Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NetworkEnableWFP="y/n" are reversed #3900

Closed
SSJPKXL opened this issue May 14, 2024 · 5 comments
Closed

NetworkEnableWFP="y/n" are reversed #3900

SSJPKXL opened this issue May 14, 2024 · 5 comments
Labels
Bug Something isn't working Confirmation pending Further confirmation is requested fixed in next build Fixed in the next Sandboxie version Issue reproduced Issue reproduced without uncertainties

Comments

@SSJPKXL
Copy link

SSJPKXL commented May 14, 2024

Describe what you noticed and did

Rule below blocks access to 192.168.1.1 and prevents attempts at reaching that address from showing up in SimpleWall log:
[GlobalSettings]
NetworkEnableWFP=n
NetworkAccess=*,Block;Address=192.168.1.1

Rule below allows access to 192.168.1.1 and allows SimpleWall to list and log attemps at reaching that address:
[GlobalSettings]
NetworkEnableWFP=y
NetworkAccess=*,Block;Address=192.168.1.1

I think it should be the other way around.

How often did you encounter it so far?

Always

Expected behavior

NetworkEnableWFP=n should disable WFP and disregard WFP rules set in Sandboxie.ini
NetworkEnableWFP=y should enable WFP and enforce WFP rules set in Sandboxie.ini

Affected program

Not relavent

Download link

Not relavent

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

5.68.7

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 19045

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

SimpleWall

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

No response
@SSJPKXL SSJPKXL added the Confirmation pending Further confirmation is requested label May 14, 2024
@offhub
Copy link
Collaborator

offhub commented May 15, 2024

After such changes, the sandboxie driver must be reloaded, but this function is either not included in the old interface or does not work properly.

[0.9.0 / 5.51.0] - 2021-07-29 (pre-release)

Added

  • added support for Windows Filtering Platform (WFP) to be used instead of the device-based network blocking scheme
  • to enable this support, add 'NetworkEnableWFP=y' to the global section and reboot or reload the driver

[0.9.2 / 5.51.2] - 2021-08-07 (pre-release)

Added

  • added ability to reconfigure the driver, which allows enabling/disabling WFP and other features without a reload/reboot

Warning

The following command will terminate programs running in the sandbox!

Example command to reload the driver: 
cd /d "%ProgramFiles%\Sandboxie" && (start /wait KmdUtil.exe scandll && start /wait KmdUtil.exe stop SbieSvc && start /wait KmdUtil.exe stop SbieDrv && start /wait KmdUtil.exe start SbieSvc && explorer.exe SbieCtrl.exe) || echo "Replace "^%^ProgramFiles^%^\Sandboxie" with the location where Sandboxie is installed."
Command or UI Status
Start.exe /reload -
Classic -
Plus OK

@offhub offhub added Bug Something isn't working Issue reproduced Issue reproduced without uncertainties labels May 15, 2024
@SSJPKXL
Copy link
Author

SSJPKXL commented May 15, 2024

It does appear to affect only the Classic interface. It would be nice if Sandboxie Classic could notify user of any Sandboxie.ini entries supported only in Plus UI.

Also, Classic version is labeled as 5.70 instead of 5.68.7 (per change log).

@DavidXanatos
Copy link
Member

the wrong version in the sbiectrl will be fixed in the next build.

with NetworkEnableWFP=n
the rule
NetworkAccess=*,Block;Address=192.168.1.1
is still applied but in a user mode hook

with NetworkEnableWFP=y
if the atempty is logged or not will depand on the order in which the driver will get the packet to filter.
the packet may pass simplewall and then be later dropped.

@offhub
Copy link
Collaborator

offhub commented May 17, 2024
edited

  1. Run SandMan.exe
  2. Add to GlobalSettings
NetworkEnableWFP=n
NetworkAccess=*,Block;Address=1.1.1.1
  1. Maintanence > Stop All
  2. Close SandMan.exe
  3. Run SbieCtrl.exe
  4. Edit ini
NetworkEnableWFP=y
  1. Reload config ( (or Start.exe /reload))
  2. Try to connect to the IP address using the browser
  3. The site will open.

@DavidXanatos
Copy link
Member

mmh... makes sense the user mode component will assume its on but the driver will actually not have it enabled only sandman issues the advanced refresh when it noticed this seting being changed when saving them, changing the setting manually will requre a driver reload to take effect.

I'll change it such that the sbiedll.dll wont read the setting but ask the driver if WFP is actually enabled

@DavidXanatos DavidXanatos added the fixed in next build Fixed in the next Sandboxie version label Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Confirmation pending Further confirmation is requested fixed in next build Fixed in the next Sandboxie version Issue reproduced Issue reproduced without uncertainties
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DavidXanatos @offhub @SSJPKXL