Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request to have .dll files signed by publisher #3787

Open
GHM3434 opened this issue Apr 4, 2024 · 8 comments
Open

Request to have .dll files signed by publisher #3787

GHM3434 opened this issue Apr 4, 2024 · 8 comments
Labels
Confirmation pending Further confirmation is requested

Comments

@GHM3434
Copy link

GHM3434 commented Apr 4, 2024

Describe what you noticed and did

Window's WDAC (Windows Defender Application Control) blocks sandboxie-plus from running. WDAC complains about .dlls not being signed by publisher. The installer is signed which is great but not the .dlls. An explicit rule must be added to WDAC to allow sandboxie to run

How often did you encounter it so far?

whenever i run sandboxie

Expected behavior

.dlls found in program files are signed for sandboxie-plus

Affected program

n/a

Download link

n/a

Where is the program located?

The program is installed both inside and outside the sandbox.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie-Plus v1.13.3

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

n/a

In which sandbox type you have this problem?

Not relevant to my request.

Can you reproduce this problem on a new empty sandbox?

Not relevant to my request.

What is your Windows edition and version?

Windows 11 23H2

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

Windows Defender Antivirus with WDAC setup

Did you previously enable some security policy settings outside Sandboxie?

Yes, I enabled WDAC (Windows Defender Application Control).

Trace log

No response

Sandboxie.ini configuration

No response
@GHM3434 GHM3434 added the Confirmation pending Further confirmation is requested label Apr 4, 2024
@bastik-1001
Copy link
Contributor

Does WDAC list the DLLs? Apparently, libcrypto-1_1-x64.dll and libssl-1_1-x64.dll are not signed. These are taken from the OpenSSL Toolkit.

@GHM3434
Copy link
Author

GHM3434 commented Apr 4, 2024

Does WDAC list the DLLs? Apparently, libcrypto-1_1-x64.dll and libssl-1_1-x64.dll are not signed. These are taken from the OpenSSL Toolkit.

it should. Let me test it and get you the specifics. Please give me a bit! Thank you!

@GHM3434
Copy link
Author

GHM3434 commented Apr 4, 2024
edited

Hi,

I'm back with some more info. It appears i'm not getting complaints from WDAC about .dll files anymore. But I am still getting complaints from WDAC for these files below (for not being signed), when doing the following actions:

A) When Uninstalling:

  1. C:\program files\sandboxie-plus\unins000.exe

  2. C:\users\username_here\appdata\local\temp\iu-14D2N.tmp\ _unins.tmp (note: not sure if "iu-14D2N.tmp" is just a random placeholder that changes)

B) When Installing:

  1. C:\program files\sandboxie-plus\UpdUtil.exe

  2. C:\users\username_here\appdata\local\temp\1\is-REO46.tmp\Sandboxie-Plus-x64-v1.13.4.tmp (note: not sure if "is-REO46.tmp" is just a random placeholder that changes, also Sandboxie-Plus-x64-v1.13.4.tmp name changes based on version being installed, obviously)

  3. C:\users\username_here\appdata\local\temp\is-P3T2C.tmp\Sandboxie-Plus-x64-v1.13.4.tmp (note: not sure if "is-P3T2C.tmp" is just a random placeholder that changes, also Sandboxie-Plus-x64-v1.13.4.tmp name changes based on version being installed, obviously)

@bastik-1001
Copy link
Contributor

bastik-1001 commented Apr 5, 2024
edited

Maybe the message for the DLLs was not triggered anymore, which still might be something that can be addressed.

About your later findings, those should be resolved, if #2643 is fulfilled.

@GHM3434
Copy link
Author

GHM3434 commented Apr 5, 2024

Maybe the message for the DLLs was not triggered anymore, which still might be something that can be addressed.

About your later findings, those should be resolved, if #2643 is fulfilled.

Thank you! Sometimes WDAC acts oddly and will decide to stop complaining but then reappears later. Ill keep an eye on it.

@GHM3434
Copy link
Author

GHM3434 commented Apr 10, 2024

hi,

just an update. As previously mentioned as expected, wdac now randomly started complaining about .dll files and won't open sandboxie. Not sure why there is a delay, but some of the .dll files now being complained about in C:\Program files\Sandboxie-Plus are:

MiscHelpers.dll
GlobalHotkey.dll
qtsingleapp.dll

@offhub
Copy link
Collaborator

offhub commented Apr 10, 2024

What is WDAC complaining about? These files are already signed.

@GHM3434
Copy link
Author

GHM3434 commented Apr 11, 2024

What is WDAC complaining about? These files are already signed.

Thank you, you are right they are signed already.

I added the publisher rule to WDAC for the specific file which was different than the one I already had in another rule and it's working now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Confirmation pending Further confirmation is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bastik-1001 @offhub @GHM3434