Is there a conflict with sandboxie?

[nick]

I have sandboxie on my system and now that I try to use it in combination with ReHIPS there seems not to be compatible. I want to allow sandboxed programs (under sandboxie) but although I try to allow them when ReHIPS asks me the sandboxed programs never start. Actually the processes start (I can see them running at process explorer) but I cannot see anything on my screen. Does this has something to do with the anonymous user that sandboxie puts as the owner of the processes instead of my normal account ? Is there anyway around it?

[fixer]

There recently indeed was a report about sandboxie and my reply to it here https://forum.rehips.com/index.php?topic=13400.msg22539#msg22539 In short words, there was some issue with sandboxie and ReHIPS was just provoking it. So maybe this is it.

[nick]

At what step does ReHIPS decides to display an application in a different desktop? Sandboxed processes are owned by an anonymous user, there is no ReHIPS rules database for such a user. A process with such an owner how is it interpreted by ReHIPS, as an isolated environment that needs a separated desktop to be in?

[fixer]

ReHIPS isolated processes can be started on a separate desktop, it can be enabled/disabled on a per-isolated environment basis in isolated environment options.
There is definitely no need to try to both isolate a program in ReHIPS and sandbox it in Sandboxie at the same time. So just Allow them in ReHIPS (and it won't interfere) and sandbox them in Sandboxie or isolate in ReHIPS and ignore Sandboxie.

[nick]

No the problem is exactly the same like in the post you mentioned, at least with thunderbird and waterfox. No isolation ReHIPS regarding, but when I try to open them sandboxed, the processes start but never display on the screen. I just thought it might had to do with how ReHIPS handles processes (and child processes of them) belonging to unknown untrusted users that's why I asked

(It is similar as when  ReHIPS opens an alert window waiting for a respond. What if a child process of them is not in ReHIPS list yet, will the alert window open in the current user desktop even though the process is owned by a different unkown user?)

[fixer]

No, if a process is allowed, ReHIPS lets it execute as is and doesn't impose any limitations.

Alert window is always opened on the same desktop the main ReHIPS Control Center is opened on. It doesn't depend on desktop of the program the alert is notifying about or on the user the program is executed from.

[Umbra]

i tested both together by curiosity long time ago, i saw this conflict.
Anyway i don't see the point of isolating the same program with 2 sandboxes at same time, not saying Sandboxie is abandoned, not worth wastin g time on it while ReHIPS is obviously superior.

[nick]

Thanks fixer for the respond, was just a thought.

Thank you Umbra, actually I was not isolating those with ReHIPS, just they are not be displayed while ReHIPS processes are running. Rehips is definitely more active and the better alternative to sandboxie with as far as I understand more broad securtity features and that's why is my choice for a switch when sandboxie will be fully not functional. For the time I try to use them synchronously, sandboxie virtualization offers some features I'm used to that do not (I think) exist in ReHIPS, specifically the fact that a sandboxed program does not make any changes out of its sandbox

[Umbra]

specifically the fact that a sandboxed program does not make any changes out of its sandbox

so do ReHIPS, i dont see how a sandboxed program can change something outside the Isolated Environment (unless you allow it via the settings), it would defeat ReHIPS purpose.
Sandboxie uses a single container where all the sandboxes you created are grouped.
ReHIPS also has a container but its isolation is made via hardened user profiles (those are the "sandboxes"); maybe it is what you meant by "changes outside its sandbox"

maybe you can give us an example.