4.17 Beta Available (Latest Version 4.17.8)

[BUCKAROO]

@Curt: Regarding Chrome setup SBIE error, fixing it shall solve a great many inexplicable error reports, because it seems like Sbie has memory/structure byte alignment/padding problems in one or more places and this can foul up many a thing even if only occurring in one place, one struct or section. Reasoning:

no SBIE error:
y/n [box_name]
n a
y ab
y abc
n abcd
n abcde
y abcdef
y abcdefg
n abcdefgh
n abcdefghi
y abcdefghij
y abcdefghijk
n abcdefghijkl
n abcdefghijklm
y abcdefghijklmn

Maybe look at this as arithmetic progression of sorts because the whole sequence here can shift about, not to mention the layout in memory... One common cause is due to 50% chance of ansi string size (including zero terminator) being an odd length, but it may even (pun intended) require a more proper alignment (2, 4, 8 ?). Tricky thing alignment, but if it's something else, you've something to go on at least.

Specifically, are you sure... because there are two Offline installers (standalone). And one or more online setups (non-standalone).

I don't know how to explain that. Only the "all users" installer gives me that error probably because it wants to install a governing service.

I'm positive. I even tried your link.
Maybe if I was using a restricted user account, I might see different results, I dunno.

It's fine, though. Sandboxie can continue to deny the installation. I'd rather there not be an exception made for Google. "trust no program"

Thanks for giving benefit of the doubt. I have given the right link in any case. I think you should be able to get it installed by adding 1, if not one, two characters to respective Sandbox name. Test before initial rename.

[Oops, I hit Edit instead of Quote.]

[Hamy]

@Curt - BUCKAROO
I do also remember having issues with sandboxie names in a game. one name wouldn't work and another one would. it didn't occur to me at the time that it was based on whether the string name is odd or even and was too busy to report it.

[Curt@invincea]

One of the two cases I reported where a malware was writing out of the sandbox was related to print spooler service.

Not so silly then.

But I really need a mechanism to allow me to print to pdf, as I use it a lot, without disabling the protection entirely. Best would be to have to confirm disabling the protection for each print job.

It is not practical (for me) to set up a separate sandbox with print protection disabled, as I don't generally know when I will want to use it..

Here is what I am trying out now: When something in the sandbox causes the spooler to attempt to write outside the sandbox, you will get SBIE1319 and the Sbie message box will give you the option to allow spooler writes for the current session.

You will still have to restart the print after the SBIE1319 and allowing spooler writes. The write blocking is done by the Sbie minifilter driver, and it can't stop and wait for a user response. So the initial print will fail and you may have to close printer error dialogs from the application.

You can avoid this ahead of time by checking the Allow Spooler Print To File option before you being printing in the sandbox options. I am still leaning toward making this a session-only setting. If you want to make it permanent, you can put it in the sandbox.ini file by hand.

[bo.elam]

I am still leaning toward making this a session-only setting.

In my opinion, thats best.

Bo

[henryg]

Hi Curt

For clarity, what is a "session"? I don't care about having to restart the print! And anything will be better other than just on or off!

And here's a potential bug for you, I found that printing to Foxit Reader pdf printer brings up the blocked print spooler warning, but the Foxit file save dialogue also appears; and I can then save to a file. For some reason Quick Recovery does not work, but I can still manually recover the file from the (reduced rights) sandbox

[Curt@invincea]

4.15.7 has been released with better print spooler action.

There are still some quirks with print to file. E.g. sometimes your print queue will show errors for prints that were successful -- these need to be cleaned out manually. With some printers, you will get the SBIE1319 error, but the Save As dialog still comes up. The print will still fail unless you allow the process to access the spooler, though the printer driver might not tell you it failed.

[btm]

Combined 32/64 installer:
2) I removed the spooler print to file property sheet in the sandbox settings. This is too risky to allow setting it permanently in the GUI where it can easily be forgotten. You can still add AllowSpoolerPrintToFile=y manually in sandbox.ini.

Yikes I don't understand why you'd want to shoot yourself in the foot there! You had a decent start but if it's that bad of an option, why not shower the (mostly empty) page with warnings (or an extra 'are you sure prompt') instead? I hate to play the devils advocate here as I'm actually not against manually altering the ini but in order to 'appeal to the masses' a click-able option like you had would be ideal with a few extra warnings in the mix. [pardon the drunk speak] In my opinion it's easier to forget the manual changes as they aren't shown in the interface. Example: I have 30+ global options set that aren't shown in the UI so unless I check the ini and read each line I don't always find the conflict! (These are mostly closed file paths [eg 20ish] but there are others as well such as registry paths, lingering processes and a default RAM Disk folder along with a few other things.)

Update: Bo may have set me straight on Wilders, apparently change #1 is useful in these situations for temporarily allowing it. I hadn't tested it so I was going off of what I read and had dismissed the first line as irrelevant. My bad!?

[BUCKAROO]

For clarity, what is a "session"?

Here, session, in theory, should mean from Sandbox active until inactive (no processes resident). I guess that's what Curt, the dev, is shooting for.

Tests show that session in 4.17.5 seems to mean for only this process [pid] (not for others in the Sandbox). Therefor if an application creates a new slave process each time to print, then it will NEVER be able to print. I don't know how common that is, so I don't want to be critical about a work-in-progress. I think it's an improvement and removing the property sheet was a well-thought-out move.

