I have been trying to stop google chrome from auto updating itself.
This is a very difficult task . (I have google earth installed also)
Lets leave the process of the the disabaling of the update itself, and focus in sandboxie. (I have tried evrything beginning with "system configuration>startup","task scheduler","group policy",moving the autoupdate exe
file from C:\Program Files\Google\Update) ....there is always somthing that lets it start the process of update.
I think ... that what has happened in the first place is that ..when chrome was sandboxed it auto update itself outside the sandbox ,but i cant confirm that this was the case (That it was sandboxed while updating).
Seeking the way it does the update I have noticed that also , when i look in its "about google chrome" it starts updates itself also. (beside when windows starts)
I will be happy to know how to stop this update ... even with sandboxie sandboxing the update.
(I am trying to avoid the update now since it made a mess in my computer.... with flash player (I restored the computer from an image backup), so i avoid doing the "about google chrome", this is the only thing the
initiates the update for now. i dont know if this update is sandboxed or not.
It could be that i have managed to stop the update by moving the exe file of the update to another folder.
Chrome update
Chrome update
I have done what it said in the link already as i wrote "group policy".
....But this didnt help to load 2 google update apps at system startup automatically.
Its very complicated this procedure .... After i did that there are many places to disable the update in the group policy.
Meanwhile i found another location to disable this update... services>google update service.
It seams now the update that is starting when looking at the "about" of chrome is sandboxed. (i hope)
..and its not disabled by the "services" thing i did now, or ..how does it starts if i hide its exe file ???.
....But this didnt help to load 2 google update apps at system startup automatically.
Its very complicated this procedure .... After i did that there are many places to disable the update in the group policy.
Meanwhile i found another location to disable this update... services>google update service.
It seams now the update that is starting when looking at the "about" of chrome is sandboxed. (i hope)
..and its not disabled by the "services" thing i did now, or ..how does it starts if i hide its exe file ???.
The following assumes that Chrome is NOT installed inside of a sandbox.
If you are willing to spend some time updating a Sandbox Start/Run list of programs, you can activate that feature for the Chrome sandbox.
This can be used to keep the Chrome updater program from running in the sandbox.
Initially, you will allow only chrome.exe to Start and Run:
Sandbox Settings > Restrictions > Start/Run Access > "Add Program" > chrome.exe
Then click the About button in (sandboxed) Chrome to run the updater, and click on "Hide" on the Sandboxie message window when GoogleUpdateOnDemand.exe and GoogleUpdate.exe try to run.
Once you hide the message, then at most you will likely have to click a Cancel button when Chrome tries to update while sandboxed.
You will soon find though, that there will be other programs that you will want to add to the Start/Run list.
You can add these "on-the-fly" so to speak, when you get a window saying that a program could not start because of restrictions. While Chrome is still running, click on:
Sandbox Settings > Restrictions > Start/Run Access > "Add Program" button
and the program that tried to run should be listed there.
Add it, and the change should take effect right away. You don't need to exit that session of Chrome.
If you are willing to spend some time updating a Sandbox Start/Run list of programs, you can activate that feature for the Chrome sandbox.
This can be used to keep the Chrome updater program from running in the sandbox.
Initially, you will allow only chrome.exe to Start and Run:
Sandbox Settings > Restrictions > Start/Run Access > "Add Program" > chrome.exe
Then click the About button in (sandboxed) Chrome to run the updater, and click on "Hide" on the Sandboxie message window when GoogleUpdateOnDemand.exe and GoogleUpdate.exe try to run.
Once you hide the message, then at most you will likely have to click a Cancel button when Chrome tries to update while sandboxed.
You will soon find though, that there will be other programs that you will want to add to the Start/Run list.
You can add these "on-the-fly" so to speak, when you get a window saying that a program could not start because of restrictions. While Chrome is still running, click on:
Sandbox Settings > Restrictions > Start/Run Access > "Add Program" button
and the program that tried to run should be listed there.
Add it, and the change should take effect right away. You don't need to exit that session of Chrome.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Chrome update
I did not fully understand what you (guest 10) explained .
But i think the solution will the following : ( i dont remember the procedure and the syntax.. so please help)
I have chrome forced to sandboxed (default sandbox), so i want to create a restriction within this "default sandbox" to not allow the "googleupdate.exe" to run in this sandbox... that means "block access".
Also i want create another rule to not alow to run (block access) to a "googleupdate.exe" process runing outside the force chrome sandbox (default sandbox) in case there is another "googleupdate.exe" process
installed that is not connected or associated directly to chrome installation.
