[.08] Problems with AutoExec
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
[.08] Problems with AutoExec
I had never tried to use AutoExec before yesterday... I see no special instructions, but I couldn't get it to work (in my usual "active" sandbox, new one, nothing with 4.01.07). So had to investigate. Worked right away with 4.01.07 on the other XP system! Here's what I found, testing with:
AutoExec=reg add HKCU\Software\Test123
First, it appears that in 3.76 and 4.01, an AutoExec (when it works), is only executed when a sandbox first becomes active -- is that the intended behavior, I guess? Although the SandboxieAutoExec key itself is recreated, if deleted, with each new process.....
It looks like AutoExec in 3.76 ONLY works when using Run Sandboxed, etc. (Start.exe stuff). With Forced Programs, the command will be logged under SandboxieAutoExec, but it doesn't actually run. Assuming this won't be fixed if there are no more 3.x releases...
In 4.01, AutoExec ONLY works when using Forced Programs. So that explains why I couldn't get it to work, since using Run Sandboxed, Run... whatever with Start.exe never does anything.
AutoExec=reg add HKCU\Software\Test123
First, it appears that in 3.76 and 4.01, an AutoExec (when it works), is only executed when a sandbox first becomes active -- is that the intended behavior, I guess? Although the SandboxieAutoExec key itself is recreated, if deleted, with each new process.....
It looks like AutoExec in 3.76 ONLY works when using Run Sandboxed, etc. (Start.exe stuff). With Forced Programs, the command will be logged under SandboxieAutoExec, but it doesn't actually run. Assuming this won't be fixed if there are no more 3.x releases...
In 4.01, AutoExec ONLY works when using Forced Programs. So that explains why I couldn't get it to work, since using Run Sandboxed, Run... whatever with Start.exe never does anything.
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
Re: Problems with AutoExec
I can confirm this one, when sandboxing notepad.exe on 4.01.07, with:DR_LaRRY_PEpPeR wrote:In 4.01, AutoExec ONLY works when using Forced Programs. So that explains why I couldn't get it to work, since using Run Sandboxed, Run... whatever with Start.exe never does anything.
AutoExec=reg add HKCU\Software\Test123
It works when notepad.exe is forced, but not when 'Run Sandboxed'.
(I didn't try the AutoExec command on 3.76)
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
I think it all looked OK in my quick testing. Thanks!
Is that the expected behavior where an AutoExec doesn't run once the sandbox is active...? I assume so, and that's fine. Just wondering since the SandboxieAutoExec key is recreated anytime a program starts. Plus, the AutoExec page says:
"... they are executed again the next time any sandboxed program starts in that sandbox. But it is also possible to get them to execute again, by manually deleting the command from that sandboxed registry key."
Which doesn't say after the sandboxed becomes inactive, but that's what's needed, thus my curiosity.
Is that the expected behavior where an AutoExec doesn't run once the sandbox is active...? I assume so, and that's fine. Just wondering since the SandboxieAutoExec key is recreated anytime a program starts. Plus, the AutoExec page says:
"... they are executed again the next time any sandboxed program starts in that sandbox. But it is also possible to get them to execute again, by manually deleting the command from that sandboxed registry key."
Which doesn't say after the sandboxed becomes inactive, but that's what's needed, thus my curiosity.
A question, since I'm not sure that I correctly follow the discussion...DR_LaRRY_PEpPeR wrote:Which doesn't say after the sandboxed becomes inactive, but that's what's needed, thus my curiosity.
When the sandbox becomes inactive the sandbox reghive is unmounted, so if you wanted to remove the sandbox autoexec key at that time wouldn't you need to modify the reghive file in some way?
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
I'm not sure why you're asking (what the difference is ), but... It's really about deleting the values in SandboxieAutoExec, but I was just simply deleting the whole key, when I saw that launching a program recreates it, though nothing else AutoExec-related happens.
If what you're asking about is having the key gone when/after the sandbox becomes inactive, without deleting contents, the SandboxieAutoExec key can be deleted, and then close any remaining programs without opening anything new, and it should stay deleted. As far as modifying the RegHive without Sandboxie, sure, File->Load Hive in Regedit or whatever (under HKEY_USERS, if it matters), name it whatever, make changes, Unload Hive. I've never done that...
If what you're asking about is having the key gone when/after the sandbox becomes inactive, without deleting contents, the SandboxieAutoExec key can be deleted, and then close any remaining programs without opening anything new, and it should stay deleted. As far as modifying the RegHive without Sandboxie, sure, File->Load Hive in Regedit or whatever (under HKEY_USERS, if it matters), name it whatever, make changes, Unload Hive. I've never done that...
There is a similar StartProgram command which could also be useful.
http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
tzuk
There is a similar StartProgram command which could also be useful.
http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
http://www.sandboxie.com/phpbb/viewtopic.php?t=7512
tzuk
Who is online
Users browsing this forum: No registered users and 0 guests