Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ESET / Kaspersky] Any website shows a connection error on sandboxed Firefox/Edge #2025

Open
0x391F opened this issue Jul 12, 2022 · 23 comments
Labels
Browser: Chromium Collection of Chromium-based browser issues Browser: Firefox Issues with Firefox-based browsers Help Wanted Extra help is needed Issue: Reproduced Issue reproduced without uncertainties Software: ESET SBIE issues in conjunction with ESET software Software: Kaspersky Collection of Kaspersky issues with SBIE Workaround Temporary or alternative solution

Comments

@0x391F
Copy link
Contributor

0x391F commented Jul 12, 2022

Describe what you noticed and did

  1. Add SandboxieLogon=y in [GlobalSettings] (see here to enable it from Sandboxie Plus GUI)
  2. Visit any website in sandboxed Firefox/Edge
  3. Firefox "PR_CONNECT_RESET_ERROR"/Edge "ERR_CONNECTION_RESET"
Note: in order to reproduce this issue reliably, it is recommended to open a non-cached website in a new tab with both sandboxed browsers, while having in the system any ESET/Kaspersky Internet Security suite.
Microsoft Defender is not affected.

How often did you encounter it so far?

No response

Affected program

Firefox 102, Edge 103

Download link

Not relevant

Where is the program located?

The program is installed only outside the sandbox.

Expected behavior

This bug shoudn't appear.

What is your Windows edition and version?

Windows 10 Enterprise LTSC 2021 x64 (21H2) (10.0.19044.1806)

In which Windows account you have this problem?

Not relevant to my request.

Please mention any installed security software

ESET Internet Security 15.2.11.0 x64 / Kaspersky Internet Security

What version of Sandboxie are you running?

Sandboxie 5.57.0/5.57.1 x64, Sandboxie-Plus 1.2.0/1.2.1 x64

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

Sandboxie 5.57.0/Sandboxie-Plus 1.2.0

In which sandbox type you have this problem?

Not relevant to my request.

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response

@0x391F 0x391F added the Confirmation Pending Further confirmation is requested label Jul 12, 2022
@0x391F
Copy link
Contributor Author

0x391F commented Jul 12, 2022

Now I using Sandboxie 5.56.3 and Sandboxie-Plus 1.1.3, everything is well.

@ghost
Copy link

ghost commented Jul 12, 2022

v1.2.1 also has this issue. Most https websites don't load
sec
sec2

@isaak654 isaak654 changed the title Any website "PR_CONNECT_RESET_ERROR/ERR_CONNECTION_RESET" on sandboxed Firefox/Edge [1.2.0/1.2.1] Any website shows "PR_CONNECT_RESET_ERROR/ERR_CONNECTION_RESET" on sandboxed Firefox/Edge Jul 12, 2022
@isaak654 isaak654 added the Type: Regression A Sandboxie build broke compatibility, it was working before label Jul 12, 2022
@ghost
Copy link

ghost commented Jul 12, 2022

I downgraded to v1.1.3 and everything was working. Few hours later the issue reoccurred.

After restarting a router, it works again. That's interesting

@isaak654 isaak654 added Browser: Chromium Collection of Chromium-based browser issues Browser: Firefox Issues with Firefox-based browsers and removed Type: Regression A Sandboxie build broke compatibility, it was working before labels Jul 13, 2022
@isaak654 isaak654 changed the title [1.2.0/1.2.1] Any website shows "PR_CONNECT_RESET_ERROR/ERR_CONNECTION_RESET" on sandboxed Firefox/Edge Any website shows "PR_CONNECT_RESET_ERROR/ERR_CONNECTION_RESET" on sandboxed Firefox/Edge Jul 13, 2022
@ghost
Copy link

ghost commented Jul 25, 2022

I had this issue few more times. Restarting a router didn't fix it then. Does anyone else have the issue?

@ghost
Copy link

ghost commented Jul 26, 2022

I can not open any https webpage in any sandbox anymore. Tested firefox and edge. Outside of sandbox everything works. Sbie 1.2.6

@DavidXanatos
Copy link
Member

I downgraded to v1.1.3 and everything was working. Few hours later the issue reoccurred.

After restarting a router, it works again. That's interesting

That does not sound like a sbie issue, and since it seams to be related to restarting your router it very likely a router issue

@ghost
Copy link

ghost commented Jul 26, 2022

Maybe it was coincidence as restarting the router does not help anymore. Every https website in any sandbox shows the errors on Firefox and Edge. The same webpages work outside of sbie.

onet.pl has mixed content. New sandbox

image

@ghost
Copy link

ghost commented Jul 26, 2022

Eset <—>sbie issue. There was eset build update lately.

image

Generally eset thinks every ssl certificate is corrupt. Switching this option to: 'ask about certificate validity' allows opening webpages in sbie.
image
IDK how to fix it. ESET certificate is installed outside and inside sbie.
If I disable ssl scanning, enter ssl webpage, it works

@joy-maruyama
Copy link

I have this problem too, but with Kaspersky Internet Security. With Sandboxie-Plus-x64-v1.1.3, everything works perfectly.

When I upgrade to Sandboxie-Plus-x64 1.2.0 or newer (I tested 1.2.1, 1.2.5 and 1.2.6), my sandboxed browser Vivaldi can't access HTTPS sites anymore, with the error ERR_CONNECTION_RESET.

Vivaldi

Kaspersky Internet Security has an option "Encrypted connection scanning". The default selection is "Scan encrypted connections upon request from protection components".

Kaspersky Internet Security

If I change this option to "Do not scan encrypted connections", the sandboxed browser works normally.

I don't know if it is useful, but the Kaspersky manual says: "If the Scan encrypted connections upon request from protection components option is selected, Kaspersky Internet Security uses the installed Kaspersky certificate to verify the security of SSL connections if this is required by the Web Anti-Virus and URL Advisor protection components. If these components are disabled, Kaspersky Internet Security does not verify the security of SSL connections."

For some reason it stopped working on Sandboxie-Plus-x64 1.2.0. It worked well before, on 1.1.3 or older.

@DavidXanatos
Copy link
Member

hmm.... strange, there were 2 changes in 1.2.x that may cause something:

  1. the new token system, you can disable this and get the old behavior by unchecking this option
    grafik
  2. the hooking mechanism was changes as to allow proper resource freeing upon a dll unload
    this should not have caused such issues and can not be disabled by config.

Please test if 1 solves the problem if not we will need to do some more testing

@ghost
Copy link

ghost commented Jul 27, 2022

I commented out every line from global section and created new sandbox. Issue was still there. It ain't an issue with latest version. I had it with previous versions as well. However instead of having it always, it was rare

image

@DavidXanatos
Copy link
Member

Commenting everythign out wont help as that option was on by default, you need to add SandboxieLogon=n to your sandboxie ini

There does not seam to be a kaspersky trail but esset offets a 30 days trail I tested this scenario and it seams that the use of a custom token does not play well with esset.
Disabling the aforementioned option fixes the issue for me reliably.

@ghost
Copy link

ghost commented Jul 27, 2022

Yes, disabling option 1 fixes it for me

image

@DavidXanatos DavidXanatos added Workaround Temporary or alternative solution Software: ESET SBIE issues in conjunction with ESET software Issue: Reproduced Issue reproduced without uncertainties and removed Confirmation Pending Further confirmation is requested labels Jul 27, 2022
@DavidXanatos
Copy link
Member

Ok problem solved, but its not so cool, as I don't think there is a legit reason why this should fail this way,
perhaps these tools had a workaround in place for sandboxies old behavior,
since the new behavior is better it would be best if these tools would update their workaround to support the new behavior.

Please ask for it in the respective support forums.

On our side we will make this behavior for the time being disabled by default starting with 1.2.7

@joy-maruyama
Copy link

Unchecking the "Use a Sandboxie login instead of an anonymous token" worked for me too! Thank you very much, DavidXanatos!

@isaak654
Copy link
Collaborator

isaak654 commented Jul 27, 2022

There does not seam to be a kaspersky trail

Sorry, but that's not true. I pointed the Kaspersky trial versions in another issue: #1989 (comment)
I would suggest to create more labels to keep track of these problematic AV vendors.

