Sandboxie and Origin

If it doesn't fit elsewhere, it goes here
Darman
Posts: 3
Joined: Sun Oct 30, 2011 4:41 pm

Sandboxie and Origin

Post by Darman » Sun Oct 30, 2011 4:56 pm

Hey community,

I'm new to sandboxie, and guess what made me interested in this program.. EA's Origin. It's spying computers and thats very, very bad.

So I tried to put Origin in a sandbox, so it only has access where it's meant to have. But now I got this: Every time i want to join a BF3 online match, it takes very long to initalize an load, then I get the message: You have been disconnected from the server. This is a common problem for me and BF3 (origin and Battlelog s***ks), I tried everything from updating PB to unlock ports on my router - but now it appears every time and even before I really join the match. And now the best: after this once appeared, every time I again try to join another server, I get an error window: BF3 doesn't work anymore. And now you can watch Battlog trying to initalize and join the server for hours. Nothing works.
But I doesn't want to start Origin without being sure it doesn't watch my skype chat log at the moment.

So would you guys perhaps browse over my sandboxes script an tell me if there's something wrong with it?

thx in advance,

Dar


Origin Sandboxie.ini:

Code: Select all

[GlobalSettings]

TemplateReject=WindowsLive
TemplateReject=7zipShellEx
TemplateReject=Avast_Antivirus
TemplateReject=OfficeLicensing
TemplateReject=RocketDock

[UserSettings_04C60138]

SbieCtrl_UserName=dar
SbieCtrl_NextUpdateCheck=865319913129
SbieCtrl_UpdateCheckNotify=y
SbieCtrl_ShowWelcome=n
SbieCtrl_WindowLeft=984
SbieCtrl_WindowTop=202
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=442
SbieCtrl_ActiveView=40021
SbieCtrl_AutoApplySettings=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_BoxExpandedView_Origin=y
SbieCtrl_EnableLogonStart=y
SbieCtrl_EnableAutoStart=y
SbieCtrl_AddDesktopIcon=y
SbieCtrl_AddQuickLaunchIcon=y
SbieCtrl_AddContextMenu=y
SbieCtrl_AddSendToMenu=y
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310

[Origin]

