AG+ERP+SBIE

Not overkill to me, I use all three with Online Armor. In Online Armor I do have both Windows and Program files excluded.

In Appgruard, give all the SBIE and ERP exe's memory guard read write excludions. I also made the erp exe's power apps. Additionally in my case I added all the OA exe files to the memory guard exclusions, both read and write.

I also add Adobe and other appropriate apps to the guarded list.

To Make ERP work with SBIE do the following:

1) Open SandboxIE
2) Browse to Configure->Edit Sandbox
3) Under the sandbox paragraph (ex: [DefaultBox]) add this line:

OpenIpcPath=*NVTERP_IPC*
OpenIpcPath=$:EXERadar.exe

Or add those lines under Resource Access>IPC ACCESS>Direct Access

Under ERP I whitelist all of Windows and Program Files.

Then under the Vulnerable tab, which should already have some exe's in it, I add all the Java exe's


Hope this helps.

Pete

 

FAE is a great product, but the answer is nope. I looked at it before getting into ERP. It's solid, can do DLL's although I don't see the need. I was talking with them as I had problems getting it to work with SBIE, and then it broke FDISR, because it locked it's driver. Then there is the cost. $64 per license, and about $35 per year renewal.

At this point ERP is so much superior. The whitelisting of command lines, and the wildcard commandlines. The vulnerable processes, just to name a few.

Then there is cost, plus a big difference in support. Nope stick with ERP.

Pete

 

Each Sandbox. I didn't make SBIE a powerapp, just put all the SBIE exe's in as memory guard exceptions allowing both read/write. Try that first.

Pete

 

Putting SBIE exe files in the Appguard memory exceptions, should stop those.

Pete

 

Just keep adding them until the messages stop. But I also have
sbiesvc.exe
sbiectl.exe

Pete