@isaak654 isaak654 added the Software: Kaspersky Collection of Kaspersky issues with SBIE label Jul 27, 2022
@ghost
Copy link

ghost commented Jul 29, 2022

Thank you for the workaround. I am not sure what we are supposed to ask about exactly on AV forums

@isaak654
Copy link
Collaborator

isaak654 commented Jul 30, 2022

Apparently the lead developer expects that someone provides detailed steps on both Kaspersky and ESET forums, because only third-party vendors seem affected.

For example, you could adopt a similar text (feel free to edit it as you wish and fill it in the missing parts):

Original issue posted on the open-source Sandboxie repository:
https://github.com/sandboxie-plus/Sandboxie/issues/2025

Requirements to reproduce the issue:
- Operating system: Windows ...
- Sandboxie Plus 1.2.6 x64
- ESET/Kaspersky (edition + version)

Reproducible steps:
1. Install ESET/Kaspersky (edition + version)
2. Download Sandboxie Plus 1.2.6 x64 and install it: https://github.com/sandboxie-plus/Sandboxie/releases/download/v1.2.6/Sandboxie-Plus-x64-v1.2.6.exe
3. Run the main executable SandMan.exe
4. Describe what you did to reproduce the SSL issue
5. Show the error in the browser's screenshot: link

Workaround:
I disabled the new SandboxieLogon feature, which is named in Sandboxie Plus as "Use a Sandboxie login instead of an anonymous token". 
Further explanations about how it works: https://github.com/sandboxie-plus/Sandboxie/discussions/2064

Note 1: The Sandboxie lead developer suggested that there might be an old workaround applied on your software for the old Sandboxie versions: https://github.com/sandboxie-plus/Sandboxie/issues/2025#issuecomment-1196343325
Note 2: Sandboxie versions after [v1.2.6](https://github.com/sandboxie-plus/Sandboxie/releases) won't have this issue simply because the Sandboxie developer is going to disable the SandboxieLogon feature by default because of the behavior described above.

If I forgot something, add it or fix it accordingly.

@bastik-1001
Copy link
Collaborator

Just to increase the chance of people affected by this bug, get to see another solution, David stated that:

(...)
you can even do the following
add SandboxieLogon=y globally
and SandboxieLogon=n to he box you run your browser in,
and et voila boxes are isolated and browser still works with ssl scanning

Changes are slim, since 1.2.7 disables the new feature and it does not seem likely that people will encounter an issue, and if they enable it, they may attribute that to the feature being experimental.

@ghost
Copy link

ghost commented Oct 22, 2022

@isaak654
Copy link
Collaborator

@Mysteriously
In return for your effort, it was opened a new ticket about it through this form, but they continued to insist that Marcos reply was the correct one (in spite of your denial).

So it would be better if you could open a new independent ticket via that form and mention a more up-to-date version of Sandboxie.

@ghost
Copy link

ghost commented Oct 31, 2022

It is not my issue he can't follow step by step instruction. Also, it is not first time he did it.
This dude ignored few of my requests including but not limited to a potential security hole in their products even if I posted debug logs.
I am afraid I don't want to waste my time anymore.

SBIE 1.4.2+ versions have more reported issues than previous releases

@isaak654
Copy link
Collaborator

The contact form I linked above seems to allow the choice of a different country, so I really doubt the same guy is going to supervise any ticket request, that's the reason of my previous suggestion.

Unfortunately I do not see another way, unless David or other contributors can provide an internal fix.

@isaak654 isaak654 pinned this issue Nov 27, 2022
@isaak654 isaak654 changed the title Any website shows "PR_CONNECT_RESET_ERROR/ERR_CONNECTION_RESET" on sandboxed Firefox/Edge [ESET / Kaspersky] Any website shows a connection error on sandboxed Firefox/Edge Nov 28, 2022
@isaak654 isaak654 added the Help Wanted Extra help is needed label Apr 21, 2023
@isaak654 isaak654 unpinned this issue Sep 20, 2024
@isaak654 isaak654 pinned this issue Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Browser: Chromium Collection of Chromium-based browser issues Browser: Firefox Issues with Firefox-based browsers Help Wanted Extra help is needed Issue: Reproduced Issue reproduced without uncertainties Software: ESET SBIE issues in conjunction with ESET software Software: Kaspersky Collection of Kaspersky issues with SBIE Workaround Temporary or alternative solution
Projects
None yet
Development

No branches or pull requests

5 participants