This commit is contained in:
parent
a88a83c8df
commit
9f57abf9c3
|
@ -7,7 +7,7 @@
|
|||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>835</width>
|
||||
<height>475</height>
|
||||
<height>575</height>
|
||||
</rect>
|
||||
</property>
|
||||
<property name="sizePolicy">
|
||||
|
@ -45,7 +45,7 @@
|
|||
<enum>QTabWidget::North</enum>
|
||||
</property>
|
||||
<property name="currentIndex">
|
||||
<number>1</number>
|
||||
<number>9</number>
|
||||
</property>
|
||||
<widget class="QWidget" name="tabGeneral">
|
||||
<attribute name="title">
|
||||
|
@ -1095,7 +1095,7 @@
|
|||
<item row="0" column="0">
|
||||
<widget class="QTabWidget" name="tabsSecurity">
|
||||
<property name="currentIndex">
|
||||
<number>3</number>
|
||||
<number>4</number>
|
||||
</property>
|
||||
<widget class="QWidget" name="tabHarden">
|
||||
<attribute name="title">
|
||||
|
@ -1597,6 +1597,7 @@
|
|||
<widget class="QLabel" name="lblJob">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1700,6 +1701,7 @@
|
|||
<widget class="QLabel" name="lblLimit">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1719,6 +1721,7 @@
|
|||
<widget class="QWidget" name="tabPrivileges">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>50</weight>
|
||||
<bold>false</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1726,63 +1729,12 @@
|
|||
<attribute name="title">
|
||||
<string>Advanced Security</string>
|
||||
</attribute>
|
||||
<layout class="QGridLayout" name="gridLayout_26">
|
||||
<item row="0" column="1">
|
||||
<layout class="QGridLayout" name="gridLayout_2">
|
||||
<item row="5" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkDropPrivileges">
|
||||
<property name="text">
|
||||
<string>Drop critical privileges from processes running with a SYSTEM token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="2">
|
||||
<spacer name="horizontalSpacer_13">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="1" column="1" colspan="3">
|
||||
<widget class="QCheckBox" name="chkProtectSCM">
|
||||
<property name="text">
|
||||
<string>Allow only privileged processes to access the Service Control Manager</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="2" colspan="2">
|
||||
<widget class="QLabel" name="label_74">
|
||||
<property name="text">
|
||||
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="4">
|
||||
<widget class="QLabel" name="label_65">
|
||||
<property name="font">
|
||||
<font>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0">
|
||||
<widget class="QLabel" name="lblPrivilege">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1795,51 +1747,39 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="3">
|
||||
<item row="1" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectSCM">
|
||||
<property name="text">
|
||||
<string>Allow only privileged processes to access the Service Control Manager</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="2" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkRestrictServices">
|
||||
<property name="text">
|
||||
<string>Do not start sandboxed services using a system token (recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1" colspan="4">
|
||||
<widget class="QCheckBox" name="chkSbieLogon">
|
||||
<property name="text">
|
||||
<string>Use a Sandboxie login instead of an anonymous token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="1">
|
||||
<spacer name="verticalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>5</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="3" column="1" colspan="3">
|
||||
<item row="3" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkElevateRpcss">
|
||||
<property name="text">
|
||||
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1" colspan="3">
|
||||
<item row="4" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkProtectSystem">
|
||||
<property name="text">
|
||||
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="4">
|
||||
<widget class="QLabel" name="label_64">
|
||||
<item row="4" column="3">
|
||||
<widget class="QLabel" name="label_65">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1849,10 +1789,32 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0" colspan="2">
|
||||
<item row="5" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkDropPrivileges">
|
||||
<property name="text">
|
||||
<string>Drop critical privileges from processes running with a SYSTEM token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="3">
|
||||
<widget class="QLabel" name="label_64">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>(Security Critical)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="0">
|
||||
<widget class="QLabel" name="lblToken">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -1865,7 +1827,55 @@
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
<item row="7" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkSbieLogon">
|
||||
<property name="text">
|
||||
<string>Use a Sandboxie login instead of an anonymous token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="2">
|
||||
<widget class="QLabel" name="label_74">
|
||||
<property name="text">
|
||||
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
|
||||
</property>
|
||||
<property name="wordWrap">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="9" column="1" colspan="2">
|
||||
<widget class="QCheckBox" name="chkCreateToken">
|
||||
<property name="text">
|
||||
<string>Create a new sandboxed token instead of setting down default token</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="10" column="1">
|
||||
<spacer name="verticalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>185</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="10" column="2">
|
||||
<spacer name="horizontalSpacer_13">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>457</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
|
@ -4042,6 +4052,7 @@ The process match level has a higher priority than the specificity and describes
|
|||
<widget class="QTabWidget" name="tabsOther">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>50</weight>
|
||||
<bold>false</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -4053,16 +4064,7 @@ The process match level has a higher priority than the specificity and describes
|
|||
<attribute name="title">
|
||||
<string>Compatibility</string>
|
||||
</attribute>
|
||||
<layout class="QGridLayout" name="gridLayout_63">
