NirnAuctionHouse.exe -Erroneous SBIE2101 Dialog [SOLVED]

[Stardance]

@Barb : Please read this OP before you "merge" it with another thread that has become extinct. It is not about the same issue.

As requested for problem reports:

(1) The Windows version: 64-bit Windows 7 Professional SP1 (updated with all known applicable updates as of this writing). The system loads and runs the current version of Microsoft Essentials for anti-malware detection, and the signature file is updated at least once each day (scheduled).

(2) Sandboxie version: 5.20 (64-bit)

(3) When I launch NirnAuctionHouse.exe by using the context menu on a desktop shortcut to the executable, and select "Run Sandboxed":

1. Windows displays a confirmation dialog and I allow the program to run.
2. Sandboxie displays a dialog with a list of enabled sandboxes, from which I select DefaultBox.
3. Sandboxie displays the following:
   
   SBIE1307 Program cannot access the Internet due to restrictions - NirnAuctionHouse.exe [DefaultBox]
   SBIE2221 To add the program to Internet Access Restrictions, please double-click on this message line
   

After I double-click on the SBIE2221 line, NirnAuctionHouse.exe runs in the Default Sandbox, and apparently establishes a link to its "server". At that point Sandbox.ini contains the following lines (lines that follow the DefaultBox configuration are omitted):

Code: Select all

[GlobalSettings]

ActivationPrompt=n
Template=nVidia_Stereoscopic3D
Template=Logitech_G15_Keyboard
Template=OfficeLicensing
Template=Microsoft_Security_Essentials
Template=Microsoft_MSMQ
Template=LastPass
TemplateReject=WindowsLive
TemplateReject=KeyScrambler
ForceDisableSeconds=10

[TemplateSettings]

Template=LastPass

[Template_Local_Secure_Directories]

Tmpl.Title=Local Secure Directories
Tmpl.Class=WebBrowser
ClosedFilePath=!firefox.exe,%Local AppData%\Mozilla\Firefox
ClosedFilePath=!firefox.exe,%AppData%\Mozilla\Firefox
ClosedFilePath=!iexplore.exe,%Favorites%
ClosedFilePath=!iexplore.exe,%Cookies%
ClosedFilePath=!chrome.exe,googleupdate.exe,%Local AppData%\Google\Chrome
ClosedFilePath=!chrome.exe,googleupdate.exe,%AppData%\Google\Chrome
ClosedFilePath=!wmplayer.exe,C:\Program Files\Windows Media Player\

[Template_Local_AutoIgnore_Directories]

Tmpl.Title=Local AutoIgnore Directories
Tmpl.Class=WebBrowser
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Roaming\Microsoft\Windows\Recent
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Roaming\Microsoft\Windows\Temporary Internet Files
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Local\Temp
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Roaming\Adobe\FlashPlayer
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Roaming\Adobe\Macromedia
AutoRecoverIgnore=C:\Users\SYSOP\AppData\Roaming\Macromedia

[Template_Local_Recover_Folders]

Tmpl.Title=Local Recover Folders
Tmpl.Class=WebBrowser
RecoverFolder=C:\ProgramData
RecoverFolder=C:\Users\SYSOP\Downloads
RecoverFolder=C:\Users\SYSOP\AppData
RecoverFolder=C:\TEMP
RecoverFolder=C:\WINDOWS
RecoverFolder=F:\AGAPE
RecoverFolder=F:\BACKUPS
RecoverFolder=F:\COMPUTER
RecoverFolder=F:\DNL
RecoverFolder=F:\GAMES
RecoverFolder=F:\GAMES\Alan Wake (Remedy)
RecoverFolder=F:\GAMES\World of Warcraft (Blizzard)
RecoverFolder=F:\GAMES\The Elder Scrolls Online (Zenimax)
RecoverFolder=F:\GAMES\The Elder Scrolls V - Skyrim (Bethesda)
RecoverFolder=F:\GAMES\HUMBLE BUNDLES
RecoverFolder=F:\INSTALL
RecoverFolder=F:\INSTALLERS
RecoverFolder=F:\LIVING
RecoverFolder=F:\LIBRARY
RecoverFolder=F:\MEDIA
RecoverFolder=F:\NOTES
RecoverFolder=F:\Program Data
RecoverFolder=F:\ProgramData
RecoverFolder=F:\Program Files
RecoverFolder=F:\Program Files (x86)
RecoverFolder=F:\SCRAPBOOK
RecoverFolder=F:\SCREENSHOTS
RecoverFolder=F:\SNAPSHOTS
RecoverFolder=F:\TEMP
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%AppData%\Mozilla\Firefox\Crash Reports
RecoverFolder=%AppData%\Mozilla\Firefox\Profiles\extensions
RecoverFolder=%Favorites%
RecoverFolder=%Cookies%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%

[DefaultBox]

Enabled=y
BoxNameTitle=y
BorderColor=#00FFFF,ttl
ConfigLevel=7
NotifyInternetAccessDenied=y
DropAdminRights=y
Template=Local_Secure_Directories
Template=Local_AutoIgnore_Directories
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
AutoRecover=y
NeverDelete=n
OpenFilePath=F:\DNL\
OpenFilePath=F:\INSTALL\
OpenFilePath=F:\LIBRARY\
OpenFilePath=F:\MEDIA\
OpenFilePath=WerFault.exe,C:\Users\SYSOP\AppData\Local\
ReadFilePath=C:\Program Files
ReadFilePath=C:\Program Files (x86)
ReadFilePath=C:\WINDOWS
ReadFilePath=G:\
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*
ClosedFilePath=*\GEARAspiWDMDevice*
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe

Notice that NirnAuctionHouse.exe has been added to the ProcessGroup=<InternetAccess> for the DefaultBox sandbox.

Eventually, of course, I close its window when the program is no longer needed.

(4)HERE IS THE ISSUE: when I launch NirnAuctionHouse.exe subsequently, by using the context menu of its desktop shortcut to Run Sandboxed, then

1. Windows displays a confirmation dialog and I allow the program to run.
2. Sandboxie displays its list of enabled sandboxes, from which I select DefaultBox.
3. Sandboxie displays the following dialog:
   
   SBIE1307 Program cannot access the Internet due to restrictions - NirnAuctionHouse.exe [DefaultBox]
   SBIE2221 To add the program to Internet Access Restrictions, please double-click on this message line
   

Why is the message displayed after NirnAuctionHouse.exe has already been added to the ProcessGroup=<Internet Access> ?? Personally, I've never seen this behavior with Sandboxie before, perhaps because I so seldom launch any program in the DefaultBox. So, perhaps this is a known issue. Be that as it may:

(a) If I simply click on the "Copy Contents to Windows Clipboard" option, the dialog closes, and NirnAuctionHouse.exe runs in the DefaultBox with access to the Internet. Or I can click on the [x] on the corner of the dialog box to close it instead and the outcome is the same.

(b) If I double-click on the SBIE2221 line to "add the program to Internet Access Restrictions"*, then Sandboxie displays a dialog that has no messages, and NirnAuctionHouse.exe runs in the DefaultBox with access to the Internet. Afterward, however, the last line of the DefaultBox configuration is the following:

Code: Select all

....
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe,NirnAuctionHouse.exe

(c) Sometimes, when I'm not quick enough to either close the dialog or to double-click on the SBIE2221 line to grant access to NirnAuctionHouse.exe, that line will be followed by one notifying me that the program has crashed, by another SBIE1307 line stating that WerFault.exe cannot access the Internet, and another SBIE2221 line on which I can double-click to grant WerFault.exe access to the Internet. If I double click on that line, then WerFault.exe is added to the ProcessGroup=<InternetAccess> line quoted above, thus occurring at least twice, regardless of whether NirnAuctionHouse.exe has or has not been added previously.

So now you know.
_______________
* By the way, if users want to grant access to the Internet for a program, why would they double-click on a line to "add the program to Internet Access Restrictions"? Shouldn't that be "Permissions" instead? .... just asking. <sigh>

[Syrinx]

Closed Paths are always used over open ones so in the case of your allowing the exe internet access that is ignored due to the explicit, manually added, Closed rules your box has.

Think of this way.

Rule 1 uses the internal sandboxie list of Devices and says anything not in the <InternetAccess> group will be denied.
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
Rule 2 adds these 3 programs to the list of programs allowed access to the internet devices.
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe

Rules 1 & 2 are processed but then the rest of the rules you added say don't let anything access these devices and so those 3 programs are still not permitted access to those devices which you listed manually as ClosedFilePath which results in no internet access.

Code: Select all

ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*

In other words, after rules 1 &2 are processed SBIE continues to check the other existing rules for anything that matches. It finds them and thus it is denied access in the end.

[Syrinx]

Figured I should expand further on one point though it was implied.

It finds them and thus it is denied access in the end.

Due to the way the logic for internet Access Restrictions works in regards to the alert - it isn't currently designed to differentiate between a match being found via the internal rules or a specific rule set by the user - it is being blocked and using the 'standard alert' as it normally would. When allowing access by clicking on the line it rebuilds the <InternetAccess> group with the same information as before (for next time) and temporarily toggles permission inside the already running box to allow access. So due to one or more of these ClosedFilePath=\Device\ rules that exist in the same box they are always being Closed at start and initiating the alert cycle but not touching the other (so far as it is concerned, unrelated) ClosedFilePath=\Device\ rules in the ini as it isn't meant to.
So a short solution would be Comment= them out or delete them and let it use the internal rules as designed.
A longer solution would be try and create some more complex checks and logic to identify user error like this. (doubtful)

* By the way, if users want to grant access to the Internet for a program, why would they double-click on a line to "add the program to Internet Access Restrictions"? Shouldn't that be "Permissions" instead? .... just asking. <sigh>

I would venture a guess this is due to the structure of the Internet Access options being located within the "Restrictions" area of the Sandbox Settings UI. I agree a change of wording might be better for that alert tho.

Update:
Looks like if any of these are identified as getting blocked it will pop up with the Notification Alert (unless hidden) via the NotifyInternetAccessDenied= option

Code: Select all

rawip(6)
http\\
tcp(6)
udp(6)
ip(v6)
afd
nsi

[Stardance]

Closed Paths are always used over open ones so in the case of your allowing the exe internet access that is ignored due to the explicit, manually added, Closed rules your box has.

Think of this way.

Rule 1 uses the internal sandboxie list of Devices and says anything not in the <InternetAccess> group will be denied.
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
Rule 2 adds these 3 programs to the list of programs allowed access to the internet devices.
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe

Rules 1 & 2 are processed but then the rest of the rules you added say don't let anything access these devices and so those 3 programs are still not permitted access to those devices which you listed manually as ClosedFilePath which results in no internet access.

Code: Select all

ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*

In other words, after rules 1 &2 are processed SBIE continues to check the other existing rules for anything that matches. It finds them and thus it is denied access in the end.

FYI: I did not "manually add" any of the lines which you quoted to the DefaultBox. I know next to nothing about the files and/or devices to which they refer. Frankly, I don't believe that I have ever used them in any sandbox configuration, except NAH_def below. As far as I know, they've always been in the DefaultBox in Sandboxie.ini that was created when Sandboxie was installed. That was about 9 years ago, on the system I had at the time, and Sandboxie.ini was copied to the one that I am using now from that one. In that interim, I believe that at least one Sandboxie update modified the DefaultBox configuration after Ronen Tzur implemented the Templates feature.

As to your closing remark, if I recall correctly, Ronen Tzur ("Tzuk") told me that the order in which lines appear in Sandbox.ini does not matter. It parses the statements repeatedly according to an order of precedence -- that is not, as far as I know, documented -- until all lines have been processed. I would assume the same is true with respect to each individual sandbox. Be that as it may, on the face of it, Sandboxie's behavior is not as you described (keep reading).

Following are the lines of the current DefaultBox as it exists in Sandbox.ini on my computer:

Code: Select all

[DefaultBox]

Enabled=y
BoxNameTitle=y
BorderColor=#00FFFF,ttl
ConfigLevel=7
NotifyInternetAccessDenied=y
DropAdminRights=y
Template=Local_Secure_Directories
Template=Local_AutoIgnore_Directories
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
AutoRecover=y
NeverDelete=n
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe
NotifyInternetAccessDenied=y
OpenFilePath=WerFault.exe,C:\Users\SYSOP\AppData\Local\
OpenFilePath=F:\DNL\
OpenFilePath=F:\INSTALL\
OpenFilePath=F:\LIBRARY\
OpenFilePath=F:\MEDIA\
ReadFilePath=C:\Program Files
ReadFilePath=C:\Program Files (x86)
ReadFilePath=C:\WINDOWS
ReadFilePath=G:\
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*
ClosedFilePath=*\GEARAspiWDMDevice*
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\

The only lines that I can ever recall "manually" adding are:

1. The two lines which include Local templates, each of which I created.
2. Most, if not all, of the lines for OpenFilePath, for ReadFilePath, and the last three ClosedFilePath to the respective partitions. They have also been modified from time-to-time as the number of disk drives and their partitions has changed.
3. The line for "ProcessGroup=<Internet Access" was added, probably by me, to allow Microsoft to receive reports about applications which "have a problem" while running in the sandbox.

