Sandboxie and Spyshelter Firewall

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by n8chavez, Apr 12, 2021.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Recently, I've been testing out the combination of Sandbox (5.49.5) and SpyShelter Firewall. I have a lifetime license for SSF, so I thought it might be worth a look. I've having an issue though; I cannot use Firefox running inside sandboxie with keystroke encryption enabled. If I try to the text is just garbled and random. (Keystroke encryption is supposed to prevent 3rd party spying, and should work fine in the intended app.) If I launch firefox out of a sandbox it works fine. Is there a sandboxie setting, or template, I need to apply to get Firefox to function correctly in a sandbox while also using SSF?

    Thanks
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I think it's already answered ;)
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Not really. It turns out that the issue is not restricted to Firefox; Brave, Chrome and Vivaldi are have the same incompatibility with Sandboxie and SSF. That tells me that the issue has to be related to hooks, and could be either one of the two apps at fault. It's not just a simple sbie config/template issue. As far as I know there's no way to globally, or on a per-box-basis, disable protection against keylogging as you suggested. In fact, I can't find any line or template that suggests that feature is a part of sandboxie. The real confusing thing is that the issue is not present in other things that are run in an sbie sandbox with ssf keystroke encryption enable, such as my chat client (Miranda NG). That works perfectly fine.
     
    Last edited: Apr 12, 2021
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That's weird, I'm not having any problems with Vivaldi on both Win 8.1 and Win 10, it runs just fine with the Sandboxie + SS combo. Perhaps you are using another version of Win 10 and Sandboxie?
     
  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Maybe. I'm running SSF 12.5 and SBIE 5.49.7 classic. Would you mind sharing your sbie config? Maybe there's something there that I'm missing or, most likely, vice versa.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I will report back when I'm on my Win 10 laptop. On my desktop I'm using Win 8.1, but I'm not using the latest versions of Sandboxie and Win 10. I believe that I do use the newest SpyShelter. BTW, I still need to install Firefox on Win 10, purely for testing because I think the browser sucks.
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Haha..yeah I agree. Firefox is going in the wrong direction. But that brings up a god point about sbie; maybe the issu is caused by the newer, non-sophos versions. I'll have to test that too.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I've checked it out, I installed Firefox Portable v87 inside the sandbox, and I have no problems at all. I'm using SSF 12.3 and Windows 10 1909. So perhaps it's some other security tool that's causing the problem or it's some problem with SSF 12.5 and the newest Win 10. I also don't have any problems with Vivaldi 3.7 and Edge who are both installed outside the sandbox. BTW, Firefox has been slightly improved, but it's nowhere near Vivaldi's level.
     
  9. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    What do you mean when you say Vivaldi's been improved?
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    This is why I've mentioned about it
    https://www.wilderssecurity.com/threads/sandboxie-and-keyloggers.196864/
    https://sandboxie-website-archive.github.io/www.sandboxie.com/DetectingKeyLoggers.html
    Do you consiedered the use of SpyShelter's feature "Restricted apps" instead of Sandboxie? I'm using it rather without issues.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Wait a minute, all of this feedback and you are only interested in Vivaldi vs Firefox? :p

    No but I said that Firefox has been slightly improved. And let me know if you can fix the problem by downgrading to SSF 12.3 and Sandboxie 5.45, because that might be the problem. I will soon need to update Windows 10 because they won't supply updates for Win 1909 anymore, so perhaps I will also encounter these problems.

    What are you talking about? I think you might be misunderstanding this issue. SSF should be able to work just fine together with Sandboxie, I never had any problems. And SS's "Restricted apps" is not even close to Sandboxie's protection level.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Yes I know but I don't see any problem. SS is much more featured than Sbie so its additional protections and possible settings can make it more efficient, useful and universal tool.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm talking about the problem that n8chavez described, I don't see how your posts are related to that. Again, SSF and Sandboxie should be able to work just fine, so if they don't, then it should be fixed.
     
