Sandboxie Acquired by Invincea

Still broken here. YMMV

 

What error messages do you get?

 

SBIE2205 Service not implemented: Win32Init.6 (000000AA)

 

Very odd. Wonder why it works for me. Installed Sandboxie before I installed Kaspersky. There was another user at Sandboxie forums who also reported it's working now. Link here.

 

What applications are you running in the sandbox? People using Opera haven't had the issue in the first place, so it depends what apps are you using.

 

I am running Spotify and Teamspeak. Tried all different stuff in Download folder too without any error so far. Only been testing for a couple of hours so I can't say for sure it's 100% working.

 

Try running Firefox, IE or Chrome. Kaspersky applies additional protection mojo on those browsers.

 

SBIE2101 Object name not found: , error OpenProcess (C0000022) access=001FFFFF initialized=1
SBIE2314 Canceling process chrome.exe [6852 / 9]
SBIE2314 Canceling process chrome.exe [6852 / 9]

You're right. Chrome doesn't work.

I'm not going to sandbox Chrome though, as it has a not yet breached sandbox. I also keep the renderer in AppContainer so I'm not worried at all. Kaspersky will do the rest I suppose. I'd rather keep all other medium-integrity applications within Sandboxie.

Is any of your Sandboxie'd applications working with Kaspersky or just the browsers?

Thanks for checking with me on Chrome, didn't notice that.

 

Firefox/Browsers seem the only one problematic here. Which is expected- Invincea said the issue is with Kaspersky's Safe Money feature.

 

Yes, it is. The Safe Money feature really, really digs deep into Windows. I've thrown keylogger simulators, privately written keyloggers/screen capture malware etc. Everything fail against Safe Money. What I can't understand is that Invincea claims Kaspersky's bad coding is the cause for the incompatibilitiy. I don't know the code in Sandboxie, but it seems to me Kaspersky's coding is intentional. No wonder Kaspersky's acing all these banking malware tests.

However, I'm glad Sandboxie and Kaspersky for the most part are compatible with the other.

 

I think they mean code leftovers from a sandbox or sandbox feature previously used by Kaspersky is what causes the conflict.

Bo

 

The classic sandbox feature has been removed a long time ago from Kaspersky. What remains active is the "inverse sandbox" that protects your browser from the (infected) system- Safe Money.
So the fix isn't as simple as removing the obsolete code.

 

Yes, its likely even if the old code was removed you would still have to disable Safe money for compatibility with Sandboxie. Often, addons/plugins of that kind in antiviruses conflict with Sandboxie.

Bo

 

Sandboxie beta 5.13.6 has been released by Invincea.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=58&t=23084#p121863

Bo

 

Today while browsing on Wilder Security using firefox running with Sandboxie I accidentally clicked File then Exit in Sandboxies Control panel. This stopped Sandboxie and Firefox was left running uprotected. Now I am not concerned given I was browsing here and didn't visit any other sites, but is there anything that can be done to prevent this. I am wondering if Exit should kill running processes or pop up a warning. Maybe there is a configuration setting I have missed?

What happens also if Sandboxie just crashes is terminated externally?

 

No, you only exited the Sandboxie control interface. The sbie service is still running.

 

Well the yellow border disappeared. How can I check that Firefox is still protected?

 

Sandboxie can protect without the control gui/tray and though it does limit a few functionality aspects, it doesn't mess with the protection it offers. In particular, as you found, the border and 'gui' components do not work. In addition if you've set up boxes to auto-delete on close this will not work without sbiectrl as for some reason this is where the delete routine is handled. It's been opinion that it should be handled by the primary sandboxie service but then who listens to me?

As yours was a mistaken case of closing sbie control you could likely have just opened another instance and used the 'File > Is Windows Sandboxed?' option or seen the box active still in ctrl.
If Sandboxie actually had issues a program wouldn't suddenly be unprotected but would more than likely just crash/cease to function at all.

 

True. Anyone can confirm that using Process Explorer by looking an active SandboxieCrypto.exe process within a Chrome instance.

 

pling man, do this test.

Open Firefox sandboxed. Exit Sandboxie control. Exit Firefox.

The question now is What happened to contents inside the sandbox, right?

You can verify that contents have gone nowhere by tesring in two different ways.

1. Reopen Sandboxie control. You can do that via the SBIE folder in Start menu. Delete contents in the sandbox. You ll be able to delete contents because they have gone nowhere but remain inside the sandbox.

2. After you open Firefox sandboxed, exit SBIE control but leave Firefox running.

Now go ahead and reopen SBIE control, you ll see Firefox running in the sandbox. Or you can do the Is window sandboxed? test via SBIE control>File.

Changes are kept by the SBIE driver. Sandboxie control is the UI. Nothing to worry. Check this out, if for example you unplug the PC by mistake and you dont have a battery, same thing would happen, contents remain inside the sandbox.

Bo

 

Thank you all for the advice. I did the check from Mister X and the tests from Bo elam and I can confirm I am safe and Sandboxie was still protecting my system.

Syrinx: Thanks for the tip on File>Is Window Sandboxed.

 

Beta 5.13.7 has been released.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=58&t=23084#p121863

Curt is asking for help .

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=58&t=23084&start=120#p123232

Bo

 

Well in that case....I installed it and so far so good. Stay tuned.

 

Beta 5.13.8 has been posted, nice version for Vivaldi users.

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=58&t=23084#p121863

Bo

 

I thought I would try to lock-down my sandbox to provide additional protection against keylogging/data theft by restricting what is allowed to run and what is allowed to access the internet. I now have these entries in my configuration so only firefox and keepass can run and only firefox can access the internet.

ProcessGroup=<StartRunAccess>,firefox.exe,keepass.exe
ProcessGroup=<InternetAccess>,firefox.exe

But this was also added, which I don't really understand.

ClosedFilePath=!<InternetAccess>,InternetAccessDevices

Does this mean that only programs in the <InternetAccess> group can access the internet?