Although your explanation that I've quoted sounds reasonable, NirnAuctionHouse.exe runs and connects to its server via the Internet when I launch it in the DefaultBox, as I described in the OP.

It also runs and uses the Internet to communicate with its server with the same lines in the following sandbox, which is a modified copy of the DefaultBox:

Code: Select all

[NAH_def]

Enabled=y
BoxNameTitle=y
BorderColor=#00FFFF,ttl
ConfigLevel=7
DropAdminRights=y
Template=Local_Secure_Directories
Template=Local_AutoIgnore_Directories
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
AutoRecover=y
NeverDelete=n
LeaderProcess=NirnAuctionHouse.exe
LingerProcess=NirnAuctionHouse.exe
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe
NotifyInternetAccessDenied=y
ReadFilePath=NirnAuctionHouse.exe,C:\WINDOWS
ReadFilePath=NirnAuctionHouse.exe,G:\
OpenFilePath=NirnAuctionHouse.exe,C:\Users\SYSOP\My Documents\Elder Scrolls Online\live\AddOns\NirnAuctionHouse\
OpenFilePath=NirnAuctionHouse.exe,C:\Users\SYSOP\My Documents\Elder Scrolls Online\live\SavedVariables\
OpenFilePath=WerFault.exe,C:\Users\SYSOP\AppData\Local\
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*
ClosedFilePath=*\GEARAspiWDMDevice*
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\

As I've stated in this forum before, I seldom use the DefaultBox to execute any application. If I want to sandbox an application, either I use Sandboxie's "create a sandbox" UI, or I copy one that already exists for a similar application, then modify it for the new application. The current NAH_def is the first time that I can recall using a copy of DefaultBox to initiate creating a sandbox that I can launch via a desktop shortcut.

As far as I can determine, on the face of it, Sandboxie has a bug, as described in the OP.

That said, if you imply that I am a "troll" one more time, then I will find out who you really are, and consult an attorney about suing for libel. If it's a joke, then it ain't funny. This is serious business, and Sandboxie is a vital part of defending my computer system from the intrusion of malware. Over the years it has forestalled at least two or three attempts to install malware on my computer, and prevented a corrupted copy of legitimate software from acting as malware on this system.

Post Script: Apparently you updated your reply while I was writing mine, so the quote doesn't include it and I had not read it. On the face of it, you are probably correct.

FYI: so far, it seems that NirnAuctionHouse.exe does connect to its server, but there has not been any evidence yet that any data is being transferred to or from the program for use by the add-on (which runs in the game client's space). The add-on displays its UI, but displays no data, and I have yet to find a way to enter data for it to send to the server. It is worth keeping in mind, though, that the add-on is still being developed and has "beta" status.

So, I suppose that I should remove the CloseFilePath lines that refer to files and devices from NAH_def, and that could resolve the issue that I described in the OP. Which leaves me still wondering why the problems occurred with the sandbox which I initially used to launch the program with a desktop shortcut. Removing those lines might result in the same outcome as before.

Thank-you for your report.

[Barb@Invincea]

Hello Stardance and Syrinx,

If you have non-technical issues to discuss, use the PM feature.
This forum is to discuss Sandboxie. Let's stay on topic.

--------------------------------- X --------------------------------
Stardance,

Copying an old configuration will most likely return issues as many things have changed. You should create a new Sandbox with default settings and go from there. You can then start restricting access as needed/desired.

Sandbox---> Create New Sandbox
Enter a name
Make sure the bottom part (drop-down) for "Copy settings from existing sandbox" reads (None).
Let us know how that works (you can post the configuration for it after it has been created, so we can review it).

Regarding your program, as stated before, I cannot test it, and I am not sure it will work Sandboxed, but let's see if the default box solves the issue. I did test the Internet Restriction settings (using Internet Explorer for my test) and it all worked as expected, so I am not seeing a specific issue with the feature.

Regards,
Barb.-

[Syrinx]

hmm yes, I hadn't considered those entries might have been used in versions before I ever touched Sandboxie and the internal Internet Access rules were implemented. Either way I expect removing those 'extra' redundant entries will solve your issue.

[Stardance]

Hello Stardance and Syrinx,

....

Stardance,

Copying an old configuration will most likely return issues as many things have changed. You should create a new Sandbox with default settings and go from there. You can then start restricting access as needed/desired.

Sandbox---> Create New Sandbox
Enter a name
Make sure the bottom part (drop-down) for "Copy settings from existing sandbox" reads (None).
Let us know how that works (you can post the configuration for it after it has been created, so we can review it).

Regarding your program, as stated before, I cannot test it, and I am not sure it will work Sandboxed, but let's see if the default box solves the issue. I did test the Internet Restriction settings (using Internet Explorer for my test) and it all worked as expected, so I am not seeing a specific issue with the feature.

Regards,
Barb.-

As previously reported on Mon Aug 28, 2017 9:22 pm in the other thread (SBIE2101 Error) renamed "SBIE2101 Error Dialog - NirnAuctionHouse.exe" (now closed) viewtopic.php?f=11&t=24791:

I used the Sandboxie UI to create a sandbox named NAH_def with the default settings, excepting for the last three lines, which I added because I couldn't find a way to grant access to the files with the sandbox creation UI:

Code: Select all

[NAH_def]

Enabled=y,SYSOP
ConfigLevel=7
AutoRecover=y
BlockNetworkFiles=y
Template=qWave
Template=WindowsFontCache
Template=BlockPorts
Template=LingerPrograms
Template=Chrome_Phishing_DirectAccess
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=F:\INSTALL
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
LeaderProcess=nirnauctionhouse.exe
CopyLimitKb=128000
OpenFilePath=nirnauctionhouse.exe,%Personal%\Elder Scrolls Online\live\AddOns\NirnAuctionHouse\
OpenFilePath=nirnauctionhouse.exe,%Personal%\Elder Scrolls Online\live\SavedVariables\
OpenFilePath=NirnAuctionHouse.exe,C:\Windows\System32\catroot2\

NirnAuctionHouse.exe still crashes.

PLEASE NOTE: NirnAuctionHouse.exe is now running, connecting to its server, and transmitting data to/from the server and to/from the file(s) via which the "Nirn Auction House" add-on accesses, without any evident problems, in the following sandbox:

Code: Select all

[NAH_box]

Enabled=y
BoxNameTitle=y
BorderColor=#00FFFF,ttl
ConfigLevel=7
DropAdminRights=y
Template=Local_Secure_Directories
Template=Local_AutoIgnore_Directories
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
AutoRecover=y
NeverDelete=n
LeaderProcess=NirnAuctionHouse.exe
LingerProcess=NirnAuctionHouse.exe
ProcessGroup=<InternetAccess>,wermgr.exe,WerFault.exe,NirnAuctionHouse.exe
NotifyInternetAccessDenied=y
ReadFilePath=NirnAuctionHouse.exe,C:\WINDOWS
ReadFilePath=NirnAuctionHouse.exe,G:\
OpenFilePath=NirnAuctionHouse.exe,C:\Users\SYSOP\My Documents\Elder Scrolls Online\live\AddOns\NirnAuctionHouse\
OpenFilePath=NirnAuctionHouse.exe,C:\Users\SYSOP\My Documents\Elder Scrolls Online\live\SavedVariables\
OpenFilePath=WerFault.exe,C:\Users\SYSOP\AppData\Local\
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=*\GEARAspiWDMDevice*
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\

Apparently, Syrinix is correct in concluding that the following statements will cause Sandboxie to display the SBIE2101 Error Dialog when they are included, even after the program has been added to the ProcessGroup=<Internet Access>. After I removed the following statements, Sandboxie stopped displaying the erroneous SBIE2101 Dialog:

Code: Select all

ClosedFilePath=*\Device\RawIp6
ClosedFilePath=*\Device\Udp6
ClosedFilePath=*\Device\Tcp6
ClosedFilePath=*\Device\Ip6
ClosedFilePath=*\Device\RawIp
ClosedFilePath=*\Device\Udp
ClosedFilePath=*\Device\Tcp
ClosedFilePath=*\Device\Ip
ClosedFilePath=*\Device\Afd*

It has been a long time, but, if I recall correctly Ronen Tzur added the following line to the DefaultBox after someone found that accessing the device could be used to exploit a Windows OS vulnerability:

Code: Select all

ClosedFilePath=*\GEARAspiWDMDevice*

He probably added the other ClosedFilePath statements for the other devices to make DefaultBox more secure, insofar as it is ordinarily used for testing newly installed software and suspected malware. However, it is reasonable to omit one or more of them, or make an exception (if possible) for a sandboxed program. Sandboxie is less secure without them, but a program(s) may need access to one or more of those files and devices to run sandboxed.