If this has been suggested before, please ignore but
it would be nice if one could configure to allow 2 or more programs internet access in the "Resource Access --> Internet Access" tab.
So that I could chat with yahoo messenger AND surf at the same time while blocking all others.
Thanks.
Allow more than 1 program in "Internet Access" tab
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
OK ... This was requested too many times so I decided to do something about it. I added the concept of process groups, so you can now declare:
(Don't forget to reload the configuration after adding this new setting.)
Then you can go to Sandbox Settings -> Resource Access -> Internet Access,
click Set By Name
and type <InternetPrograms>
(note the <angle brackets> there)
At some later time I will revise the Internet Access page to display a nice list of programs, and manage the process group behind the scenes. For now, you have to do it manually.
A process group can be used almost anywhere a process name can be used, so that should be in OpenXxxPath, ClosedXxxPath, OpenWinClass, ForceProcess, AlertProcess. But NOT in LingerProcess.
And just in case it wasn't clear, <InternetPrograms> is an example, you can declare any name for a process group, and any list of processes.
Available in version 2.23.05:
http://www.sandboxie.com/SandboxieInstall-323-05.exe
Code: Select all
[GlobalSettings]
ProcessGroup=<InternetPrograms>,iexplore.exe,MyDownloadManager.exe,firefox.exe,outlook.exe
Then you can go to Sandbox Settings -> Resource Access -> Internet Access,
click Set By Name
and type <InternetPrograms>
(note the <angle brackets> there)
At some later time I will revise the Internet Access page to display a nice list of programs, and manage the process group behind the scenes. For now, you have to do it manually.
A process group can be used almost anywhere a process name can be used, so that should be in OpenXxxPath, ClosedXxxPath, OpenWinClass, ForceProcess, AlertProcess. But NOT in LingerProcess.
And just in case it wasn't clear, <InternetPrograms> is an example, you can declare any name for a process group, and any list of processes.
Available in version 2.23.05:
http://www.sandboxie.com/SandboxieInstall-323-05.exe
tzuk
Code: Select all
[GlobalSettings]
ProcessGroup=<InternetPrograms>,iexplore.exe,MyDownloadManager.exe,firefox.exe,outlook.exeForceProcess=<InternetPrograms>
or even this (hope my syntax is ok).
ClosedFilePath=!<InternetPrograms>,\Device\Afd*
ClosedFilePath=!<InternetPrograms>,\Device\Tcp*
ClosedFilePath=!<InternetPrograms>,\Device\Udp*
ClosedFilePath=!<InternetPrograms>,\Device\RawIp
soccerfan
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
Omg tzuk! It's here! 
Hell yeah, I am using this now! One thing though, I am confused...
...
.....
*Edit*
Oh ok, I get it. So you first specify in the GlobalSettings, a ProcessGroup and you assign any name you want to that ProcessGroup (so it acts sort of as a dimmed variable), then you put multiple programs after the name you assigned that should belong to that ProcessGroup, right?
THEN, you go and specify something like:
"ClosedFilePath=!<MyBrowsers>,\Device\Afd*"
That way it will allow all the programs you've added to the "<MyBrowsers>" group (specified in the Global Settings) to access that closed resource right?
Hell yeah, I am using this now! One thing though, I am confused...
...
.....
*Edit*
Oh ok, I get it. So you first specify in the GlobalSettings, a ProcessGroup and you assign any name you want to that ProcessGroup (so it acts sort of as a dimmed variable), then you put multiple programs after the name you assigned that should belong to that ProcessGroup, right?
THEN, you go and specify something like:
"ClosedFilePath=!<MyBrowsers>,\Device\Afd*"
That way it will allow all the programs you've added to the "<MyBrowsers>" group (specified in the Global Settings) to access that closed resource right?
Last edited by SnDPhoenix on Sun Feb 24, 2008 2:07 pm, edited 1 time in total.
-
SnDPhoenix
- Posts: 2690
- Joined: Tue Dec 26, 2006 5:44 pm
- Location: West Florida
After playing with it a bit - I see that the answer to my #2 above is that it can be setup that way but doesn't need to be. Again the flexibility of SandboxIE. I have one program that has 3 exe files that require the net. I am able to use ForceFolder on that program and form those 3 files into a ProcessGroup and limit internet access in that sandbox to that group. That is what I couldn't do before. I also see that multiple ProcessGroups is just fine also. Nice!
Right Mitch -- it should be fairly flexible. You should also be able to specify
ProcessGroup=<MyGroup>,a.exe
ProcessGroup=<MyGroup>,b.exe
(that is, break a group into more than one line). I say should because I wrote the code to support that, but I didn't actually test this.
* * *
As for the questions, can I use <ProcessGroup> in some setting [where only a process name was accepted before] such as ClosedFilePath or ClosedIpcPath,
then answer is yes.
* * *
And finally, I revised the Internet Access page in Sandboxie 3.23.06 to have "Add By Name" and "Add By File" buttons (instead of the old Set By buttons), which manage process groups behind the scenes.
So while the "This is the only program that can accept the Internet" checkbox in Program Setting still restricts access to just one program, you can go to the Internet Access page and add more programs on top of that one program.
This change is backwards compatible, that is, the Internet Access page still accepts the older style of configuration (where there are no process groups).
http://www.sandboxie.com/SandboxieInstall-323-06.exe
ProcessGroup=<MyGroup>,a.exe
ProcessGroup=<MyGroup>,b.exe
(that is, break a group into more than one line). I say should because I wrote the code to support that, but I didn't actually test this.
* * *
As for the questions, can I use <ProcessGroup> in some setting [where only a process name was accepted before] such as ClosedFilePath or ClosedIpcPath,
then answer is yes.
* * *
And finally, I revised the Internet Access page in Sandboxie 3.23.06 to have "Add By Name" and "Add By File" buttons (instead of the old Set By buttons), which manage process groups behind the scenes.
So while the "This is the only program that can accept the Internet" checkbox in Program Setting still restricts access to just one program, you can go to the Internet Access page and add more programs on top of that one program.
This change is backwards compatible, that is, the Internet Access page still accepts the older style of configuration (where there are no process groups).
http://www.sandboxie.com/SandboxieInstall-323-06.exe
tzuk
ProcessGroup=<MyGroup>,a.exe
ProcessGroup=<MyGroup>,b.exe
Would you not have to name your groups differently?
ProcessGroup=<WebItems>,iexplore.exe,wmplayer.exe
ProcessGroup=<PokerStars>,pokerstars.exe,update.exe
EDIT: I see what you mean:
....... the word "also" - got itYou should also be able to specify
I meant that it should be possible to say
ProcessGroup=<MyGroup>,a.exe
ProcessGroup=<MyGroup>,b.exe
As an acceptable alternative to
ProcessGroup=<MyGroup>,a.exe,b.exe
Meaning that it isn't an error to declare the same group in more than one line. Anyway, it's just a by-the-way; I think the original way I present groups (all processes on one line) is probably clearer anyway.
EDIT: Oh, I see you got it.
ProcessGroup=<MyGroup>,a.exe
ProcessGroup=<MyGroup>,b.exe
As an acceptable alternative to
ProcessGroup=<MyGroup>,a.exe,b.exe
Meaning that it isn't an error to declare the same group in more than one line. Anyway, it's just a by-the-way; I think the original way I present groups (all processes on one line) is probably clearer anyway.
EDIT: Oh, I see you got it.
tzuk
Who is online
Users browsing this forum: No registered users and 1 guest
