Open 1mm0rt41PC opened 2 weeks ago
The BreakoutDocument
feature is not yet publicly available. https://github.com/sandboxie-plus/Sandboxie/issues/2741#issuecomment-1509833321
After a test of the Insider Builds: Version; 1.15.0 Driver version: 5.68.3 Feature: WFP,ObCB,SbL,SMod,AppC,W32k Install: Sandboxie-Plus-Mar-16-2024.exe
I'm still unable to correctly use BreakoutDocument
.
Expected:
If ForceFolder/ForceProcess is in place BreakoutDocument should bypass the previous commands to run the process outside of the sandbox.
Example:
[EvilProcess]
Enabled=y
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
ForceProcess=powershell.exe
ForceProcess=cmd.exe
ForceFolder=C:\Users
BreakoutDocument=C:\Users\Administrator\Downloads\*.docx
BreakoutDocument=C:\Users\Administrator\Downloads\*.txt
BreakoutProcess=notepad.exe
ClosedIpcPath=<StartRunAccess>,*
NotifyStartRunAccessDenied=n
What I expect from this config:
C:\Users\Administrator\Downloads\sample.txt
=> Open notepad (or other tool associated) OUTSIDE of the sandboxMy goal avoid a user to run evil binaries
ForceFolder=C:\Users
)ForceFolder
Since the ForceFolder
setting takes precedence over other settings, it does not seem possible to achieve the desired result with the Breakout settings for the time being. (#2058, #2090)
Alternatively, you can use the "Run Unsandboxed" option in the context menu.
Sandboxie Pus > Options > General Settings > Shell Integration
Describe what you noticed and did
Create a sandbox that ForceFolder but add exception for *.txt via BreakoutDocument
Result: notepad.exe is sandboxed :(
How often did you encounter it so far?
Always
Expected behavior
BreakoutDocument should allows the process (notepad.exe) to run outside of the sandbox but it isn't
Affected program
Not relevant
Download link
Not relevant
Where is the program located?
Not relevant to my request.
Did the program or any related process close unexpectedly?
No, not at all.
Crash dump
No response
What version of Sandboxie are you running now?
SandboxiePlus 1.13.7
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression from previous versions?
No response
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
What is your Windows edition and version?
Windows Server 2019 Datacenter
In which Windows account you have this problem?
A local account (Standard user)., A local account (Administrator)., A Microsoft account (Standard user)., A Microsoft account (Administrator).
Please mention any installed security software
Kaspersky
Did you previously enable some security policy settings outside Sandboxie?
No
Trace log
No response
Sandboxie.ini configuration