|
||||
<item row="0" column="0">
|
||||
<layout class="QGridLayout" name="gridLayout_62">
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<layout class="QGridLayout" name="gridLayout_26">
|
||||
<item row="0" column="1">
|
||||
<widget class="QCheckBox" name="chkNoPanic">
|
||||
<property name="toolTip">
|
||||
|
@ -4073,37 +4075,11 @@ The process match level has a higher priority than the specificity and describes
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="1">
|
||||
<widget class="QCheckBox" name="chkComTimeout">
|
||||
<property name="text">
|
||||
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieDeskHack">
|
||||
<property name="text">
|
||||
<string>Use desktop object workaround for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="0">
|
||||
<spacer name="verticalSpacer_28">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>40</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<widget class="QLabel" name="lblCompatibility">
|
||||
<property name="font">
|
||||
<font>
|
||||
<weight>75</weight>
|
||||
<bold>true</bold>
|
||||
<kerning>true</kerning>
|
||||
</font>
|
||||
|
@ -4120,6 +4096,20 @@ The process match level has a higher priority than the specificity and describes
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="3" column="1">
|
||||
<widget class="QCheckBox" name="chkElevateCreateProcessFix">
|
||||
<property name="text">
|
||||
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="4" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieDeskHack">
|
||||
<property name="text">
|
||||
<string>Use desktop object workaround for all processes</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="5" column="1">
|
||||
<widget class="QCheckBox" name="chkUseSbieWndStation">
|
||||
<property name="text">
|
||||
|
@ -4127,22 +4117,47 @@ The process match level has a higher priority than the specificity and describes
|
|||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="6" column="1">
|
||||
<widget class="QCheckBox" name="chkComTimeout">
|
||||
<property name="text">
|
||||
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="7" column="1">
|
||||
<widget class="QCheckBox" name="chkForceRestart">
|
||||
<property name="text">
|
||||
<string>Restart force process before they begin to execute</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="8" column="0">
|
||||
<spacer name="verticalSpacer_28">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>263</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="8" column="1">
|
||||
<spacer name="horizontalSpacer_12">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<width>667</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
<widget class="QWidget" name="tabDlls">
|
||||
<attribute name="title">
|
||||
|
@ -5076,8 +5091,8 @@ instead of "*".</string>
|
|||
<rect>
|
||||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>98</width>
|
||||
<height>28</height>
|
||||
<width>75</width>
|
||||
<height>16</height>
|
||||
</rect>
|
||||
</property>
|
||||
<layout class="QGridLayout" name="dbgLayout">
|
||||
|
|
|
@ -30,6 +30,8 @@ void COptionsWindow::CreateAdvanced()
|
|||
connect(ui.chkOpenCOM, SIGNAL(clicked(bool)), this, SLOT(OnOpenCOM()));
|
||||
connect(ui.chkComTimeout, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
connect(ui.chkForceRestart, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
connect(ui.chkNoSecurityIsolation, SIGNAL(clicked(bool)), this, SLOT(OnIsolationChanged()));
|
||||
connect(ui.chkNoSecurityFiltering, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
|
@ -39,7 +41,7 @@ void COptionsWindow::CreateAdvanced()
|
|||
connect(ui.chkOpenLsaEndpoint, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
connect(ui.chkSbieLogon, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
connect(ui.chkCreateToken, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
|
||||
|
||||
m_AdvOptions.insert("UseWin32kHooks", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable the use of win32 hooks for selected processes. Note: You need to enable win32k syscall hook support globally first.")});
|
||||
m_AdvOptions.insert("EnableMiniDump", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable crash dump creation in the sandbox folder")});
|
||||
|
@ -142,6 +144,8 @@ void COptionsWindow::LoadAdvanced()
|
|||
ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false));
|
||||
ui.chkDropPrivileges->setChecked(m_pBox->GetBool("StripSystemPrivileges", true));
|
||||
|
||||
ui.chkForceRestart->setChecked(m_pBox->GetBool("ForceRestartAll", false));
|
||||
|
||||
CheckOpenCOM();
|
||||
ui.chkComTimeout->setChecked(!m_pBox->GetBool("RpcMgmtSetComTimeout", true));
|
||||
|
||||
|
@ -373,6 +377,8 @@ void COptionsWindow::SaveAdvanced()
|
|||
|
||||
WriteAdvancedCheck(ui.chkComTimeout, "RpcMgmtSetComTimeout", "n", "");
|
||||
|
||||
WriteAdvancedCheck(ui.chkForceRestart, "ForceRestartAll", "y", "");
|
||||
|
||||
WriteAdvancedCheck(ui.chkNoSecurityIsolation, "NoSecurityIsolation", "y", "");
|
||||
WriteAdvancedCheck(ui.chkNoSecurityFiltering, "NoSecurityFiltering", "y", "");
|
||||
|
||||
|
@ -426,6 +432,9 @@ void COptionsWindow::SaveAdvanced()
|
|||
bool bGlobalSbieLogon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieLogon", false);
|
||||
WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : "");
|
||||
|
||||
bool bGlobalSandboxGroup = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieAllGroup", false);
|
||||
WriteAdvancedCheck(ui.chkCreateToken, "UseCreateToken", bGlobalSandboxGroup ? "" : "y", "");
|
||||
|
||||
SaveOptionList();
|
||||
|
||||
bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false);
|
||||
|
@ -595,14 +604,16 @@ void COptionsWindow::UpdateBoxIsolation()
|
|||
ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
|
||||
ui.chkSbieLogon->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
|
||||
ui.chkCreateToken->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
|
||||
if (ui.chkNoSecurityIsolation->isChecked()) {
|
||||
ui.chkCloseForBox->setChecked(false);
|
||||
ui.chkNoOpenForBox->setChecked(false);
|
||||
ui.chkSbieLogon->setChecked(false);
|
||||
ui.chkCreateToken->setChecked(false)
|
||||
}
|
||||
else {
|
||||
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
|
||||
ReadGlobalCheck(ui.chkCreateToken, "UseCreateToken", false);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue