Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Firewall "Authorized Local Principals" Bypass #4408

Open
KztyAQ opened this issue Nov 29, 2024 · 2 comments
Open

Windows Firewall "Authorized Local Principals" Bypass #4408

KztyAQ opened this issue Nov 29, 2024 · 2 comments
Labels
Confirmation Pending Further confirmation is requested Feature: Network Network related issues

Comments

@KztyAQ
Copy link

KztyAQ commented Nov 29, 2024
edited
Loading

Describe what you noticed and did

Windows Defender Firewall has built-in "Authorized Local Principals" feature that limits application network access based on user SID. For example, rules where Authorized Local Principal is exclusive to "BUILTIN\Administrators" are not going to allow applications under those rules to access network if those application are launched as users (with user SID).

Sandboxie with Sandboxie SID bypasses that feature. Limiting Authorized Local Principal to user native SID ("BUILTIN\Users" or "MachineID\UserID") allows sandboxed applicaitons with Sandboxie SID to access network.

How often did you encounter it so far?

No response

Expected behavior

Applications using Sandboxie SID should allow themselved be filtered by Windows Defender Firewall rules and only have network access when Authorized Local Principal is set to "Any" or set to Sandboxie SID, but I don't think it is possible to select "Sandboxie SID" under "Authorized Local Principals".

Affected program

N/A

Download link

N/A

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

5.70.3

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 11 24H2

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

N/A

Did you previously enable some security policy settings outside Sandboxie?

N/A

Trace log

No response

Sandboxie.ini configuration

No response
@KztyAQ KztyAQ added the Confirmation Pending Further confirmation is requested label Nov 29, 2024
@offhub offhub added the Feature: Network Network related issues label Nov 29, 2024
@offhub
Copy link
Collaborator

offhub commented Nov 29, 2024

  1. You can try using Application Compartment type sandbox. (This will use a normal user token)
  2. You can use Sandboxie's own network access restrictions.

@KztyAQ
Copy link
Author

KztyAQ commented Dec 1, 2024

The issue is that Sandboxie does not respect "Authorized Local Principals", but it respects rules where "Authorized Local Principals" are set to "Any". If it respects "Any", then why does it not respect other than "Any".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Confirmation Pending Further confirmation is requested Feature: Network Network related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@offhub @KztyAQ