Enabled=y
ConfigLevel=7
AutoRecover=y
Template=PlugPlayService
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
DropAdminRights=y
BlockFakeInput=y
BlockDrivers=n
BlockWinHooks=n
BlockSysParam=n
BlockPassword=n
NotifyStartRunAccessDenied=y
NotifyInternetAccessDenied=y
ClosedFilePath=\Device\Mup\
ClosedFilePath=C:\Program Files (x86)\Activision\
ClosedFilePath=C:\Program Files (x86)\Bethesda Softworks\
ClosedFilePath=C:\Program Files (x86)\CryTools\
ClosedFilePath=C:\Program Files (x86)\DAEMON Tools Lite\
ClosedFilePath=C:\Program Files (x86)\Dead Island\
ClosedFilePath=C:\Program Files (x86)\EA GAMES\
ClosedFilePath=C:\Program Files (x86)\EA
ClosedFilePath=C:\Program Files (x86)\Electronic Arts\
ClosedFilePath=C:\Program Files (x86)\F.E.A.R. 2\
ClosedFilePath=C:\Program Files (x86)\Gamigo\
ClosedFilePath=C:\Program Files (x86)\id Software\
ClosedFilePath=C:\Program Files (x86)\LucasArts\
ClosedFilePath=C:\Program Files (x86)\Mass Effect\
ClosedFilePath=C:\Program Files (x86)\Mass Effect 2\
ClosedFilePath=C:\Program Files (x86)\Steam\
ClosedFilePath=C:\Program Files (x86)\Ubisoft\
ClosedFilePath=C:\Program Files (x86)\2K Games\
ClosedFilePath=%Personal%\BioWare\
ClosedFilePath=%Personal%\Mass Effect Files\
ClosedFilePath=%My Music%\
ClosedFilePath=%My Pictures%\
ClosedFilePath=%My Video%\
ClosedFilePath=%Local AppData%\2K Games\
ClosedFilePath=%Local AppData%\Activision\
ClosedFilePath=C:\ProgramData\Apple
ClosedFilePath=C:\ProgramData\Apple Computer
ClosedFilePath=C:\ProgramData\AVAST Software
ClosedFilePath=C:\ProgramData\Brockhaus Multimedia
ClosedFilePath=C:\ProgramData\Caphyon
ClosedFilePath=C:\ProgramData\CyberLink
ClosedFilePath=C:\ProgramData\DAEMON Tools Lite
ClosedFilePath=C:\ProgramData\DAEMON Tools Pro
ClosedFilePath=C:\ProgramData\Desura
ClosedFilePath=C:\ProgramData\DivX
ClosedFilePath=C:\ProgramData\Grid
ClosedFilePath=C:\ProgramData\Hewlett-Packard
ClosedFilePath=C:\ProgramData\Media Center Programs
ClosedFilePath=C:\ProgramData\nHancer
ClosedFilePath=C:\ProgramData\Norton
ClosedFilePath=C:\ProgramData\NortonInstaller
ClosedFilePath=C:\ProgramData\PDFC
ClosedFilePath=C:\ProgramData\PictureMover
ClosedFilePath=C:\ProgramData\PMB Files
ClosedFilePath=C:\ProgramData\Recovery
ClosedFilePath=C:\ProgramData\Skype
ClosedFilePath=C:\ProgramData\Skype Extras
ClosedFilePath=C:\ProgramData\Solidshield
ClosedFilePath=C:\ProgramData\Sun
ClosedFilePath=C:\ProgramData\TuneUp Software
ClosedFilePath=C:\ProgramData\Ubisoft
ClosedFilePath=C:\ProgramData\WildTangent
ClosedFilePath=C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
ClosedFilePath=C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=K:\
ClosedFilePath=J:\
ClosedFilePath=L:\
OpenPipePath=C:\
OpenPipePath=C:\ProgramFiles(x86)\Origin
OpenPipePath=C:\ProgramFiles(x86)\Origin Games
OpenPipePath=C:\Microsoft.NET
OpenPipePath=C:\Program Files (x86)\Common Files
OpenPipePath=C:\ProgramData\Electronic Arts
OpenPipePath=C:\ProgramData\EA Core
OpenPipePath=C:\Program Files (x86)\NVIDIA Corporation
OpenPipePath=C:\Program Files\NVIDIA Corporation
OpenPipePath=C:\ProgramData\NVIDIA
OpenPipePath=%Local AppData%\Origin\
OpenPipePath=%AppData%\Origin\
OpenPipePath=C:\ProgramData\Origin\DownloadCache\
OpenPipePath=%AppData%\Origin\
OpenPipePath=%Local AppData%\Origin\

D1G1T@L
Posts: 577
Joined: Sun Apr 17, 2011 7:40 pm
Location: DefaultBox

Post by D1G1T@L » Sun Oct 30, 2011 7:34 pm

Hi. You will probably find useful outcomes from following these threads about the exact same issue instead of starting another:

http://www.sandboxie.com/phpbb/viewtopic.php?t=11767
http://www.sandboxie.com/phpbb/viewtopic.php?t=11776
One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.

Darman
Posts: 3
Joined: Sun Oct 30, 2011 4:41 pm

Post by Darman » Mon Oct 31, 2011 11:10 am

Tried link #1 (added "ClosedFilePath=C:\Program Files (x86)\Origin\IGO32.dll" to my .ini )- no changes, instead of half an hour load screen for one map, then a black screen that couldn't be quitted by any keyboard combination, so I had to manually shut down the computer. I guess after that the error message would have popped up again: "BF3 doesn't work anymore".

link # 2 doesn't affect me, because I can log in with origin and I already installed BF3 on a non-sandboxed origin

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Oct 31, 2011 11:50 am

1. Your configuration file is way too complex to know if it has something to do with the problem or not.

Start with basic sandbox configuration, make sure that BF3 loads under Sandboxie.

2. You have the setting Template=PlugPlayService, or from the GUI:

Restrictions > Permit programs in this sandbox to manage hardware device configuration

in my tests this has sometimes caused BF3 to crash the display driver during start-up. BF3 worked better without this option.

3. If you get a black screen and your keyboard doesn't work, then use Ctrl + Alt + Del to go to the lock screen, then open Windows Task Manager and terminate the BF3.EXE process.
tzuk

Darman
Posts: 3
Joined: Sun Oct 30, 2011 4:41 pm

Post by Darman » Mon Oct 31, 2011 11:56 am

People, it works now - i checked some new tutorials - I forgot to add exeptions for the AppData / Roaming files ( or I believe that is what has been the reason it didn't work). But I still got the common Battlelog error: "You have been disconnected from the server. Man, that's bullshit.

@tzuk:

"If you get a black screen and your keyboard doesn't work, then use Ctrl + Alt + Del to go to the lock screen, then open Windows Task Manager and terminate the BF3.EXE process." - Whoaaaaa - thank you I didn't knew that and of course never tried it (veeeery ironic). Thx anyway for poniting out to the fact with the "Template=PlugPlayService". I changed that.

BBZangZanger

Post by BBZangZanger » Thu Nov 03, 2011 3:08 am

Can you post your working configuration file?

I can't get it to work no matter what I do.

Thanks

ysu
Posts: 5
Joined: Wed Sep 28, 2011 10:45 pm

Post by ysu » Fri Nov 04, 2011 11:33 pm

I know there's been a number of threads on this topic but it'd be nice to see one comprehensive, easy-to-follow tutorial which actually does block everything for origin (not just the program data folder). If it's possible at all, that is.

Anyone up to it?

I reckon it'd be best to sandbox everything from the get-go, origin & bf3 both, avoiding putting an already installed prog into sandbox, it sortof beats the purpose as you drives have already been scanned.

D1G1T@L
Posts: 577
Joined: Sun Apr 17, 2011 7:40 pm
Location: DefaultBox

Post by D1G1T@L » Sat Nov 05, 2011 1:49 pm

I have tested origin's install in a sandbox and it seems to work fine. An untested suggestion I have is to open an openfilepath only to Battlefield 3's program folder and see how that works.
One Program to rule them all, One Program to confine them, One Program to wrest them all and in the sandbox bind them.

ysu
Posts: 5
Joined: Wed Sep 28, 2011 10:45 pm

Post by ysu » Wed Nov 09, 2011 1:16 am

D1G1T@L wrote:I have tested origin's install in a sandbox and it seems to work fine. An untested suggestion I have is to open an openfilepath only to Battlefield 3's program folder and see how that works.
I can confirm origin install into sandbox is fine.

However, I'd like to know how to circumvent the PunkBuster install error when you try to actually install bf3 into the same sandbox. It fails every time.
The error is as follows:
**ERROR: Failed to create BunkBuster service: Cannot create a file when that file already exists.

Could it be that any previous pb install (outside of the sandbox) causes problems?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Nov 09, 2011 8:35 am

PunkBuster includes a driver and can't be installed properly under Sandboxie. You will need to install PunkBuster outside the sandbox.
Possibly from here:
http://evenbalance.com/index.php?page=pbsetup.php

Then you need to adjust Sandboxie settings as described here:
http://www.sandboxie.com/index.php?Know ... punkbuster

But I have to say, I don't know if this actually works.
tzuk

ysu
Posts: 5
Joined: Wed Sep 28, 2011 10:45 pm

Post by ysu » Wed Nov 09, 2011 5:29 pm

tzuk wrote:PunkBuster includes a driver and can't be installed properly under Sandboxie. You will need to install PunkBuster outside the sandbox.
Possibly from here:
http://evenbalance.com/index.php?page=pbsetup.php

Then you need to adjust Sandboxie settings as described here:
http://www.sandboxie.com/index.php?Know ... punkbuster

But I have to say, I don't know if this actually works.
Thanks, it seems the problem for me was in fact that I had pb installed already. (that is, for the installation of bf3)
I've uninstalled the outside pb and bf3 went on with its own install.

