Unable to install a few programs inside SandBoxie...

TheMystic

Well-known member
Member
VIP
Local time
1:44 PM
Posts
439
Hello community!

I'm trying out SandBoxie Plus.

While a couple of programs I tried could be installed, I am having difficulty with a few others:

1. iTunes

I have multiple Apple IDs, and I wanted to sign in on another iTunes inside Sandbox to avoid my earlier method of using a separate user on Windows just so I can install a fresh copy of iTunes.

Somehow, the installer automatically detects the existing installation and asking for repairing/ removing it first:

20211128_015547.png

How do I bypass this?


2. Paragon Software to mount APFS & HFS file systems

My external SSD has multiple partitions: APFS+, HFS+, NTFS & exFAT.

I make a dedicated partition in exFAT only to make it read/ write capable on both MacBook as well as Windows laptop. This exFAT partition has a typical problem: it can't be extended or shrunk like other file systems. One has to backup all data, reformat to change partition sizes, then format a partition in exFAT again before restoring the backup. This is tedious.

I thought of giving this software a try first. But when trying to install inside the sandbox, I get the following error:

20211128_035752.png

20211128_041750.png

How do I fix this?


3. XY Explorer

This app has a peculiar problem. I used a read only user account to access my NAS files using this program. To my surprise during testing, I was able to write new files as well as delete existing files. Fortunately, however, all these changes only happened inside the sandbox and no files on my NAS were affected.

Can we say that file managers are useless inside the sandbox?

Thanks.

.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

hdmi

Well-known member
Member
VIP
Local time
9:14 AM
Posts
403
Location
Belgium
1. This is normal Sandboxie behavior, it always has been. When the sandbox is empty, by default a program has read access to all local files/folders outside the sandbox that an unsandboxed program (i.e., a program running outside the sandbox) also can access. This includes the Program Files folder, Application Data and the Windows registry. This behavior can be changed in the sandbox settings, Resource access | File access | Blocked access. Sandboxie-Plus v1.0.0 / 5.55.0 (Pre-release) adds new features, Privacy Mode and Rule Specificity, the purpose of which is to obtain additional control when needed. But blocking all the specific files/folders that specifically belong to the program that you want blocked can be time consuming, and then you still also need to tackle all the registry entries, at least if we can assume that the program is not portable of course. Simply running the program's uninstall process sandboxed is by far the easiest way to achieve what you are looking for. You can use the SandMan.exe interface to make a snapshot of a sandbox after that, so you don't have to go through the uninstall process again each time after you delete the sandbox and you want to start your whole experiment from scratch. A snapshot is just a simple copy of the files and folders that are present in the sandbox folder, the snapshot gets created inside the parent folder. Personally, I, use WinRAR to archive the sandbox folder, as extracting the sandbox folder from an archive to restore the sandbox tends to be noticeably faster than restoring it by restoring a snapshot.

2. The free DiskGenius can resize exFAT partitions without data loss, but if the process gets interrupted due to a power failure or a connection failure, for example, if you forgot to make a backup copy first, then you are SOL. Using a partition manager inside a sandbox doesn't sound like it would work, as Sandboxie-Plus has its limitations of what it can do, so, for that kind of stuff, you want to use a VM.

3. Network access is a separate section in the sandbox settings, under Restrictions, and under Resource access. As for installing a file manager into a sandbox, it can be useful if you want to try the file manager in a (relatively) secure environment to see if it does what you need, if it can be trusted, i.e. while keeping your files and folders intact so that you don't have to restore an image of your drive in the possible event that the file manager manages to transfer your files and/or folders into the eternal digital hunting fields.
 

My Computer

System One

  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Medion Life X18102
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 200Mbit/s down
    Browser
    FF

TheMystic

Well-known member
Member
VIP
Thread Starter
Local time
1:44 PM
Posts
439
This behavior can be changed in the sandbox settings, Resource access | File access | Blocked access.
I don't see these options (under Resource Access) in Sandboxie Plus v0.9.8.4:

20211201_191357.png

I don't know why I was trying to install iTunes inside the Sandbox when it was already installed on the main system. I only had to run a new instance inside the Sandbox. This I did and now I am able to run multiple independent instances of iTunes inside the Sandbox, each one connected to its own Apple ID and having its own library. When I connect my iPhone, all of the iTunes instances can detect it, and can therefore sync, although I can't do that since the iPhone can only sync with one iTunes library at any point of time. Syncing it with another library will erase the existing library, and that is certainly not what I want to do.

