search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.94k stars 1.55k forks source link

CoverBoxedWindows is not working in Chromium 128+. #4302

Open shann1337 opened 1 month ago

shann1337 commented 1 month ago

Describe what you noticed and did

1.Made new box

  1. stopped and reloaded driver/service

  2. image

  3. checked all relevant options , general/restrictions/prevent sandboxed processes from capturing window images

  4. image

  5. security options/box protection/ prevent processes from capturing sandboxed window images

  6. image

  7. have tried with all box protection levels and still not working as yet, was working perfectly fine in a previous version i believe 1.13.4 or so

How often did you encounter it so far?

tried with multiple versions 1.13.6,1.13.7 1.14.7, 1.14.10

Expected behavior

when it was working on a previous version, ctrl+prtscn would display desktop even if the sandboxed window the active window and fullscreen, same thing with snipping tool would capture a picture of the desktop wherever the snip was taken

Affected program

not relevant

Download link

not relevant

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

1.14.10

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

i believe was working fine with 1.13.4

In which sandbox type you have this problem?

All sandbox types (I tried them all).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 Pro 22H2 64 bit

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Kaspersky

Did you previously enable some security policy settings outside Sandboxie?

have not updated and security policies

Trace log

No response

Sandboxie.ini configuration

[GlobalSettings]
Template=Edge_Fix
Template=Kaspersky
Template=OfficeLicensing
Template=RTSS
Template=WindowsLive
Template=WindowsRasMan
DefaultBox=DefaultBox
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
EnableWin32kHooks=n

[UserSettings_179E02F6]
SbieCtrl_AutoStartAgent=SandMan.exe -autorun
SbieCtrl_EnableAutoStart=y
BoxGrouping=:DefaultBox,New_Box

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#0423ee,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
Template=LessConfidentialBox
ConfigLevel=10
UsePrivacyMode=y
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoDelete=y
AutoRecover=y
SandboxieLogon=y
CoverBoxedWindows=y
BlockScreenCapture=y
ConfidentialBox=y

[New_Box]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#027df7,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10
UseSecurityMode=y
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
FakeAdminRights=y
CoverBoxedWindows=y
BlockScreenCapture=y
offhub commented 1 month ago

BlockScreenCapture=y: This feature does not block all means of obtaining a screen capture, only some common ones. CoverBoxedWindows=y: This does not work for console apps.

bastik-1001 commented 1 month ago

If it worked before and after some update, does no longer work, it is a regression. If it can be confirmed.

For me, the snipping tool shows a gray image for a sandboxed app, with CoverBoxedWindows=y on 1.14.10.

Edit: BlockScreenCapture=y used to make the sandboxed Firefox unable to use the screenshot feature. It failed with a message. With Firefox 115.16.1 ESR, it is able to screenshot a website. (I did not check if it worked after I enabled it and had the feature of Sandboxie prevent screenshots from being taken.)

shann1337 commented 1 month ago

i have done some testing and seems the BlockScreenCapture feature isn't fully working with some chromium based browsers (Chrome, MS Edge. i haven't tested any others) the feature was working correctly prior although I'm not sure how long ago it stopped working with chrome/edge. the feature seems to be working correctly with firefox image may this be a browser renderer issue, possibly updated which renderer they use?

offhub commented 1 month ago

Don't know about BlockScreenCapture but CoverBoxedWindows is not working in Chromium 128+.

Sandboxie-Plus 1.14.10 + Chromium 127 = OK Sandboxie-Plus 1.14.10 + Chromium 128 = FAIL

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/1313161/
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/1331469/