yesterday confirmed what I read elsewhere that the green boxes, with reduced isolation, is more efficient in this regard. I could mostly not see any difference in performance of a green box versus an unsandboxed process in my limited testing.

So today I decided to take the plunge and buy a supporter certificate to get access to the green boxes, but now I'm starting to realise that maybe they are not really working as I expected. Keywords "as I expected".

My expectation was that the green boxes would simply keep the compartmentalization of files and registry bits and discard "the rest" and therefore be more compatible (defined as - the sandboxed process should be at minimum functionally equivalent to running in a yellow sandbox, not counting security/privacy) as the yellow boxes - but faster. Essentially this does not seem to be the case as the green boxes seem to be less compatible/functional.

F.e the simple switch from a yellow to green sandbox prevented keyboard, mouse and controller input in a game (not been able to fix this without switching back to a yellow box). I also tried reinstalling into an empty green box but to no avail. In another yellow sandbox I had opened IPC/Pipes/Window classes to allow nVIDIA RTX HDR to do its magic, but this does not work in a green box (not been able to fix this either).

On the upside, Cubase seems snappier though running in a green sandbox so that is great! That is not to say it is not without its issues, but at least I have the same issue in a green box as in a yellow. (My main issue with running cubase sandboxed is that a plugin/VST (rayzoon jamstix) will not load properly in a sandbox while it loads fine outside a sandbox)

I can understand that the green boxes are a work in progress, but I am curious if there are plans to further improve on the green boxes improve compatibility? As a developer I can definitely understand that this is complex software and changes like the implementation of compartmentalization will bring unforeseen consequences.

Btw, my personal use case with sandboxie has always been compartmentalization and less about security so I'm looking forward to this working properly. Don't want my system cluttered with orphaned files.

Thanks for reading! Keeping my fingers are crossed that future updates will resolve some of my issues. Thanks for any help! :)

How often did you encounter it so far?

Not relevant

Expected behavior

I'd expect that the green box (compartmentalized), which is supposed to be a more compatible version of the yellow box, actually is at least as compatible as the yellow box. That things which work fine when running unsandboxed, or in a standard yellow box also works equally well in a green box since the green box, security-wise, fits right inbetween.

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

The program is installed both inside and outside the sandbox.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

Not relevant

What version of Sandboxie are you running now?

1.13. (same behaviour in last stable 1.12.9 as well)

Is it a new installation of Sandboxie?

I just updated Sandboxie from a previous version (I remember which one it is).

Is it a regression from previous versions?

I don't know

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Win11 22H2, build 22631.3227

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

MS Defender

Did you previously enable some security policy settings outside Sandboxie?

I've disabled smart app control, core isolation

Trace log

Not relevant

Sandboxie.ini configuration

sandbox config follows. This is the box where a fullscreen app does not receive mouse, kb, controller input. 

Enabled=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00fd00,ttl,6
Template=RpcPortBindingsExt
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
FileRootPath=D:\Sandbox\%USER%\%SANDBOX%
UseFileDeleteV2=y
UseRegDeleteV2=y
AllowNetworkAccess=!<InternetAccess>,n
NoSecurityIsolation=y

[kokofixcomputers]

Yeah, there is a lot of problems already reported with green boxes, Which if you brought a certificate only just wanted to use the green box then you lose money, there are reports on games and a lot more

[JPersson77]

Thanks! Well I don't mind supporting a fellow developer, but fingers crossed for positive development wrt the green boxes

[DavidXanatos]

In my experience most things work better in a green box, but yes some edge cases seam to fail not sure why. If you provide a step by step guide to reproduce one of the issues I can look into locating which part of the mechanism is causing it.

[JPersson77]

Hi David, thanks for your reply.

Sure see below.

Here are a few things that seem to work at least as well in a green box as in a yellow: Cubase 12 and 13 (stationary and laptop - usb dongle worked fine as well as the new licensing. Green box is faster) Heaven benchmark (stationary. Green box is faster) Superposition benchmark (stationary. Green box is faster) Desperados 3 (laptop) Baldur's gate 3 (laptop) Yuzu

Here are a few things that work in a yellow box (and unsandboxed), but not in a green, Trepang2 (stationary pc - installed in sandbox - game throws an exception at start) Trine 5 (stationary pc - installed in sandbox - game throws an exception at start) Cyberpunk 77 (stationary pc - installed in sandbox - game fails to recognise controller and keyboard input) Horizon zero dawn (stationary pc - installed in sandbox - game throws an exception at start)

Games are GOG. I wonder if this may be related to having an nVidia card? In my stationary PC I have a RTX 4000-series while my laptop has an AMD IGPU. It may well be a coincidence but things seem to work better on the AMD laptop from my limited testing. Please also see my other post about things not working kosher with regards to nvidia overlay as it may be related. I need to test more...

[kokofixcomputers]

I wonder if this may be related to having an nVidia card?

Possible, i have no idea why, maybe because that they have some sort of configuration that it generated but green boxes that them access it and does not work and yellow box does not let them access it so it will have to generate a one that fits, (something like that) oh and by the way i am so bad at understanding sandboxie and how it works so I'm most likely wrong

[DavidXanatos]

Ok I see, I have Cyberpunk 77 and Horizon zero dawn so I'll test them in a green box although i think to remember testing CP2077 not to long ago with no issues, I have a Nvidia GPU