Runas&Run Access&ForcedFolders Bug

[Syrinx]

As the title says:

1) Install a program, in my VM test I used firefox.
2) Set programs installed folder as 'Sandbox Settings > Program Start > Forced Folders > Add Folder' in Sandboxie
3) Set 'Sandbox Settings > Restrictions Start/Run Access > Add Program > <FirefoxPrograms>'
4) Set up a shortcut to make use of runas and launch firefox as a different user eg,:
runas /user:standard /savecred "C:\Program Files\Sandboxie\Start.exe /box:Test C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

runas is in the C:\Windows\System32 folder, not the C:\Program Files (x86)\Mozilla Firefox\firefox.exe
At no point is the runas actually run INSIDE a sandbox.
Yet:
SBIE1308 Program cannot start due to restrictions - runas.exe [Test]
SBIE2222 To add the program to Start/Run Access Restrictions, please double-click on this message line
SBIE2314 Canceling process runas.exe
Result:
Sandboxie is triggering the Run Restrictions prematurely when Forced Folders are active and the final target of runas resides in a forced folder. As in the example above it's even bridged by Sandboxies own Start.exe which is first launched under the user 'standard' and in turn Start.exe is launching the firefox.exe in a specific box.

The current workaround on my live system is to allow runas.exe inside Sandboxie run restrictions and blocking launch abilities via AppLocker with rules tailored to ANONYMOUS LOGON blocking runas.exe.

Windows 7 x64
Sandboxie 5.20
Firefox (any)

[Syrinx]

Well, while trying to come up with a better workaround for my setup I stumbled upon the cause and now that I found it I think I may have even read about it here before.

Basically it was the 'Start in' area of the shortcut lnk that was causing SBIE to trip its protections early. Setting that to a non forced (I set it to the Sandboxie folder) folder allows runas to continue normally outside of sandboxie. Still seems like a bug of sorts to me as runas is not in the sandbox at any point but at least this workaround is much cleaner so far.

[BoxedSunshine]

Interesting I'll have to delve some into this myself. I'm currently looking into symbolic registry links, and volatile registry entries.

[Barb@Invincea]

Hello Syrinx,

It seems that your post is related to this one:
viewtopic.php?f=11&t=22939&p=121135&hil ... ut#p121072

Regards,
Barb.-

[Syrinx]

That may very well be the thread I was thinking of, thanks! Reading over it, the problem I reported is not related. Amusingly the solution I used as a workaround was the thing he had issues with.

My problem: Run Access blocking cmd or runas (while being ran outside of SBIE) when the target exists in a forced folder and the parent process outside is not on the run access list before anything is started in the sandbox via a shortcut with the 'Start In' area reflecting the forced folder path.

His Problem: Shortcuts being abused to bypass forced folders.

On another note I did try searching the forum but it keeps getting stuck on waiting for sandboxie.com /shrug