While I'm happy with the fact that the setup is working fine, the process of configuring it was not as simple. Atleast not the way I have done it. Here is how I have done it now:

1. Created multiple sandboxes, lets call it iTunes A & iTunes B.
2. On the main installation, launched iTunes with 1st library and logged in to my Apple ID 1.
3. Closed iTunes.
4. Copied the iTunes folder inside Program Files into Sandbox iTunes A.
5. Back to the main installation.
6. Launched iTunes, Signed out of ID 1 and closed iTunes.
7. Then launched iTunes with the 2nd library (holding down the SHIFT key), renamed the library, change the path of the iTunes Media folder and signed in with Apple ID 2.
8. Closed iTunes.
9. Copied the iTunes folder inside Program Files into Sandbox iTunes B.

The reason I had to do the above steps is because iTunes was defaulting to Library 1 no matter how many times I changed the path under its settings. I am not sure if all the above steps are necessary or if there is a simpler and better way of doing it. But for now, it is working the way I want it to, even though it still creates a new folder with Apple ID 1 inside the path for Apple ID 2, and I don't know how to force it to stop doing that.

Do note that I don't run the same exe file for each instance. Since I copied the full iTunes folder (under Program Files) into each of the Sandboxes, there is an itunes.exe file in each of the Sandboxes, and it probably has its own database inside the Program Files folder that it refers to. This probably explains why the multiple instances are having different libraries and Apple IDs.

Let me know if there is a better way of doing it, which I am pretty sure exists.

2. As with DiskGenius, while it helps with resizing exFAT partitions, I wanted to have atleast 'read' capabilities of APFS+ and HFS+ on Windows. I have now installed Windows 10 inside VirtualBox, and this allows me to install Paragon on the main system (inside the VM) to test it out. But I would still prefer being able to install inside Sandboxie, if it is possible.

3. I don't understand the implementation in this case. I used a read-only account to access NAS files. How can the file manager show operations not actually permitted, even if inside the sandboxed environment? Isn't it supposed to show the same 'Access Denied' error instead of showing fake operations?
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

hdmi

Well-known member
Member
VIP
Local time
9:14 AM
Posts
403
Location
Belgium
With Sandoxie-Plus there's two different managers, SandMan.exe and SbieCtrl.exe so if you use the former and you doubleclick on an entry in the table that is shown in your screenshot, you can edit it so for example if you change the value in the Access column to Hidden, the resource will be hidden from the program/group. Whereas the latter has limited functionality because it mimics Sandboxie Classic, for users who just want Sandboxie to be as close to the original Sandboxie (i.e. the old one from Sophos) as possible. Sandboxie-Plus expands on that one with various added features and options, but can get confusing because the docs are not updated the whole time.

I don't use anything from Apple, as I don't like their walled garden approach nor want to pay extra for apps/services when I don't have to. Both hardware compatibility and software choices are limited on OS X and iOS when compared to Windows and Android, and, advanced features usually are lacking, often severely (and much to the point of being actually dumbed down), with just about everything that you can buy from Apple. In fact I never bother to even look at their products from a close enough distance, let alone consider to buy something from them. And I do mean never.

Testing read capabilities might be possible inside a sandbox, but Sandboxie-Plus isn't always compatible with programs, albeit it does offer the ability to sacrifice on security in exchange for an improved degree of compatibility.

Fake network operations give the ability to test scenarios in such a way that would otherwise require you to sacrifice your network security. I don't know if there's an easy convenient way to adjust this behavior in the sandbox settings. I use Sandboxie-Plus mainly for browser protection and to quickly restore the browser settings/configuration to one of multiple previous known states, as sandboxed Firefox Portable is set as my default browser. So, I can switch between a whole bunch of FirefoxPortable folders by using a batch script that simply renames two of them after it has emptied the sandbox. This eliminates the need to use profiles in Firefox Portable, which aren't always very practical, as you can't modify a profile if it is in use by another instance that is actively running inside a different sandbox of course, and besides, renaming two folders is instantaneous too. I used to use NTFS junctions to eliminate the need to rename the folders, until I found out later that Sandboxie-Plus can't handle junctions correctly.
 

My Computer

System One

  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Medion Life X18102
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 200Mbit/s down
    Browser
    FF

TheMystic

Well-known member
Member
VIP
Thread Starter
Local time
1:44 PM
Posts
439
I don't use anything from Apple, as I don't like their walled garden approach nor want to pay extra for apps/services when I don't have to. Both hardware compatibility and software choices are limited on OS X and iOS when compared to Windows and Android, and, advanced features usually are lacking, often severely (and much to the point of being actually dumbed down), with just about everything that you can buy from Apple. In fact I never bother to even look at their products from a close enough distance, let alone consider to buy something from them. And I do mean never.
Don't know if you have actually tried their products and come to this conclusion, or it is primarily based on what you have read about experiences on the internet. If it isn't based on first hand experience, you shouldn't be forming such a strong opinion.

While some of the things they do or the way they want (read: FORCE) you to do can be extremely annoying/ frustrating, it is also true that they excel in some of the other things they do. Often, these are basic stuff but extremely important. You are clearly in favour of choosing versatility over excellence, and it isn't necessarily a good thing.

The arm MacBooks are a class far away from competition in terms of performance and efficiency. Likewise, the Camera systems (both Photo & especially Video) on iPhones are the best on any mobile phone.

In your earlier comment, you said you prefer taking an archive than making a snapshot. Did you mean archive of the sandbox folder? And can it be unarchived and simply replaced to restore?
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender

hdmi

Well-known member
Member
VIP
Local time
9:14 AM
Posts
403
Location
Belgium
My niece owns a MacBook Pro. I am not in favor of versatility, it's just incompatible with some of my devices, so I am in favor of compatibility, as incompatibility is the exact opposite of excellence IMO. I know a few guys who own an iPhone from the same era as my previous phone, the P20 Pro. Neither their camera nor their battery could hold a candle against mine. Right now I have an old P30 Pro, which sucks for 4k video recording, but is superior in terms of various other camera functions and in terms of battery charging rate, when compared to iPhones of the same age. For example, the motion stabilizer during 1080p video recording with the P30 Pro is nothing short of spectacular in comparison.

As for making an archive of the sandbox folder, yeah, that's what I meant, and, yeah, you can unarchive it after the sandbox has been emptied. You can also edit the Sandboxie.ini file to customize the command that will be used in order to empty the sandbox.
So, although the main intended purpose of this setting is secure deletion of a sandbox by using a 3rd party program, you can specify the default delete command followed by & followed by "C:\Program Files\WinRAR\WinRAR.exe" x etc., for example, if you want the sandbox to be automatically restored immediately each time after the delete occurs. I tried it, it works
 

My Computer

System One

  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Medion Life X18102
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    20Mbit/s up, 200Mbit/s down
    Browser
    FF

TheMystic

Well-known member
Member
VIP
Thread Starter
Local time
1:44 PM
Posts
439
My niece owns a MacBook Pro. I am not in favor of versatility, it's just incompatible with some of my devices, so I am in favor of compatibility, as incompatibility is the exact opposite of excellence IMO. I know a few guys who own an iPhone from the same era as my previous phone, the P20 Pro. Neither their camera nor their battery could hold a candle against mine. Right now I have an old P30 Pro, which sucks for 4k video recording, but is superior in terms of various other camera functions and in terms of battery charging rate, when compared to iPhones of the same age. For example, the motion stabilizer during 1080p video recording with the P30 Pro is nothing short of spectacular in comparison.

As for making an archive of the sandbox folder, yeah, that's what I meant, and, yeah, you can unarchive it after the sandbox has been emptied. You can also edit the Sandboxie.ini file to customize the command that will be used in order to empty the sandbox.
So, although the main intended purpose of this setting is secure deletion of a sandbox by using a 3rd party program, you can specify the default delete command followed by & followed by "C:\Program Files\WinRAR\WinRAR.exe" x etc., for example, if you want the sandbox to be automatically restored immediately each time after the delete occurs. I tried it, it works
When I bought my Intel based MacBook Pro in 2019, I decided I will always buy a Mac going forward for one single reason: built-in support to install full-fledged Windows and run a dual-boot system that will allow access to the best of both worlds. Hopefully, Microsoft will soon support ARM too.

With this system, I have full compatibility with a whole range of devices, both within and outside Apple ecosystem. And also experience unmatched performance and efficiency when I upgrade to the newest Mac with Microsoft (hopefully) supporting ARM.

Talking of cameras on the iPhone, Apple nailed this department with their iPhone 11 series, and now improving upon it. Sure, Android flagships can match the camera performance in some/ many areas, but the main problem with them is the lack of consistency. Unless you are a photography/ videography expert, your camera roll is unlikely to match the consistency that the iPhone produces. Even the latest Pixel 6 series have failed to meet the hype that was created around it.

I will go through your links and play around with Sandboxie soon. Thanks.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
Top Bottom