But i think the solution will the following : ( i dont remember the procedure and the syntax.. so please help)
I have chrome forced to sandboxed (default sandbox), so i want to create a restriction within this "default sandbox" to not allow the "googleupdate.exe" to run in this sandbox... that means "block access".
Also i want create another rule to not alow to run (block access) to a "googleupdate.exe" process runing outside the force chrome sandbox (default sandbox) in case there is another "googleupdate.exe" process
installed that is not connected or associated directly to chrome installation.
Chrome update
I did understand some of what you wrote now .. guest 10...
But the problem as you can see that chrome is in my default box along with all other browsers...and your way is a bit long.
Isnt there a way to add the exclamation mark "!" somewhere ?
But the problem as you can see that chrome is in my default box along with all other browsers...and your way is a bit long.
Isnt there a way to add the exclamation mark "!" somewhere ?
chrome update
O.k
I added "googleupdate.exe" to resouce access>file access>blocked access. (i added googleupdate.exe as a program and then added chrome.exe as a resource name)
and "google update wont run in the sandbox when i open the "about" in google chrome.
but what about "googleupdate.exe" runing outside the sandbox,
What will happend if i force it to sandbox but at the same time i also block access to it ?
I added "googleupdate.exe" to resouce access>file access>blocked access. (i added googleupdate.exe as a program and then added chrome.exe as a resource name)
and "google update wont run in the sandbox when i open the "about" in google chrome.
but what about "googleupdate.exe" runing outside the sandbox,
What will happend if i force it to sandbox but at the same time i also block access to it ?
chrome update
My suggestion :
"I added "googleupdate.exe" to resouce access>file access>blocked access. (i added googleupdate.exe as a program and then added chrome.exe as a resource name)"
doesnt work at all.
"I added "googleupdate.exe" to resouce access>file access>blocked access. (i added googleupdate.exe as a program and then added chrome.exe as a resource name)"
doesnt work at all.
My suggestion as above, would best be used in a sandbox that is only used for the Chrome browser.
You can have as many sandboxes as you want, but trying to set up one sandbox that is used for all programs or even by all of your browsers is not going to make using the Start/Run Restrictions that I talked about very practical.
There would simply be too many .exe programs that would need to be added to the list of programs that are allowed to start and run in that sandbox.
You are blocking access to the googleupdate.exe program, using a Blocked Access setting.
That setting is used to keep a sandboxed program from being able to access a file on the disk.
Typically, that setting would be used to keep a sandboxed program from reading a file or folder contents, but it will also block a sandboxed program from being able to run that .exe program too.
It's a black-list approach, in that access to that file is blocked, but any other .exe program can be run.
That's a slightly different approach from what I was thinking of, by using Sandboxie's Start/Run Access setting.
It will basically do the same thing, although it does it using a white-list approach.
Using the Start/Run Access setting, you develop a list of .exe programs which are allowed to Start and Run in the sandbox - and every other .exe program is blocked.
I guess that I don't understand how the GoogleUpdate.exe or GoogleUpdateOnDemend.exe programs will affect your choice of which method to use.
If Chrome's updater program is running outside of the sandbox (perhaps while forcing is turned off), doesn't that mean chrome.exe is already running outside of the sandbox and the updater program will then download the Chrome update outside of the sandbox?
Judging by the number of chrome.exe instances that run with Chrome, maybe it's possible that the updater program will start another instance of chrome.exe, and if the temporary forcing of programs has expired in the meantime, then I guess that it could possibly start another instance of Chrome in the sandbox.
In the case where you have intentionally disabled forcing, in order to update Chrome outside of the sandbox, you might need to set the time that forcing is disabled to something longer than the default time of 10 seconds.
Sandboxie Control (tray icon) > File > Disable Forced Programs > (adjust the time setting here)
Certainly, you can't use Sandboxie to block one of the updater programs from starting outside of the sandbox.
And you shouldn't be adding either of the updater programs to the list of programs that are forced to run sandboxed.
Only chrome.exe should be listed as a forced program.
You can have as many sandboxes as you want, but trying to set up one sandbox that is used for all programs or even by all of your browsers is not going to make using the Start/Run Restrictions that I talked about very practical.
There would simply be too many .exe programs that would need to be added to the list of programs that are allowed to start and run in that sandbox.
You are blocking access to the googleupdate.exe program, using a Blocked Access setting.
