Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Thanks, will do. Unfortunately, it did not work with default settings. Is there a specific key I'm looking for?
     
    Last edited: Oct 16, 2014
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Perhaps is best if you post at the SBIE forum. There you might get a reply from an Avira user who has experienced the same situation. Since you ran the Avira registry cleaner and SBIE still detects Avira, then its possible that Sandboxie is not looking for a key but something else.

    Bo
     
  3. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Just installed the 4.14 64bit version and running smooth here.:thumb:
     
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    J L, just in case, in the Software compatibility window, make sure the box "In the future, don't check software compatibility" is not ticked. I would also see that Avira is not selected under Security/Privacy and All Applications in Sandbox settings>Applications in each of the sandboxes that you are using.

    Bo
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    why when i update i got a window with "done!!!!"
    i tried to install it and i got it "done!!!!" again ?:confused:
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I answered your question in this thread.

    @mods: if you wish, some of the recent technical topics from this thread could be excised to the technical discussion thread.
     
    Last edited: Oct 17, 2014
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    To give a slightly different perspective on Sandboxie protection for in-memory and dll-injection exploits, I focus much more on making my real important data inaccessible (file restrictions blocked) to anything that doesn't need it, and stopping call-out if it does. Normally Windows and program folders are read-only as well.

    Of course this means a (small) amount of configuration, but mainly this is boiler-plate stuff based on drive letters. I'd agree it's not something normal users would do. Ideally I'd like something at sandboxie global levels which implemented the categories below for nominated "private/valuable" data areas.

    Applications in my mind are in three main camps:
    • Internet facing ones, which are inherently at high risk, but do NOT need access to my "real" data (or only need to get say at my media library) - browsers, media players etc;
    • Applications which do read my "real" data but rarely need internet access (and do not get it!) - things like Office applications;
    • Applications which need both.
    The last category I am unhappy about, and will at minimum run in a VM with limited or no access to data (which I then transfer). And in fact, I virtually never run browsers on my main host, don't use plugins etc - all that stuff happens in the VMs, usually with Sandboxie too.

    I think my biggest exposure is Outlook (which is sandboxed but obviously any in-memory malware can merrily scan my pst files which have direct access, everything else is blocked).

    Comments?
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ deBoetie

    I agree that this stuff in SBIE should be improved to make it more user friendly. File protection and other restrictions should be made more visible in the GUI. But it's indeed a great way to stop malware (that's running inside the sandbox) from stealing data. :)
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi Mantra, whenever I upgrade SBIE (over the top), immediately after the SBIE driver message, I always get a "Finish" at the end. I don't recall seeing a "Done" at the end. When exactly you see Done being displayed.

    Bo
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Will do once I finish everything else. That checkbox was not checked.

    *Okay, just made a thread and tried RegSeeker and UltraSearch. No changes.
     
    Last edited: Oct 17, 2014
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    One of the guys from Invincea told me that he thinks Sandboxie is looking for the Avira service. But since you already uninstalled Sandboxie, I don't think that service is in your computer anymore. So I don't know, J L. If I hear something else, I ll let you know.

    Bo
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Thanks. The service isn't on my computer, nor any files named Avira.
     
  13. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    Love SBIE, but even after 4.14 is released I still cannot run latest Chrome on my system with Drop Rights enabled. It gives me a cannot read memory error in a Windows Application popup messaged. So, have to disable Drop Rights for my Chrome and Default sandboxes. Still running SBIE because other than that, it causes me no problems.

    Gary
     
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Invincea is aware of the problem, Gary. According to the post below, they are working on it.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=48&t=19151&start=195#p104035

    Bo
     
  15. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    Thanks Bo and for sure to the ocmpany for adressing this only major issue I am having for quite a while. Whoever hears of this fix first, please update here and htanks again to all great Wilders forum members for being the best support.

    Gary
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    What is the implication of disabling dropped rights if you're already running as a standard user? Does the sandbox refuse if the malware succeeds in escalation?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am not running as a standard users, and don't use Dropped rights in SBIE. There are other software's I use with SBIE that handle that issue.
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Could you share details?
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Sure. Specifically, I use Appguard, which protects in a similiar manner to both SBIE, and SBIE with dropped rights. In addition I use NVT's ERP, EIS, and am testing(and liking) HitmanPro Alert. Also under some circumstances I use ShadowDefender which further isolates the system
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Probably in your case it doesn't make much difference if you use Drop Rights or not. But in my case, since I run as an Administrator, using Drop Rights keeps programs in the sandbox from doing things that require administrator rights. Like, keeping programs from installing in the sandbox.

    You might of read this:
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=19407&start=15#p102897

    That vulnerability had no effect on sandboxes with Drop Rights. I know because I specifically asked Curt about it. Thats an example how Drop Rights can help us to keep our systems intact.

    Bo
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've tried Drop my Rights in SBIE, but it turns my firefox language to something using oriental characters.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Pete, is what you see something similar to this?

    untitled.JPG

    I see that message ONLY in my XP when I run Word files in a sandbox where I enable Drop Rights. In no other sandbox, XP or W7, I see something like that with Drop Rights. And it takes a few seconds to get rid of it so I work around it by disabling Drop Rights in the two sandboxes that I use for Word.

    Bo
     
  23. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Thanks Peter, I guess I use VMs with reversion to snapshot as a way of achieving some of this. I'm also going to take the plunge with AppLocker since the configuration is easier than it used to be, and it can be based on account groups.

    Thanks Bo, regarding WinRM, that's something I disable as part of my W7 hardening process anyway.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Even as an admin, as long as UAC isn't fully disabled (which is not even possible Windows 8+), I still don't see the point of Drop Rights.
     
  25. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    I don't understand. I run Word files sandboxed and have enabled Drop Rights in Sandboxie, but nothing like this
    happens in the accounts I use.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.