From e99328066b422991de54116f564b70702f6188cc Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Wed, 20 Nov 2024 15:38:17 +0100
Subject: [PATCH] #4113

---
 CHANGELOG.md                                     | 3 ++-
 Sandboxie/apps/control/MessageDialog.cpp         | 4 ++++
 Sandboxie/core/drv/process_force.c               | 5 +++++
 SandboxiePlus/SandMan/SandMan.cpp                | 5 ++++-
 SandboxiePlus/SandMan/Windows/SettingsWindow.cpp | 6 +++---
 5 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f92a8e0..0fdffa6f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 - improved ini section editor, it now supports search Ctrl+F
+- added SBIE1321 to log all force process events, can be enabled with "NotifyForceProcessEnabled=y", Improves #4113
 
 ### Fixed
 
@@ -73,7 +74,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Changed
 - improved SandboxieCrypto startup
-- improved sandboxed RPCSS startup
+- improved Sandboxed RPCSS startup
 - changed Qt 5 version to Qt 5.15.15 with OpenSSL 3.3.2 [#4223](https://github.com/sandboxie-plus/Sandboxie/pull/4223) (thanks offhub)
 - set tab orders and buddies of UI controls [#4300](https://github.com/sandboxie-plus/Sandboxie/pull/4300) (thanks gexgd0419)
 
diff --git a/Sandboxie/apps/control/MessageDialog.cpp b/Sandboxie/apps/control/MessageDialog.cpp
index cf2afdd9..056778f0 100644
--- a/Sandboxie/apps/control/MessageDialog.cpp
+++ b/Sandboxie/apps/control/MessageDialog.cpp
@@ -290,6 +290,10 @@ void CMessageDialog::OnTimer()
 		if (code == MSG_1399)
 			continue;
 
+		//
+		// ignore process forced notification
+		if (code == MSG_1321)
+			continue;
 
 
         WCHAR *str1 = m_buf;
diff --git a/Sandboxie/core/drv/process_force.c b/Sandboxie/core/drv/process_force.c
index fad79906..6e4f970a 100644
--- a/Sandboxie/core/drv/process_force.c
+++ b/Sandboxie/core/drv/process_force.c
@@ -378,6 +378,11 @@ _FX BOX *Process_GetForcedStartBox(
 		}
     }
 
+    if (box && Conf_Get_Boolean(NULL, L"NotifyForceProcessEnabled", 0, FALSE) && box != (BOX *)-1)
+    {
+        Log_Msg_Process(MSG_1321, ImageName, box->name, SessionId, ProcessId);
+    }
+
     //
     // finish
     //
diff --git a/SandboxiePlus/SandMan/SandMan.cpp b/SandboxiePlus/SandMan/SandMan.cpp
index f2fde2cb..d62f92bf 100644
--- a/SandboxiePlus/SandMan/SandMan.cpp
+++ b/SandboxiePlus/SandMan/SandMan.cpp
@@ -2930,7 +2930,7 @@ QString CSandMan::MakeSbieMsgLink(quint32 MsgCode, const QStringList& MsgData, Q
 
 void CSandMan::OnLogSbieMessage(quint32 MsgCode, const QStringList& MsgData, quint32 ProcessId)
 {
-	if ((MsgCode & 0xFFFF) == 2198 ) // file migration progress
+	if ((MsgCode & 0xFFFF) == 2198) // file migration progress
 	{
 		if (!IsDisableMessages() && theConf->GetBool("Options/ShowMigrationProgress", true))
 			m_pPopUpWindow->ShowProgress(MsgCode, MsgData, ProcessId);
@@ -3010,6 +3010,9 @@ void CSandMan::OnLogSbieMessage(quint32 MsgCode, const QStringList& MsgData, qui
 	if ((MsgCode & 0xFFFF) == 2111) // process open denided
 		return; // don't pop that one up
 
+	if ((MsgCode & 0xFFFF) == 1321) // process forced
+		return; // don't pop that one up
+
 	if(MsgCode != 0 && theConf->GetBool("Options/ShowNotifications", true) && !IsDisableMessages())
 		m_pPopUpWindow->AddLogMessage(MsgCode, MsgData, ProcessId);
 }
diff --git a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
index 09963491..a9301449 100644
--- a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
+++ b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
@@ -474,6 +474,7 @@ CSettingsWindow::CSettingsWindow(QWidget* parent)
 
 	connect(ui.chkStartBlockMsg, SIGNAL(stateChanged(int)), this, SLOT(OnWarnChanged()));
 	connect(ui.chkNotForcedMsg, SIGNAL(stateChanged(int)), this, SLOT(OnWarnChanged()));
+	connect(ui.chkForcedMsg, SIGNAL(stateChanged(int)), this, SLOT(OnWarnChanged()));
 	connect(ui.btnAddWarnProg, SIGNAL(clicked(bool)), this, SLOT(OnAddWarnProg()));
 	connect(ui.btnAddWarnFolder, SIGNAL(clicked(bool)), this, SLOT(OnAddWarnFolder()));
 	connect(ui.btnDelWarnProg, SIGNAL(clicked(bool)), this, SLOT(OnDelWarnProg()));
@@ -913,9 +914,6 @@ void CSettingsWindow::RemoveContextMenu()
 		QProcess Proc;
 		Proc.execute("rundll32.exe", QStringList() << "SbieShellExt.dll,RemovePackage");
 		Proc.waitForFinished();
-		
-		QSettings MyReg("HKEY_CURRENT_USER\\SOFTWARE\\Xanasoft\\Sandboxie-Plus", QSettings::NativeFormat);
-		MyReg.remove("");  // Removes the entire key and all subkeys
 	}
 
 	CSbieUtils::RemoveContextMenu();
@@ -1093,6 +1091,7 @@ void CSettingsWindow::LoadSettings()
 		ui.chkStartBlock->setChecked(theAPI->GetGlobalSettings()->GetBool("StartRunAlertDenied", false));
 		ui.chkStartBlockMsg->setChecked(theAPI->GetGlobalSettings()->GetBool("AlertStartRunAccessDenied", true));
 		ui.chkNotForcedMsg->setChecked(theAPI->GetGlobalSettings()->GetBool("NotifyForceProcessDisabled", false));
+		ui.chkForcedMsg->setChecked(theAPI->GetGlobalSettings()->GetBool("NotifyForceProcessEnabled", false));
 
 		ui.treeWarnProgs->clear();
 
@@ -1903,6 +1902,7 @@ void CSettingsWindow::SaveSettings()
 				WriteAdvancedCheck(ui.chkStartBlock, "StartRunAlertDenied", "y", "");
 				WriteAdvancedCheck(ui.chkStartBlockMsg, "AlertStartRunAccessDenied", "", "n");
 				WriteAdvancedCheck(ui.chkNotForcedMsg, "NotifyForceProcessDisabled", "y", "");
+				WriteAdvancedCheck(ui.chkForcedMsg, "NotifyForceProcessEnabled", "y", "");
 
 				QStringList AlertProcess;
 				QStringList AlertFolder;