AppGuard and Sandboxie

Do you guys think running both is over kill? considering Appguard really doesnt let anything passed.

 

Yes, AppGuard alone should be enough.

 

i think you dont really need sandboxie when you have appguard guarding ur system

 

yeah running MSE and AG on both my laptops. very good products. im just alittle concerned by the AG changes that may happen.

 

what changes?that may happen man

 

if it doesnt slow you down go for it man or if it doesnt give you any isues why not

 

we dont know yet havnt heard anything yet. just making a statment

thanks for the opinions all.

 

i wouldn mind buy this software as it is trouble free and fast and secure

 

i have set AppGuard at high security level and i feel very secure

 

yeah same here but right now AG is just whats im looking for nothing gets passed.

 

exactly is very strong security program and for 64 bits it plays very nicelly

 

AppGuard and Sandboxie operate in different ways, so it is not an overkill to run both together IMO.

Sandboxie uses a combination of virtualisation and policy restriction, but only for applications running inside the sandbox. Sandboxie is therefore ideally positioned for use as a browser protection utility.

AppGuard uses policy restriction to provide system-wide protection for the real system but does not use virtualisation. System-wide virtualisation can be added using a light virtualisation program though, if required. AppGuard combined with Returnil or Shadow Defender can make a very effective combination.

I use a combination of AppGuard, Shadow Defender, and Sandboxie (on demand), and I don't consider it an overkill.

 

If AppGuard and Sandboxie are going to play nicely together what settings do you use?

I tried moving the Sandbox to a partition other than C: and tried adding exemptions in AppGuard for both the Sandbox on the other partition and the Program Files folder of Sanboxie but could not load Chrome sandboxed.

Can anyone give me some pointers please?

Thanks,

Adam

 

does sandboxie work under limited accounts like Guest?

also if i set my setting to lets say always run IE9 in the sandbox does that config cover all accounts or do i have to set each account up?

 

Hi all,

i can't get SBIE to work with appguard at all.

Obviously, there is a way as I've read several posts on here saying so from users but the posts don't give instructions on how to get them to work!

I would appreciate any direction in how to configure appguard to work with SBIE

Thanks

 

For Sandboxie to work with AppGuard, it must be possible for guarded applications, e.g. browsers, to be able to write to the Sandbox folder.

This will depend on where the sandbox folder is located. If it is in its default location on the system partition (usually C:\Sandbox), AppGuard will treat it as part of system space, which means that guarded applications cannot write to it by default. The sandbox folder must then be added to the AppGuard list of exception folders that guarded applications are allowed to write to.

If the sandbox folder is located on an alternate (i.e. non-system) partition, AppGuard will treat the sandbox folder as belonging to extended user space, which means that it can be written to by default and no additional AppGuard configuration should be necessary to make it writeable.

As Peter2150 has done, it's also a good idea to make exceptions for Sandboxie in the MemoryGuard exception list. The following Sandboxie executables should all be given memory Write access: sandboxierpcss.exe, sbiectrl.exe, sbiesvc.exe, and start.exe.

Not adding these to the MemoryGuard exception list won't stop applications from running inside the sandbox but it might weaken Sandboxie's protection if it is unable to inject code into the memory space of sandboxed processes in order to control them.

 

Thank you for that guide, pegr! I've been wondering how I'd solve the puzzle between AppGuard and Sandboxie without lowering any of the softwares' protection level by mistake.

 

I'm having some problems with Sandboxie and AppGuard. Here's my settings.





Do I need to allow the .exes of Sandboxie to have _both_ write/read access in Memory Guard exception list? The following .exe have been added to AppGuard memoryguard exception list with 'write' permission:



Here's the error I'm getting:







Does anyone know the solution for this?

 

Perfect! Thanks very much pegr and Peter

Update:

IE9 seems to only work if right-clicked run in sandbox.

If I launch from shortcut by clicking directly on it I get this:

SBIE2334 Cannot load DLL file: COMCTL32.dll

And a windows memory refernce error followed by the windows close program dialog.

I have all sbie processes in exceptions list in appguard

 

Most malware authors exploit visible modules mapped in memory and thread characteristics to detect both, and logic bomb out of them or do nothing to live longer. Sandboxie+BSA can still be detected by virtual allocation functions, and through some lesser known syscalls to do with thread states and structures. There are ways to do it in native driver IOCTL queries too. Hijacking their injected code may also be possible if the driver doesn't protect them.

This 'isn't a problem' if I remember correctly though. I use sandboxie for easy cleanup and just block access to history and login data on machines where 'remember' functions are used. Appguard is okay but it's not really flexible.

 

Pegr,
Thanks for info. Could you please help me understand exactly what steps to take to add these SBIE exe files to exceptions list with memory write access as you mentioned. I understand how to add Sandobie folder to exceptions list but am confused about how to deal with exe files and thanks.

Gary

 

Hi Gary,

If you open the AppGuard GUI, press the Customize... button and go to the Advanced tab, you will see the MemoryGuard Application Exception List. Click on the Add button to the right and from the explorer panel that opens, navigate to the .exe file that you want to add and click the Open button to add the application to the list. It will automatically be added for Write access as the default. Repeat this for each application you want to add.

If you need to change the access type, clicking on the word Write in the Type column will display a drop-down list where you can change it to Read or ReadWrite as necessary. You shouldn't normally need to change it though unless the MemoryGuard blocking messages in the Events panel show that the application is being blocked from reading memory, which won't usually be the case.

Regards