Sandboxie Acquired by Invincea

i think he's trying to say "icing (on the cake)". looks like a typo.

 

i had a game which write "hicing" (it still do) which is the same as "icing", i dont know why.
the matter what i want to tell that vendor on the result tabel(s) on VT is participating in the results and get alert when at least one engine found malware. even microsoft. windows10 has a good malware detection, comparable to others, has antiexploit detection, has ransomware detection, even in mails. has aslr (v2), has dep, has cf, (process isolation is called sandbox) - has real sandbox now. has process management (whitelist), has rights managment. problem - people dont use it if they dare. to admin that other products had "cloud" before windows defender, either like VT or its own database and without defender never get that strong, but for now its not really needed. people like to stick with the past.

a current example how people are influenced
https://github.com/processhacker/processhacker/issues/454#issuecomment-559461593

processhacker had no change since 2017, first warning was march or may 2019 and now end of nov'19 windows defender. big crying, wtf, how and why me. they ignored that this file existed for over 2 years now and nobody complained. some vendors ruddered back, also microsoft, you wont find sys-file listed in windows defender because there is no reason. maybe the code is similar and in times about emotet and co are sensible. the problem behind is that they stick with the past and their behavior. instead telling people how bad the web is - ofc in parts it is evil - some need to tell them how to react, in special on "certain" mails.

i abandonned any active antivirus or hips a decade ago, its complete waste of time. dont want it? dont click it! dont load it!
people scared by attacks in browser? why? wrong browser? wrong page? since browsers got really powerful against bad content ransomware get spread in most cases by email. Rasheed pointed it out, although the example is old.

anyhow it is worth trying without full blown suites, or hips, or tools like hmp(a).

 

Ok. Maybe the Jan 2020 version of Edge will be compatible with Sandboxie.
Thanks for the responses.

 

I doubt it, as that will also run AppC.

 

Well darn!

 

i tried new edge (chromedge) to install in sandboxie - failed. needed shadow defender. evaluating binary extraction from msi file...

 

Is the Chromium Edge an official release now or is it still in the beta stage? (Never mind for the time being that this knucklehead is too lazy to look it up. )

 

It's currently available as a beta. Official release is coming in January, so I guess this month

 

not matter of this thread but new Edge could be very limited in extensions (would say: none), need beta to install from chrome store. for now its better to stick with chromium then. extraction binary from msi file failed, not the same file.

 

Key word here is "could". We don't know yet. I think it would be foolish of them not to allow you to install extensions from the Chrome store.

Personally, I'm happy with AppContainer/Edge and SMPlayer using Malwarebytes Anti-Exploit. Less issues than Sandboxie/Firefox and Sandboxie/SMPlayer IMO

 

I'm sorry, but I'm confused. I'm currently using the Edge beta and I have 9 extensions installed. Are you saying that when it comes out of beta that my extensions will no longer work or won't be available?

 

see Beyonder

 

I need to install a MSI file/package that is needed for another program to run, in a sandbox, and am unable to. I tried extracting MSI file, that works, but I can't install it then...
Do you guys know of any workaround that could enable installing a MSI package inside a sandbox (under Sandboxie)? Maybe some setting that I could (temporarily) change in Sandboxie?

 

which program exactly?
normally it is possible to use extracted msi setups because the result is a msi file + data, but if it already failed in sandboxie i dont have much hope for you.

 

Feel free moving this discussion here
https://www.wilderssecurity.com/thr...ed-edge-looks-like.414193/page-4#post-2879850

The short answer is that they will work, and nothing will change. Cheers!

 

https://www.mono-project.com/download/stable/

The 32-bit version.

 

no problems here, windows 10 1809 x86. box has web access and admin rights. no other limitations. msi and as extracted msi+data.
create a logfile next time and search for failure.

 

I'm on v1903 of Windows 10 and I can't install MSI files in a sandbox (under Sandboxie). I think I was able to when I was on v1809.

 

https://www.sandboxie.com/KnownConflicts#Installing programs

 

I've seen lots of reports about MSI install failures so I did some testing in my VMs. I found that things which would previously install properly in SBIE would not even 'start' on Windows 10 1909 x64. I was then able to open enough to allow it to 'start' but then later in the chain it would again fail. Those same installers would have no issues with SBIE and older Windows 10 versions.

This is a real issue specific to 1909 x64 (I haven't tested x86 but judging from the above comments it doesn't face the same problems.) As 1909 is well and beyond official release and x64 is much more widespread you'd hope sophos would take notice and do some testing itself instead of repeating old and unrelated things.

As such I find all these unhelpful comments and quotes related to more generic possibilites when the specifics have been mentioned time and time again to be rather annoying...like I suspect many of you find me to be

When first launching the msi, before anythign is even actually installed or even a prompt given I would encoutner an alert, "The Windows Installer Service could not be accessed." blah blah blah

After adding "{000C101C-0000-0000-C000-000000000046} Msi install server" to OpenClsid it would actually allow it to start the INSTALLER again.

However once you got so far as the actuall INSTALL, you'd be greeted with another alert from the INSTALLER itself, "The Windows Installer Service could not be accessed." blah blah blah sound familiar?

After that even after bypassing some other resources to basically expose as much as possible I wasn't seeing why it was failing and it simply refused to even start installing. My guess is they need to update the hardcoded checks for MSIs and 1909.

Also worth noting, I didn't test on an up to date 1903 x64 either but had no issues on an up to date 1809 x64 but even my 1909 x64 test was done on a virgin install with no updates required to reproduce so it should be rather simple for others to see if they also bother to try instead of assume its related to something the msi is trying to add...this is basically instant!

 

MSI installers used to work fine, it broke after some random CU update that happened in 1903.

 

Is there a way to find the exact Windows Update which messed up MSI installations under Sandboxie and remove it?

 

Hi
Since, Firefox 72.0 or 72.0.1. I'm seeing >

Code:

SBIE1308 Program cannot start due to restrictions - CompPkgSrv.exe [Firefox]
SBIE2222 To add the program to Start/Run Access Restrictions, please double-click on this message line
SBIE2314 Canceling process CompPkgSrv.exe

Curious, before I Hide.
Is 'CompPkgSrv.exe [Firefox]' a Windows service https://www.file.net/process/comppkgsrv.exe.html or Firefox service.
Why 'SBIE2314 Canceling process CompPkgSrv.exe' when calling Firefox support pages and YouTube pages?
What program cannot start?
'SBIE1308 Program cannot start due to restrictions - CompPkgSrv.exe [Firefox]'

Comments?

Edit:

Code:

SbieCtrl_HideMessage=2222,CompPkgSrv.exe [Firefox]
SbieCtrl_HideMessage=1308,CompPkgSrv.exe [Firefox]
SbieCtrl_HideMessage=2314,CompPkgSrv.exe

Curious...what's CompPkgSrv.exe?

 

Hi bjm, I haven't seen any messages related to CompPkgSrv.exe. According to a quick Google search that file is part of the operating system.

I gone to YouTube, and the file doesnt try to run.

FWIW, I found an annoyance (an old one) coming back to Firefox with the update to 72.0.1 (I skipped 72). See the Firefox thread.

Bo

 

Okay....CompPkgSrv.exe remains head scratch, for me.
Thanks
Okay....posted on Firefox thread.

Edit: as test > removed SbieCtrl_HideMessage code + disabled Firefox add-ons and reproduced (intermittent) CompPkgSrv.exe message on more sites. So, not just YouTube n' Firefox Support sites.