Glad to see it's catching and stopping printer driver install from 4.17.4 and hopefully onwards. I'm not going to dig any further... Except to say, bouncing spoolss completely and IPCing with an unsandboxed Sbie server would have been my choice - keeping it user-mode and with one more SYSTEM service closed off completely save for printing actions determined by user.

I don't care about having to restart the print! And anything will be better other than just on or off!

@Curt, can not Sbie block until user responds to prompt? StartDocPrinter is a blocking function anyway [Pity the UI if same thread - so I guess not advisable] - is not appropriate driver asynchronous and runs within the very thread it was entered from ? [Little to do with keeping Windows Messages pumping, I know] I have not much clue about these things (and not much desire to learn) so don't feel like you need to respond to this. What if the driver makes a copy of the print buffer whole somewhere, say, in a dummy process, effectively swallowing the calls ahead of user decision and then playing them back based on positive answer/setting ?

[RonR]

Fixes in 4.17.5

1) More print spooler block improvements. Now, when you get the error "SBIE1319 Blocked spooler print to file", you can double-click the error message to open the print spooler for that particular process.
2) I removed the spooler print to file property sheet in the sandbox settings. This is too risky to allow setting it permanently in the GUI where it can easily be forgotten. You can still add AllowSpoolerPrintToFile=y manually in sandbox.ini.

Windows 8 x64

The print spooler block is not working with priPrinter Professional (64 Bit) v6.2.0.2335. Double-clicking on the "SBIE1319 Blocked spooler print to file" error causes it to disappear, but no printing ensues. "AllowSpoolerPrintToFile=y" is required in order to print from a sandbox.

[BUCKAROO]

@Curt: Regarding Chrome setup SBIE error, fixing it shall solve a great many inexplicable error reports ...

It is not box_name but FileRootPath where occurs the sporadic problem.
box_name of course dictates FileRootPath where %SANDBOX% is specified.

e.g.
fail FileRootPath=C:\Sandbox\BUCKAROO\0
pass FileRootPath=C:\Sandbox\BUCKAROO\01
pass FileRootPath=C:\Sandbox\BUCKAROO\012
fail FileRootPath=C:\Sandbox\BUCKAROO\0123
fail FileRootPath=C:\Sandbox\BUCKAROO\01234
pass FileRootPath=C:\Sandbox\BUCKAROO\012345
pass FileRootPath=C:\Sandbox\BUCKAROO\0123456

[Buster]

@Curt: Regarding Chrome setup SBIE error, fixing it shall solve a great many inexplicable error reports ...

It is not box_name but FileRootPath where occurs the sporadic problem.
box_name of course dictates FileRootPath where %SANDBOX% is specified.

e.g.
fail FileRootPath=C:\Sandbox\BUCKAROO\0
pass FileRootPath=C:\Sandbox\BUCKAROO\01
pass FileRootPath=C:\Sandbox\BUCKAROO\012
fail FileRootPath=C:\Sandbox\BUCKAROO\0123
fail FileRootPath=C:\Sandbox\BUCKAROO\01234
pass FileRootPath=C:\Sandbox\BUCKAROO\012345
pass FileRootPath=C:\Sandbox\BUCKAROO\0123456

Great finding, BUCKAROO!

Could you put a link to an application that could be used for testings, please? I would like to check and confirm the bug.

[Mr.X]

@Curt: Regarding Chrome setup SBIE error, fixing it shall solve a great many inexplicable error reports ...

It is not box_name but FileRootPath where occurs the sporadic problem.
box_name of course dictates FileRootPath where %SANDBOX% is specified.

e.g.
fail FileRootPath=C:\Sandbox\BUCKAROO\0
pass FileRootPath=C:\Sandbox\BUCKAROO\01
pass FileRootPath=C:\Sandbox\BUCKAROO\012
fail FileRootPath=C:\Sandbox\BUCKAROO\0123
fail FileRootPath=C:\Sandbox\BUCKAROO\01234
pass FileRootPath=C:\Sandbox\BUCKAROO\012345
pass FileRootPath=C:\Sandbox\BUCKAROO\0123456

I want to thank you for your findings too and for your precious time / hard work.

[cornflake]

Windows 8 x64 and Sandboxie 4.17.5 and Firefox

Printing to a network printer is broken, it shows about a dozen 'SBIE1319 Blocked spooler print to file' each time I try to print.

[Curt@invincea]

Windows 8 x64 and Sandboxie 4.17.5 and Firefox

Printing to a network printer is broken, it shows about a dozen 'SBIE1319 Blocked spooler print to file' each time I try to print.

The spooler block is too restrictive. I'm going to change it to allow writing temp files in its spooler folder.

[Curt@invincea]

Fixes in 4.17.5

1) More print spooler block improvements. Now, when you get the error "SBIE1319 Blocked spooler print to file", you can double-click the error message to open the print spooler for that particular process.
2) I removed the spooler print to file property sheet in the sandbox settings. This is too risky to allow setting it permanently in the GUI where it can easily be forgotten. You can still add AllowSpoolerPrintToFile=y manually in sandbox.ini.

Windows 8 x64

The print spooler block is not working with priPrinter Professional (64 Bit) v6.2.0.2335. Double-clicking on the "SBIE1319 Blocked spooler print to file" error causes it to disappear, but no printing ensues. "AllowSpoolerPrintToFile=y" is required in order to print from a sandbox.

You will have to restart the print after you unblock the process.