Why can't we have an exclusion list for "Drop Rights"?
Posted: Sat Dec 17, 2016 6:59 am
.
I have the free SB 5.16 on Win 10 Pro, on a 1-user laptop.
As an experiment, I tried Settings > Restrictions > Drop Rights
Soon after, I got the message:
- SBIE2214 Request to start service 'bits' was denied due to dropped rights
- SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [DefaultBox]
- SBIE2220 To permit use of Administrator privileges, please double-click on this message line
When I double-clicked the line, the message implied that the Drop Rights setting would be disabled.
To verify this, I closed all running SB progs and restarted each prog.
I re-opened Settings > Restrictions > Drop Rights
What I expected to find was that the checkbox was still set, but that SandboxieDcomLaunch.exe had been added to one of the inclusion/exclusion lists.
In fact the checkbox had been cleared.
So, it seems that Drop Rights is "all-or-nothing". I'm not a techie, but I would have thought that there are so many useful inclusion/exclusion lists in SB that a blocked program could be added to a list simply by double-clicking on the message line - as shown above. There might be some annoying popups for a few days (or weeks), but that should be a user decision, rather than a developer decision
I would be grateful for some clarification on this.
BTW: I've had no problems with SB in the couple of years that I've been using it. So, this is probably just a theoretical exercise
.
I have the free SB 5.16 on Win 10 Pro, on a 1-user laptop.
As an experiment, I tried Settings > Restrictions > Drop Rights
Soon after, I got the message:
- SBIE2214 Request to start service 'bits' was denied due to dropped rights
- SBIE2219 Request was issued by program SandboxieDcomLaunch.exe [DefaultBox]
- SBIE2220 To permit use of Administrator privileges, please double-click on this message line
When I double-clicked the line, the message implied that the Drop Rights setting would be disabled.
To verify this, I closed all running SB progs and restarted each prog.
I re-opened Settings > Restrictions > Drop Rights
What I expected to find was that the checkbox was still set, but that SandboxieDcomLaunch.exe had been added to one of the inclusion/exclusion lists.
In fact the checkbox had been cleared.
So, it seems that Drop Rights is "all-or-nothing". I'm not a techie, but I would have thought that there are so many useful inclusion/exclusion lists in SB that a blocked program could be added to a list simply by double-clicking on the message line - as shown above. There might be some annoying popups for a few days (or weeks), but that should be a user decision, rather than a developer decision
I would be grateful for some clarification on this.
BTW: I've had no problems with SB in the couple of years that I've been using it. So, this is probably just a theoretical exercise
.