That setting is used to keep a sandboxed program from being able to access a file on the disk.
Typically, that setting would be used to keep a sandboxed program from reading a file or folder contents, but it will also block a sandboxed program from being able to run that .exe program too.
It's a black-list approach, in that access to that file is blocked, but any other .exe program can be run.
That's a slightly different approach from what I was thinking of, by using Sandboxie's Start/Run Access setting.
It will basically do the same thing, although it does it using a white-list approach.
Using the Start/Run Access setting, you develop a list of .exe programs which are allowed to Start and Run in the sandbox - and every other .exe program is blocked.
I guess that I don't understand how the GoogleUpdate.exe or GoogleUpdateOnDemend.exe programs will affect your choice of which method to use.
If Chrome's updater program is running outside of the sandbox (perhaps while forcing is turned off), doesn't that mean chrome.exe is already running outside of the sandbox and the updater program will then download the Chrome update outside of the sandbox?
Judging by the number of chrome.exe instances that run with Chrome, maybe it's possible that the updater program will start another instance of chrome.exe, and if the temporary forcing of programs has expired in the meantime, then I guess that it could possibly start another instance of Chrome in the sandbox.
In the case where you have intentionally disabled forcing, in order to update Chrome outside of the sandbox, you might need to set the time that forcing is disabled to something longer than the default time of 10 seconds.
Sandboxie Control (tray icon) > File > Disable Forced Programs > (adjust the time setting here)
Certainly, you can't use Sandboxie to block one of the updater programs from starting outside of the sandbox.
And you shouldn't be adding either of the updater programs to the list of programs that are forced to run sandboxed.
Only chrome.exe should be listed as a forced program.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Chrome update
"Guest10" ..Why do you think i shouldn't add "googleupdate.exe" to the forced programs ?
Its a lot better to virtually install the update ,then to find one day that the updater updated something you didn't want to ?
There are alot of google programs these days ... each one has installed an updater...
Its a lot better to virtually install the update ,then to find one day that the updater updated something you didn't want to ?
There are alot of google programs these days ... each one has installed an updater...
Re: Chrome update
That program is started by chrome.exe. If you wanted to update Chrome while it is running unsandboxed, you wouldn't want the update program to be forced to run sandboxed. The update wouldn't install correctly outside of the sandbox.John_08 wrote:Why do you think i shouldn't add "googleupdate.exe" to the forced programs ?
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
If I'm getting the gist of this thread, you want to stop GoogleUpdate from EVER running, either inside or outside the sandbox. Correct? If so, it's actually a very simple two step process:
1) Sandbox Settings -> Program Start -> Forced Programs -> add GoogleUpdate.exe and GoogleUpdateOnDemand.exe
If you have a list of apps in Start/Run Access then
2a) Sandbox Settings -> Restrictions -> Start/Run Access -> make sure neither of the apps are listed
else
2b) Sandbox Settings -> Resource Access -> IPC Access -> Blocked Access -> add both apps here
This will both force the update apps to run in this sandbox and block their execution at the same time. Try it with Notepad for example, and you will effectively stop Notepad from being able to run, EVER.
1) Sandbox Settings -> Program Start -> Forced Programs -> add GoogleUpdate.exe and GoogleUpdateOnDemand.exe
If you have a list of apps in Start/Run Access then
2a) Sandbox Settings -> Restrictions -> Start/Run Access -> make sure neither of the apps are listed
else
2b) Sandbox Settings -> Resource Access -> IPC Access -> Blocked Access -> add both apps here
This will both force the update apps to run in this sandbox and block their execution at the same time. Try it with Notepad for example, and you will effectively stop Notepad from being able to run, EVER.
Chrome updae
"wraithdu" you guessed right.
What is "GoogleUpdateOnDemand.exe" ? i haven't come across of it on my computer.
Also ... what is "IPC" in "IPC access" ?
What is "GoogleUpdateOnDemand.exe" ? i haven't come across of it on my computer.
Also ... what is "IPC" in "IPC access" ?
Re: Chrome updae
It might be new in Chrome 12? I just noticed it recently. I think it might be the new update checker that launches from Chrome's About dialog.John_08 wrote:"wraithdu" you guessed right.
What is "GoogleUpdateOnDemand.exe" ? i haven't come across of it on my computer.
IPC = Interprocess CommunicationAlso ... what is "IPC" in "IPC access" ?
Who is online
Users browsing this forum: No registered users and 1 guest
