Force instant termination of a process

Ideas for enhancements to the software
Post Reply
is_m00nbl00d

Force instant termination of a process

Post by is_m00nbl00d » Fri Mar 25, 2011 9:58 pm

I'm not really sure that's the best subject, but it's the one I came up with. ;D

First thing first.

My operating system has two web browsers - IE and Chromium. IE is defined as the default web browser. I do not use IE for anything, at all. It's been forced to run in its sandbox, with Internet access blocked and Drop Rights enabled.

There's something I dislike in this approach, though - when I install/upgrade an application that iniciates Internet Explorer, forcing me to close the sandbox.

I think it would be great if I could define the sandbox to automatically terminate any process, as soon as they run in the sandbox. Plus, all this could be done minimized, that is, IE is started in the sandbox, but with its window minimized to the tray bar, during the all process, which shouldn't take more than a second to end. Would the latter be possible?


Thanks

lylejk
Posts: 119
Joined: Thu Mar 26, 2009 5:19 pm

Post by lylejk » Fri Mar 25, 2011 10:39 pm

You could just rightclick on the Sandbox and then Terminate Programs. I've had some issues individually terminating just IE for instance; I just terminate the whole SBIE session. :)

_is_m00nbl00d

Post by _is_m00nbl00d » Fri Mar 25, 2011 11:21 pm

lylejk wrote:You could just rightclick on the Sandbox and then Terminate Programs. I've had some issues individually terminating just IE for instance; I just terminate the whole SBIE session. :)
But, that's what I want to avoid. Otherwise, I'd have to right-click the tray bar or open Sandboxie Control, and then right-click the respective sandbox and then kill it.

But, thanks anyway for the feedback! :)

I'm perfectly aware that this is not a top priority, in case tzuk considers it to be a nice feature. But, should he consider it to be OK, then it would be great to have such feature in versions to come. I know there are other priorities.

Mike
Posts: 592
Joined: Mon Nov 16, 2009 1:27 pm

Post by Mike » Sat Mar 26, 2011 2:24 am

is_m00nbl00d wrote:It's been forced to run in its sandbox, with Internet access blocked and Drop Rights enabled. ... I think it would be great if I could define the sandbox to automatically terminate any process, as soon as they run in the sandbox.
Here's how I keep unwanted programs from running:
  • 1. Force them all to run in a dedicated "NoRun" sandbox
    2. Set start/run access to only allow nonexistent.exe
Tada, nothing can run.

This approach has become a lot more pleasant since tzuk got rid of those csrss.exe pop-ups. Of course, if you're looking for a more permanent or robust method, SRP or AppLocker policies would probably be a better bet.

is_m00nbl00d

Post by is_m00nbl00d » Sat Mar 26, 2011 10:19 am

Mike wrote:
is_m00nbl00d wrote:It's been forced to run in its sandbox, with Internet access blocked and Drop Rights enabled. ... I think it would be great if I could define the sandbox to automatically terminate any process, as soon as they run in the sandbox.
Here's how I keep unwanted programs from running:
  • 1. Force them all to run in a dedicated "NoRun" sandbox
    2. Set start/run access to only allow nonexistent.exe
Tada, nothing can run.

This approach has become a lot more pleasant since tzuk got rid of those csrss.exe pop-ups. Of course, if you're looking for a more permanent or robust method, SRP or AppLocker policies would probably be a better bet.
Hello Mike,

I appreciate your feedback, and will most definetely try what you suggest, regarding the sandbox. :)

Regarding AppLocker, I do have it in place. But, the reason why I don't forbid its execution, is due to the fact that, at some point, I may need to make use of IE, and elevate secpol.msc to remove prohibition, not to mention entering credentials for UAC. Having such an option within Sandboxie would make things a lot faster and easier, IMO.

_is_m00nbl00d

Post by _is_m00nbl00d » Sat Mar 26, 2011 11:10 am

@ Mike

I tried your suggestion, and it actually works simply great. I never thought about that option! One needs to hide the error message that appears, though. I just hope that, whenever I need to use IE, I remember about it. lol

_is_m00nbl00d

Post by _is_m00nbl00d » Sat Mar 26, 2011 11:16 am

_is_m00nbl00d wrote:@ Mike

I tried your suggestion, and it actually works simply great. I never thought about that option! One needs to hide the error message that appears, though. I just hope that, whenever I need to use IE, I remember about it. lol
-edit-

This does make me want to suggest something else, regarding this trick.

I have relatives using Sandboxie as well. Some of them do not make use of IE, except to access their bank account (under a different user account). The above trick would apply to all user accounts, that is, IE would be forced to run in its sandbox, but forbidden from running there.

It would be great if we could choose which user accounts to apply sandbox settings.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Mar 26, 2011 5:59 pm

At some point I am planning to add a Sandbox Settings page that lets you select which user accounts can use a particular sandbox.
tzuk

Mike
Posts: 592
Joined: Mon Nov 16, 2009 1:27 pm

Post by Mike » Sat Mar 26, 2011 8:05 pm

@_is_m00nbl00d: Glad it helped! For non-critical rules, I mostly prefer Sandboxie to AppLocker for the same reason, because it's easier and faster.

@tzuk: Although not a big deal, that would be a nice touch.

SnDPhoenix
Posts: 2690
Joined: Tue Dec 26, 2006 5:44 pm
Location: West Florida

Post by SnDPhoenix » Sun Mar 27, 2011 6:33 am

tzuk wrote:At some point I am planning to add a Sandbox Settings page that lets you select which user accounts can use a particular sandbox.
Sounds great! :D

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests