-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No support for UWP / Modern / Store Apps #19
Comments
I haven't looked into it yet, but I would assume that Windows's own file/registry virtualization used for UWP Apps may be an issue. To be honest the entire modern side of windows 10 is something I try to avoid as much as possible, hence it kinda have negative priority. But that said, it surly can be added just idk. when there will be free time to spent on that. |
Could you please add a feature to apply to every UWP app without repeatedly adding ForceProcess or ForceFolder? |
Sandboxie Plus 1.0.6 added the ability to run Win32 store apps in App Compartment mode, but it doesn't cover UWP apps yet. |
@DavidXanatos do you have an estimation when we will have this feature? |
There is no ETA on this its not high priority |
A contributor certificate in exchange for a pull request to provide initial UWP compatibility would definitely be helpful. |
Any updates on this? I saw somewhere that you could possibly install through PowerShell but I can’t find it now. Would be incredibly helpful to install or run UWP apps in this. |
I wonder why this is low priority, as more and more programs are moving to Microsoft Store Apps. |
I'm surprised this hasn't been explored in more depth already, seeing as how much overlap there is in both goal and execution of Sandboxie and UWPs. The reason UWPs don't work sandboxed is because they are built around the AppContainer format, which itself is a Windows sandbox (https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation). I'm guessing there's something about the AppContainer sandbox that doesn't like to run inside another software sandbox like SBIE. On a related note, Adobe Acrobat has a setting under Preferences > Security (Enhanced) > Sandbox Protection > Run in AppContainer. If you enabled this setting, then try to open a PDF in Protected View in Sandboxie, you should get an error. Opening it outside of Sandboxie should not throw an error. It would be cool if AppContainers/UWPs were supported, especially since Microsoft is pushing for this to be the standard format for executables moving forward. Older Win32 apps can be recompiled to operate inside AppContainers with relatively little effort, so I expect them to become more and more ubiquitous as time goes on. EDIT: I know Sandboxie has configs like |
its fully store app support??, |
Wait... UWP apps are mostly sandboxed by windows already. |
I don't know if it's worth a contributor cert, but I think I required a workaround for MSIX Store apps, a workaround which doesn't necessarily require a PR or any code changes... I definitely think UWP apps fail due to some conflict with MS AppContainers, but not all programs that are packaged with MSIX are containerized. However, many of them will still fail. This is because the MSIX package installer installs programs in the WindowsApps directory, which only privileged system processes can access; not even local admin accounts can access it (admins can forcibly grant themselves access permission, but changing the ICACLS permissions for WindowsApps can cause major system instability. Since Sandboxie can't access WindowsApps, it returns The simple solution is to run Sandboxie with system-user privileges. The easiest way to do this is to download PSEXEC and run @DavidXanatos @offhub Here's the thing, though. I have NO idea what the unintended consequences might be of running Sandboxie with system privileges instead of admin or standard user. I think every user here trusts Sandboxie to be safe, otherwise we wouldn't be using it, but I don't have a clue whether these elevated privileges might make Sandboxie a vector for some sort of attack. If it's safe, then I think my workaround could be recommended. (If it isn't, well, I offer it as inspiration - idk maybe you senior folks can figure out how to make a "system privileged sandbox token" or something that doesn't require elevating the entire app.) Anyway, what do you think? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Really need this feature, especially for communication apps like WhatsApp, Facebook, Messenger, etc. |
kinda offtopic: |
I consider this as a workaround, not an actual solution. This is also not a universal solution and only works for some apps. I have some communication apps; they don't support web browsers. |
you can name the profiles and set colors (eg. in brave) you can even pin the profiles to task bar to quickly open them (eg. one profile for all Meta related apps). on android there is no multiple profiles currently (only work profile as set by the OS). There is a workaround I can give you a hint if you want on how to pin the profiles to task bar like a pro in brave. |
Thank you for the help offer. I know how to do all with browser profiles. But as I wrote, I have some apps, which don't work with browsers, so this workaround will not work anyway. On android, I have dual app and second space feature natively, so I neither need workaround with browser profiles. |
What's the current development of UWP support Is it planned? Remember, if you successfuly implement UWP support, potentially we could achieve cross-platform UWP support on any OS since Wine could also be updated to install and use sandboxie to execute modern Windows Apps ✨ It's like a dream come true And discontinued versions of Windows could also execute appx in that case ✨ |
Can anyone clarify if running Sandboxie with System privileges is a safe/viable option here? |
A link to the roadmap is available in the project history. More specifically:
|
What is the reason that Sandboxie isn't working with apps from the Microsoft Store?
Is it possible to improve Sandboxie so that it also works with Store apps?
The text was updated successfully, but these errors were encountered: