Page 1 of 1

Why can't we have an exclusion list for "Drop Rights"?

Posted: Sat Dec 17, 2016 6:59 am
by OldGrantonian
.
I have the free SB 5.16 on Win 10 Pro, on a 1-user laptop.

As an experiment, I tried Settings > Restrictions > Drop Rights

Soon after, I got the message:

- SBIE2214 Request to start service 'bits' was denied due to dropped rights
- SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [DefaultBox]
- SBIE2220 To permit use of Administrator privileges, please double-click on this message line

When I double-clicked the line, the message implied that the Drop Rights setting would be disabled.

To verify this, I closed all running SB progs and restarted each prog.

I re-opened Settings > Restrictions > Drop Rights

What I expected to find was that the checkbox was still set, but that SandboxieDcomLaunch.exe had been added to one of the inclusion/exclusion lists.

In fact the checkbox had been cleared.

So, it seems that Drop Rights is "all-or-nothing". I'm not a techie, but I would have thought that there are so many useful inclusion/exclusion lists in SB that a blocked program could be added to a list simply by double-clicking on the message line - as shown above. There might be some annoying popups for a few days (or weeks), but that should be a user decision, rather than a developer decision :-)

I would be grateful for some clarification on this.

BTW: I've had no problems with SB in the couple of years that I've been using it. So, this is probably just a theoretical exercise :)
.

Re: Why can't we have an exclusion list for "Drop Rights"?

Posted: Sun Dec 18, 2016 7:07 am
by OldGrantonian
.
After submitting my OP, I continued experimenting with "Restrictions".

I haven't had a virus since I started using SB, but I thought I should at least try some of the options instead of being lazy and using the defaults.

So I added my normal internet-facing programs to the "Start/Run Access" list.

Since then, two programs have asked for permission to run: rund1132.exe and dllhost.exe

I simply double-clicked the message line, and the two EXEs were added to the list.

So, I'm wondering why we can't do the same thing with "Drop Rights"? We might get some annoying popups for a few days, but I'm sure these would gradually taper off as more programs were added to the list.
.

Re: Why can't we have an exclusion list for "Drop Rights"?

Posted: Sun Jan 01, 2017 7:48 am
by Domochevsky
"rund1132.exe"

Um... I have questions about that one. :shock: