Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Yes, 5.22 is the last version for XP:
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    assuming they wont share code for special compiling? :D

    thx
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Um, don't know what/when changed. I've removed Full Access *\mailslot\NVTInj\* in my sandboxes.
    Exe Radar Pro 3.1 appears to communicate in my sandboxes.
    ...any confirm Full Access *\mailslot\NVTInj\* is no longer needed?

    Edit: ERP appears to prompt for an application after that application is sandboxed by Sandboxie.
    Maybe, that's not the same as communicating with an application.
     
    Last edited: Dec 31, 2017
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi bjm. If the behavior of NVT is the same when it monitor programs running sandboxed as when they don't run sandboxed, then you don't need full access settings or compatibility settings. Even when this settings are available, if they are not needed, you are better off not using them.

    The prompt you mention in the Edit kind of tells that NVT and SBIE are OK working along each other. What I would do if I was you is run a few programs, executables, and compare behavior. See if there is a difference in the prompts or behavior by NVT. I reckon there ought to be a difference when Sandboxie is added to the mix, but what is the difference, and does the prompt tells you anything that gives a clue of what you are actually running sandboxed. If it does, then I think you are OK (without using settings from the SBIE side).

    Bo
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    for example: ExeRadarPro Alert Mode + call HitmanPro (not whitelisted) w/wo sandbox
    2128.png
    2129.png
    ...after reading message & message.
    ...thought I'd see how ExeRadarPro works without Full Access *\mailslot\NVTInj\* in my sandboxes.

    Edit: any idea what the presumed compatibility template Full Access *\mailslot\NVTInj\* is/was supposed to satisfy?
     
    Last edited: Jan 6, 2018
  6. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    994
    Thanks a lot for the Info!

    :thumb:
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
  8. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    994
    @ bo elam, I did that. Thanks!

    :thumb:
     
  9. plat1098

    plat1098 Guest

    Hey everyone: after ditching Firefox before due to mystery high CPU, I reinstalled it after this I Robot thing died down but high CPU from Firefox exe came back. So, based on some great user reports, I opted to try Yandex browser. After setting up a sandbox, I thought correctly, I'm getting this error 2203:
    yandex sbie error.PNG
    I checked for known conflicts--none, and read other posts in the Sbie forum on the error code and these were kind of left dangling. Any insights? I believe I added every Yandex folder from every space on C:

    Edit: I tried this: Set Yandex as default browser and ran it under Default Box--very simplified, and got the same message, one after the other. I'm thinking there's incompatibility there. Should this be reported on the Sandboxie forum, you think? This browser looks promising, it might be worth it.
     
    Last edited by a moderator: Jan 3, 2018
  10. guest

    guest Guest

    @plat1098 this alert, which exist since years, is for almost every chromium browsers; there is no fix i know about, the only "solution" (which i don't like much but have to do) is to just hide this alert.
     
    Last edited by a moderator: Jan 3, 2018
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    Hi plat1098, if Yandex works fine despite the message being issued, then its OK to ignore it and Hide it. I used to get one like that for KMPlayer in XP, that didn't stop me from using the player. Everything worked the same as before I started getting the message.

    Suggestion about Firefox. Try the 32 bits version of the browser, you might get a nice surprise,

    Bo
     
  12. plat1098

    plat1098 Guest

    Yep, five minutes after I posted, I took Yandex off, figuring there was something off there. Thanks for tip. :)

    @bo elam: OK, will have to try that. Definitely worth a try. Otherwise 20% of a 4.0 GHz CPU for just one YouTube music tab and couple of static ones is absurd and suspicious, right? IE was using 4-5% for the same things, and much less RAM.
     
  13. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  15. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    YW Mr. X
     
  16. stvs

    stvs Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    34
    Location:
    greece
    and now the first serious challenge for sandboxie:can protect sandboxed browser against this cpu kernel
    attack ? my opinion is no! i remember tsuk said a kernel attack might bypass sbie
    the sbie forum is silent about that question.
    also microsoft will patch the kernel then sbie needs a new version(will need a lot of time) about this new patch
    in the meantime we are all vulnerable.
     
    Last edited: Jan 4, 2018
  17. stvs

    stvs Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    34
    Location:
    greece
    sorry typo, its not a link
     
  18. stvs

    stvs Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    34
    Location:
    greece
    i guessed right!

    Post by Curt@invincea » Thu Jan 04, 2018 10:04 pm
    shmu26 wrote:
    Thu Jan 04, 2018 7:46 pm
    They are now saying that it can be exploited also from web pages, and both chrome and firefox are vulnerable.
    So the question comes back: will sandboxing the browser protect from a web exploit of this type, which steals data from memory? We are still investigating these issues. Since these are hardware problems that bypass Windows entirely, I doubt they can be stopped by sandboxing. Most likely these can only be mitigated by Windows kernel patches (i.e. Microsoft).

    There is no reason to panic. There is no known exploit of this bug in the wild, and MS patches are being distributed now.
    Top


    https://forums.sandboxie.com/phpBB3...&sid=e86a24cd2f80f18a427a8a7760c9dad8#p131705



    so guys the end of security is here ..until microsoft find a patch,but the total solution is intel to redesing the cpus!
    lets pray to M$
     
  19. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Yeah like Intel ME is ever going to go away
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I think we are as vulnerable today as we were a couple of days ago. No real difference. :)

    Bo
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    The Windows update works fine with Sandboxie in W10, nothing appears to be broken. I tested everything I do sandboxed, all seems well.

    About W7. My W7 is 32 bits, I am going to install Windows updates after updating Sandboxie to 5.23.3....and see what happens.:)

    Bo
     
  23. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Well, the more the exploit is known as time passes the more bad people will try to attempt to use it.
     
  24. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Thanks MR. X I'll give it another try with the new update. Trying it in 7 64 bit Bo, will let y'all know what happens. EDIT: Updated Sandboxie to beta 5.23.3 64 bit and Reinstalled KB4056897 windows update and all are working well. :thumb: Good job.
     
    Last edited: Jan 4, 2018
  25. plat1098

    plat1098 Guest

    Updated one to 523.3/64 bit. Just have it on the browser for now as all these Windows/Intel issues are still swirling around. Plus, I don't feel like doing anything right now. Just grateful these machines sailed right thru this mess.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.