I have not been able to test if it works online, yet, though. (most likely it won't) So I'll probably have to install back the pb on the outside.
Amazing how much hassle this can be...


Oh a question: I've checked the known conflicts page, and that rule (*) seems like allowing everything (that's what asterisk usually does).
How's that working exactly? What am I allowing by using that asterisk there?
Sorry, I'm more than a bit confused by that setting. :)

max
Posts: 42
Joined: Thu Nov 18, 2010 5:00 am

Post by max » Thu Nov 10, 2011 1:14 am

tzuk wrote:PunkBuster includes a driver and can't be installed properly under Sandboxie. You will need to install PunkBuster outside the sandbox.
Possibly from here:
http://evenbalance.com/index.php?page=pbsetup.php

Then you need to adjust Sandboxie settings as described here:
http://www.sandboxie.com/index.php?Know ... punkbuster

But I have to say, I don't know if this actually works.
tzuk happy to report that I got it to work. :D

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Nov 10, 2011 4:26 am

Nice, thanks for the update max. :)
ysu wrote:Oh a question: I've checked the known conflicts page, and that rule (*) seems like allowing everything (that's what asterisk usually does). How's that working exactly? What am I allowing by using that asterisk there?
It's not about allowing stuff. It's about PunkBuster aborting because it detects code from Sandboxie and thinks it's a cheat mechanism.

When you use a sweeping exclusion (i.e. * ) on the window class, Sandboxie doesn't put its code in.

But now that we're talking about this, you should try using # instead of *. It might provide the same results with less compromise in security. The difference is that both * and # cause Sandboxie to not put its code in. But * permits the program to communicate outside the sandbox, and # doesn't.

If you guys can confirm that # works as well as * then I will change the Known Conflicts page accordingly. Thanks.
tzuk

sorcerer

Post by sorcerer » Tue Nov 22, 2011 5:58 am

tzuk wrote:It's not about allowing stuff. It's about PunkBuster aborting because it detects code from Sandboxie and thinks it's a cheat mechanism.

When you use a sweeping exclusion (i.e. * ) on the window class, Sandboxie doesn't put its code in.

But now that we're talking about this, you should try using # instead of *. It might provide the same results with less compromise in security. The difference is that both * and # cause Sandboxie to not put its code in. But * permits the program to communicate outside the sandbox, and # doesn't.

If you guys can confirm that # works as well as * then I will change the Known Conflicts page accordingly. Thanks.
i have installed Origin and Battlefield 3 in a sandbox to completely isolate Origin from the rest of my system. as mentioned previously, PunkBuster did not install correctly during the BF3 installation, so i could not play on PB-enabled servers. i uninstalled the botched install of PunkBuster in the sandbox, installed it regularly outside the sandbox, and followed your guide to put # (not *). i can confirm that it works fine and i can play in PB-enabled servers now. thanks! :)

Vayne

Post by Vayne » Sun Nov 27, 2011 11:35 am

As previously requested, could someone please post a working configuration for Origin?

In specific, what needs to be set for openpipepath? (I have NVIDIA as well, but I'm sure ATI users would appreciate a list too!)

OpenPipePath=C:\
OpenPipePath=C:\ProgramFiles(x86)\Origin
OpenPipePath=C:\ProgramFiles(x86)\Origin Games
OpenPipePath=C:\Microsoft.NET
OpenPipePath=C:\Program Files (x86)\Common Files
OpenPipePath=C:\ProgramData\Electronic Arts
OpenPipePath=C:\ProgramData\EA Core
OpenPipePath=C:\Program Files (x86)\NVIDIA Corporation
OpenPipePath=C:\Program Files\NVIDIA Corporation
OpenPipePath=C:\ProgramData\NVIDIA
OpenPipePath=%Local AppData%\Origin\
OpenPipePath=%AppData%\Origin\
OpenPipePath=C:\ProgramData\Origin\DownloadCache\
OpenPipePath=%AppData%\Origin\
OpenPipePath=%Local AppData%\Origin\

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests