AppGuard 3.x 32/64 Bit

That's great to know SLE
Thanks a million

 

All that's needed is:

sandboxierpcss.exe
sbiesvc.exe
Added to Memory Guard, Read/Write

And

c:\sandbox folder to the folder exception list under the guarded apps tab with read/write permissions.

Nothing needs to be in Power Apps, now!
This is for SBIE 4 beta.

 

Sorry to have to say it again but in 3.xx versions of SBIE on x64 systems it IS necessary to add SBIE processes to Power apps in AppGuard.

SBIE 4.xx and above may change that but anyone using 4.xx has to be aware it is beta and you should not expect it to be fully functional.

Cheers

 

No, not here on Win7 and Win8 if the other exclusions mentioned are set.

 

Odd. Running both too on 7 & 8 and definitely needed for me. Just tried it again to make sure.

Will try re-installing both to make sure but your the first I've heard of who can.

Cheers

Edit: Quick question. AppGuard on Lockdown?

Edit 2: Wow, worked with just an uninstall and re-install of SBIE rather than over the top. Not sure what the issue was previously for me but those issues had led me to believe the early conflict still existed. Thanks for putting me right! Tzuk can probably remove the conflict message now. Apologies to anyonr I've confused

 

Barb C,
I noticed in Guarded Apps that cmd.exe, rundll32.exe, and regsvr32.exe are listed. It appears these executables are from the System32 folder. My question, what about the same three executes from the SysWOW64 folder? Are they guarded as well? This is, of course, for a 64 bit Windows OS (Win 8, in my case). I tried adding them manually but they were gone after a reboot.

Thanks.

Best regards,

Bob

 

Yes, both 32 bit and 64 bit of these executables are guarded. Basically, any executable from the System32 folder that is guarded will automatically have its SysWOW64 counterpart guarded.

 

Is it possible to change the protection level (e.g., High to Medium) on one or two single processes - or is it one or the other for everything? I have a couple trusted apps that won't run on the High level, but are OK on the Medium.


BYW. . . is the purchase of AppGuard good for a single computer or for 3 PCs?

 

Thanks for the reply. I appreciate it. But, before I discovered that cmd.exe was in Guarded Apps I tried adding it but was informed via a popup that it was already listed. If what you say is true then why didn't I receive a popup when I entered cmd.exe, rundll32.exe, and regsvr32.exe from the SysWOW64 folder? Logic would lead one to surmise that I should have if the linking or coding existed.

Thanks again.

Bob

 

It depends on your system. On 64-bit systems, Sandboxie may not work without making the Sandboxie executables power apps. On 32-bit systems, Sandboxie usually works without using power apps. If Sandboxie is already running okay on your system without using power apps then you don't need to bother.

 

No idea about SBIE 4. I'm going to wait until it comes out of beta before updating.

It isn't necessary to move the sandbox container to user space - it's optional. Allowing read/write access in system-space is sufficient to get Sandboxie working (apart from maybe needing to use the power apps feature on 64-bit systems).

What adding the sandbox container to user-space does is ensures that any executables downloaded to the sandbox container would automatically be treated as guarded applications by AppGuard, even if Sandboxie weren't running. It's a bit of extra belt-and-braces protection, nothing more. If the sandbox container were relocated to another drive, it would be in user-space anyway.

 

Ok, that sounds sensible.
So for Sandboxie 3.76 ,windows 7 64 bit, Appguard set to high , I have

c:\sandbox added to guarded apps settings ( read/write )

c:\sandbox added to user space ( yes )

advanced settings
SandboxieRpcSs.exe (write)
SandboxieDcomLaunch.exe (write)
SandboxieCrypto.exe (write)

Things seem to be running ok, do the settings look ok pegr ?
I seriously appreciate yours and others advice

No sandboxie files in power apps

 

Just added appguard to my sbie setup with the recommended setting. So far so good.

 

If things are running okay then, yes, you're good to go.

 

diamond geezer

 

I have what I'm sure is a very unusual question. . .

I have one very old DOS program that I still use (can you believe it? ). I have it set up and running on my Win XP SP3 system and it has been working just fine. I've used it for years - have tons of data in it - and want to keep using it.

The problem is that AppGuard doesn't like it when I have the Protection Level set to High. However, it starts just fine at the Medium level. At the High level setting, I get an error message saying that it's "not a valid Win32 application" (which is very true). I've tried making it a PowerApp (doesn't work), and I've tried unguarding it in User Space and setting Include to No, but that doesn't work either.

I guess I can change the Protection Level to Medium each time I need to use it, but I sure wish there were a way to make it accessible on a permanent basis. I am far from an AppGuard expert, so maybe someone with a lot more experience than I have can offer a suggestion or solution -- I hope!!!

 

There's a directory directly on C:\ (not in program files).

 

That's strange because I too have an old DOS program that runs directly from a directory under C:\ and it runs okay at the High protection level on Windows XP SP3 without needing to do anything special within AppGuard.

It's definitely worth trying Pete's suggestion to move the folder to Program Files; but, in theory, that shouldn't make a difference as C:\ and C:\Program Files are both system space folders, and all program launches from system space are allowed by default so this program should have been able to run.

The fact that the program runs at the Medium protection level and not at the High protection level suggests that AppGuard thinks it is running from user space, not system space; but I don't know why that would be. You could try using Sysinternals Process Monitor to see what is happening when this program tries to run.

 

I don't currently have any kind of Compatibility Mode set for that DOS program (Properties). Do you think that would change/help anything at all?

 

Are there any files that your DOS program must access in the userspace? Are all the installation files located at C:\ or could there be some in the userspace?

 

That's what I was wondering too, which is why I suggested using Process Monitor to see what is happening when the program launches.