AIS Sanboxed Browser Issue

I use Chrome as my browser, and I have it set to “always be sandboxed”. I un-ticked the top 2 boxes in the “web browsers” settings tab in: additional protection > sandbox > expert settings > web browsers, and I ticked the 3rd box that talks about “not virtualizing all browser settings”. All other sandbox settings are default.

When I test the sandbox by downloading Piriform’s Speccy, it works as I would expect. It looks like the program is installing, with every box that pops up having a red boarder around it, but as soon as I close Chrome, everything is gone and was never there.

But last night, I went to my online Yahoo mail account and I wanted to watch a known clean to me, Windows Media Player video. I clicked on the attachment, saved it to my desktop and once it was loaded, I clicked open from within Chrome. ( If you are unfamiliar with Chrome, you can’t “run” a program like in IE, you have to save it like in FireFox, then chose open. ) I never looked to see if the file was on my desktop. Once I hit open from within Chrome, Windows Media Player opened with no red boarder around it. The video started to play and after 10 seconds, it froze, making a loud screeching sound and totally locked up my machine. I had to kill the machine and do a forced shutdown.

All is fine now, but my question is, shouldn’t WMP have opened up with a red boarder around it to show it was within the sandbox? Did my settings cause this? To me, this behavior indicates that the download got through the sandbox. :o

But was WMP sandboxed? Seems you’ve sandboxed just Chrome… Not sure if it should work that way… although a sandboxed process should open any child process also sandboxed.

No, WMP wasn’t / isn’t sandboxed. I thought that anything that needed to be opened or used would be sandboxed too. I’m new to sandboxing, so I don’t know if I need to change settings, or if what happened is normal behavior…Seems like it shouldn’t be?

Just that “run” into Chrome seems not be like you’re saying.
Or avast sandbox is being “bypassed” by Chrome.

No, Chrome is being run in the sandbox correctly. I see 6 processes being run in the sandbox monitor in the avast! GUI.

I ticked the box that allows Chrome to “save a download to the default location outside of the sandbox.” That has fixed the problem I described above, but it’s not as safe because the download is now out of the sandbox. I might try unticking that option which would keep the download in the sandbox, and I will add WMP to be run in the sandbox and then I’ll see if that works.

Most users run Free, so there’s not a lot of traffic on this AIS subject. :cry: