Page 1 of 1

SBIE1307 & SBIE2221

Posted: Mon Sep 17, 2012 11:04 am
by Bellzemos
I have a sandbox with restricted internet and some games in it. When I run a game I get this message first, then the game starts.

Image

I read the SBIE1307 & SBIE2221 explanations on the Sandboxie site but can't really figure it out.

If I click on Close the message still appears next time. I want to clikc on Hide and get rid of it, but first I'd like to know what does that do. Will that hide this message only for that particular game or for all such occurances (I don't want that - I want to be notified when a program triest to connect to the internet)?

And what exactly happens if I doublie-click on the second message line? Isn't that program restircted already by the sandbox?

Thank you!

Posted: Mon Sep 17, 2012 2:09 pm
by Guest10
Clicking Hide will result in a setting:
SbieCtrl_HideMessage=2221,rundll32.exe [GameBox]
being added to your configuration file under [UserSettings_xxxxxxxx].

Since the sandbox name is listed in the setting, that setting will only apply when 'rundll32.exe' initiates something that involves Internet access and the GameBox sandbox is being used.
If some other sandbox (where Internet Restrictions are in place) also asks for 'rundll32.exe' to access the Internet, you will still get the SBIE2221 message for that sandbox.

I tested this by using 2 different sandboxes and clicking the SBIE2221 message in each of them, using 'plugin-container.exe' in my test:
SbieCtrl_HideMessage=2221,plugin-container.exe [Test3]
SbieCtrl_HideMessage=2221,plugin-container.exe [Test2]
If everything works OK without double-clicking the SBIE2221 line, then one option is to Hide the message for that one sandbox.
But you don't really know what you might be missing if you do that.

Another option is to double-click the SBIE2221 line. That will allow 'rundll32.exe' to have "Internet Access".
In this case the 'HideMessage' setting will not be added to the configuration file.
Instead, 'rundll32.exe' will be added to the end of the line:
ProcessGroup=<InternetAccess>,...,rundll32.dll
in the settings only for the GameBox sandbox.

You won't be allowing 'rundll32.exe' to have "Internet Access" in any other sandbox.
This is the option that I would choose.
----
The Microsoft application 'rundll32.exe' is used to run program code that is stored in a .DLL file as if it's an application, rather than 'rundll32.exe' directly accessing the Internet itself. It's actually the code in some .DLL file that wants Internet Access - but it appears to be 'rundll32.exe' that is asking for the access, because it's running the code that's stored in the .DLL file.

I use Start/Run Restrictions and added 'rundll32.exe' to the list of programs that are allowed to start and run, for sandboxes where it was needed.
It's a Microsoft application that's a part of Windows, and I don't see any reason to worry about allowing it to run.

There have been malware applications that disguised themselves using that same name, so it's always best to do a malware scan occasionally to make sure that the 'rundll32.exe' file in the Windows\System32 folder has not been replaced.
Even so, if it was replaced your problem would not be so much with the sandboxed programs as with non-sandboxed programs, since you would not get any messages from them when 'rundll32.exe' is used.
At least, when using a sandboxed program, you are protected - even if that file has been replaced with malware.

Posted: Mon Sep 17, 2012 5:28 pm
by Bellzemos
Thank you for the comprehensive explanation. Since the game works fine without internet access I'll just click on hide. I'm glad that this only applies for that particular sandbox and that it can be removed by deleting the string SbieCtrl_HideMessage=2221,rundll32.exe [GameBox] under [UserSettings_xxxxxxxx] in Sandboxie.ini. Again, thank you!