search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.52k stars 1.51k forks source link

powershell cannot find and\or create object inside sanbox. #781

Open jay-sync opened 3 years ago

jay-sync commented 3 years ago

Describe the bug program is launched inside workspace 01, launch PowerShell into the same workspace with the command: Get-CimInstance Win32_COMSetting | Select-Object ProgId, Caption | Where-Object Caption -ILike "*program name*" error window pops up with the error: SBIE2205 Service not implemented: WMI IWbemServices 19

To Reproduce Steps to reproduce the behavior:

  1. open notepad in sanbox with "C:\Program Files\Sandboxie\Start.exe" /box:01 %windir%\system32\notepad.exe

  2. open powershell in sanbox with "C:\Program Files\Sandboxie\Start.exe" /box:01 %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe

  3. send command to powershell Get-CimInstance Win32_COMSetting | Select-Object ProgId, Caption | Where-Object Caption -ILike "*notepad*"

  4. See error on powershell:

    At line:1 char:1
+ Get-CimInstance Win32_COMSetting | Select-Object ProgId, Caption | Wh ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : PermissionDenied: (root\cimv2:Win32_COMSetting:String) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand

    on Sandboxie: SBIE2205 Service not implemented: WMI IWbemServices 19

Expected behavior it should get the object and prompt do the next command (should not throw any error)

Screenshots image

System details and installed software (please provide the following information):

Sandboxie configuration https://gist.github.com/jay-Sjay/2fb385e3a1579315655e3fdecfb2a09f

DavidXanatos commented 3 years ago

Its a security feature no a bug try BlockWinRM=n

jay-sync commented 3 years ago

@DavidXanatos thanks for the quick reply, as suggested I have added BlockWinRM=n in both the .ini [GlobalSettings] and the .ini of the workspace but unfortunately gives still the same error

jay-sync commented 3 years ago

the ws .ini now looks like this

Enabled=y
ConfigLevel=8
AutoRecover=y
BlockNetworkFiles=y
Template=SkipHook
Template=FileCopy
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00ffff,on,6
BoxNameTitle=y
CopyLimitKb=149152
OpenFilePath=*Proxifier*
OpenPipePath=*Proxifier*
OpenIpcPath=*Proxifier*
BlockNetParam=y
DropAdminRights=n
FakeAdminRights=n
ClosePrintSpooler=n
OpenPrintSpooler=n
AllowSpoolerPrintToFile=n
CopyLimitSilent=n
NeverDelete=n
AutoDelete=n
AllowRawDiskRead=n
NotifyDirectDiskAccess=n
BlockWinRM=n
jay-sync commented 3 years ago

unfortunately is still not working, do u guys have any other suggestions?

ko25july commented 1 year ago

I'm in the same situation.