  14. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    SBIE and SSF should not be considered the same or even close to each other. Even if I were to run certain apps as restricted within ssf, there are certain downsides; the clipboard does not function in restricted apps. Also, in my experiences, the password manager Bitwarden does not correctly fill-in fields when used in a ssf-restricted application. SBIE has the ability to isolate programs in a separate RAM disk, away from the rest of the system. Can SSF do that? No. Does SSF have the ability to delete all changes that I did not specifically allow? No. They are not the same. I much prefers SBIEs method of isolation to that of SSF. Rasheed186 is right. The two should be used together. If I had to maker a choice between sbie and ssf, I'd chose sbie every time.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No correct, Sandboxie does a better job when it comes to isolating apps. But this thread isn't about SSF vs Sandboxie, they actually make a great combo, I have been using them together for at least 10 years or so. Let me know if you can fix the problem, and now that I think of it, you never told me which Win 10 version you are running?
     
  16. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    The same issue was decribed by @n8chavez and discussed on MT forum. I don't see any reason to repete here some advices and tips.

    Maybe I don't know in details how Sbie works but I think I'm rather a bit aware about SS modules, settings, etc. So I'm capable to find diferences.:isay:

    I din't observe such issue in my expiriance...restricted internet browser, PDF viewer, picture viewer, media players and Notepad are working properly. Even advanced app like MS Office can work properly if you make nedded exclusions in "Folder with write access" tab or/and if you unblock access alerted in "File access violation" tab (from context menu).

    Two things here: Bitwarden is using encryption...right? So if you restrict such app you should expect that some needed privileges can cause some failers what is described in help file. Second thing...what's the sense of using "encryption of encryption"?

    As you mentioned Sbie offers two basic features - apps restriction and apps isolation. There are some others important? ;)
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see, I didn't know about this. Do you have a link because I might update Win 10 soon, so I don't feel like getting the same problems since both Sandboxie and SSF are important tools for me.
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    That's true. But is there something wrong with casting a wide net? Not everyone is a member of malwaretips.

    But the exclusions tab does nothing to allow or prevent the clipboard from working, which has been my problem. Also, using SSF prevents true idsolation that I can get with SBIE. With it I can use a RAM drive, with SSF everything is still on my local system drive.


    You're forgetting my problem with encryption not working. That was the reason for this thread in the first place. That caused me to disable keystroke encryption. Also, are not the same type of encryption being used; one is keystroke the other is an encrypted file. There are not the same.
     
  19. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Correct. I had to mention the differences because ichito thinks I should just drop sbie and use SSF. But there are reasons why I won't. Also, I am using windows 10 x64 20H2 build: 19.042.928
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see. So that's why you are probably having problems. I'm using different versions of Sandboxie, SpyShelter and Windows 10. So I will probably stick with these versions.
     
  21. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    The only problem I'm having between the two is with keystroke encryption. Other than that they work really well together. When you consider the fact that you can easily change the permissions on whatever app is sandboxed within SSF to be more restrictive and block things like loading drivers and changing the properties of other processes, etc., I say upgrade. You're more than safe even with that one flaw. Newer version of things, especially SBIE fix bugs, and is a good thing to upgrade.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, that's a serious problem for me. Keystroke encryption is one of the features of SpyShelter. So that's why for now I will not upgrade to Win 10 20H2. Also, if stuff works correctly and I don't see any new interesting features, I often don't update apps. On both Win 8.1 and Win 10, the Sandboxie+SSF combo is working just fine for me, no need to mess things up.
     
  23. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Hi,

    * My other question is how does Shadow Defender work with SpyShelter Firewall? Any thoughts?
    * How often is TinyWall updated?

    Questions, please! Say for example, ChineseRarypt ransomware, causes the windows system to reboot to force the ransomware onto the system. Another, example would be Peyta ransomware would SpyShelter Firewall still stop the ransomware from being put onto the Windows OS?
    * Cylance Smart Antivirus seem to have really improve, wonder if you could whitelist
    with SpyShelter Firewall? Below:

    hxxps:// www. youtube.com/watch?v=IoCg7PhrxQs

    Many thanks, and kind regards.......
     
    Last edited: Apr 28, 2021
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    SpyShelter isn't meant to protect against ransomware and it's best to ask your other questions in other threads about Cylance and TinyWall.
     
  25. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    251
    Location:
    Poland
    Shadow Defender will protect him against ransomware and spyshelter too if your bad options/configuration HIPS somehow allow you by your wrong decision you can still add SRP limit process for specific folder to save/control and than for sure will protect again'st ransomware..

    There was old topic on other forum dont remember by was one fresh ransomware 0 day wyich bypass all solution hips and only spyshelter covered it by this SRP function..
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.