Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. chris1341

    chris1341 Guest

    Me to ;). First RC status for SBIE?
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I believe it is. Usually it was final right after beta.
     
  3. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    700
    Location:
    North America
    Ditto. 4.10 RC working well here also.
     
  4. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    :):thumb:
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
  6. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Sandboxie Control > Help > Check For Updates

    Popup message: The Sandboxie Web site does not report a newer version of Sandboxie.

    Currently using version 4.08. Internal updater in Sandboxie is not working.
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Bo, SB is saying the same as Compu KTed but Im on 4.06. If it makes a difference, Im on the free version.
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    There is no difference. You can download 4.10 from either of the links that I posted in my previous post. I never update using the updater. The updater sometimes takes a few days after a new version is out before its really working.

    Bo
     
  10. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thanks Bo.
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    You are welcome, Reality.:cool:

    Bo
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Is final version the same as release candidate or should we update it?
     
  13. guest

    guest Guest

    @bo elam : we have a ransomware that bypasses Sbie in default setting; wanna take a look of it?

    i throw it on a Win8.1.1 VM but another member did it on a spare machine with real system. on the VM it ran then crashes the OS.

    http://i.imgur.com/g8Z5M94.jpg
     
    Last edited by a moderator: May 23, 2014
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    This was a long waited release. Good thing.
    As this was done by a new compiler, i did the uninstall:

    0. Downloaded the install file and disconnected my internet cable.
    1. Deleted my sandbox contents in both the standard and admin accounts.
    2. Set AppGuard to Install mode and uninstalled SBIE (under admin account). Telling it to keep my INI-configuration. Rebooted when asked.
    3. Set AppGuard to Install mode and installed SBIE 4.10. Put AG back to Locked Down mode. Reconnected my internet cable.

    Testing:
    Noticed that the registering is activated without the need to reactivate. That is ok and keeps things easy.
    I have so far tested Firefox and Chrome and they open fine sandboxed. Flash works too.

    Seems to be a good update and none bother from say avast when installing. :)
     
    Last edited: May 23, 2014
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    I know you been waiting for this version Jarmo. I hope you like it as much as I do. Enjoy it man.:)

    Bo
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    So what, that doesn't prove nothing. You need to learn how SBIE works so you ll know what it takes and what it means to "bypasses Sbie".

    Bo
     
  17. guest

    guest Guest

    i don't need to learn, i know how to use it safely, it is about DEFAULT setting and i dont want prove anything, just ask you if you want try the sample to see what it does on a real spare system since you supposed to be Sbie expert here so you may figure out what was the problem if any... also it may help the devs to know that default setting may be bypassed and potentially fix it, since many people surely use it as default as i did when i started using it.

    if i wanted to bash Sbie , i just had to open a fancy thread with a big catch-eye title. but i like Sbie so i reported here.

    the pix shows what happened , and i am quite sure it will do the same on real-system. Sbie main purpose is to let stuff isolated unless i didn't get it...

    so now if it makes you upset to know that it may happen , so ignore my post, act as an fanboy, and let people be potentially unsecured... omg, this is what happen when you wanna help...better shut up sometimes and be selfish !

    thanks.
     
    Last edited by a moderator: May 23, 2014
  18. chris1341

    chris1341 Guest

    Hi guest,

    Can you confirm what the symptoms were did (was it an encryptor or just standard ransomware) it and that the malware was still running after the sandbox was emptied and the system re-booted?

    Have you reported to Invincea?

    Thanks
     
  19. guest

    guest Guest

    did the test 3 times. it was on Vbox so i can't truly evaluate the impact of the malware, reason why i asked Bo to check it on real spare system (i don't have , if i had i will do)
    a member on my forum told he was totally encrypted on real system.

    I installed latest Sbie 4.10, right click the malware into default sandbox; the screenshot shows you the result, then the OS froze and i can't even shut it down ; the only solution is to reset the VM.

    expected Bo to test it and if it was indeed "bypassed" , then i would report.

    maybe you can try to test it yourself; i will PM you the link.
     
    Last edited by a moderator: May 23, 2014
  20. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    @guest

    I'll check it out on 8.1.1 x64 real and VMware machines. PM me.
     
  21. chris1341

    chris1341 Guest

    Hi guest,

    Checked it out on areal system Win 8.1.1 x 64, SBIE 4.10.

    Here's what I did/happened scenario 1:

    Opened SBIE control and moved it to a place I could see clearly when the ransomware took hold.
    Right click send to default box
    All processes appeared in default sandbox
    Ransomware was active but contained
    Unable to terminate programmes in the sandbox or use desktop functions (cursor trapped in active malware window)
    Was able to CTR-ALT-DEL
    Chose Sign-out
    Prevented from signing out by malware
    Was able to use cursor using keyboard to choose sign-out anyway
    On logging back on malware not active
    Emptied Sandbox
    No malware traces other than the original exe (confirmed by HMP & MBAM)
    Conclusion: Malware active but contained by SBIE

    Here's what I did/happened scenario 2:

    Opened SBIE control and moved it to a place I could see clearly when the ransomware took hold.
    Right click send to default box
    All processes appeared in default sandbox
    Ransomware was active but contained
    Unable to terminate programmes in the sandbox or use desktop functions (cursor trapped in active malware window)
    Hard re-boot
    On re-start malware not active
    Emptied Sandbox
    No malware traces other than the original exe (confirmed by HMP & MBAM)
    Conclusion: Malware active but contained by SBIE

    I don't believe SBIE was truely bypassed here but it would be nice if by default programmes in the sandbox were prevented from what looks like a fairly basic explorer hijack.

    Cheers
     
  22. guest

    guest Guest

    Ok Chris, thanks for the testing, i never trust results in a VM so it is why i asked for a double check in a real system.

    As you said it will be nice if we could avoid the freeze.
     
  23. chris1341

    chris1341 Guest

    I only did it because I've seen very similar things over the years and universally they were contained and prevented from getting persistence so fairly confident with this one. Same with AppGuard and Defensewall over the years, a few samples have managed to run guarded but did no harm and were prevented from starting after are-boot.

    I also remember talk of a SBIE keyboard shortcut (like Defensewall) that would terminate all sandboxed programmes. In this case as the keyboard was still active so that would have taken care of it. I think there may be away by creating a desktop shortcut then associating that with keystrokes but they really should build something easy in I think.

    Cheers
     
  24. guest

    guest Guest

    i agree, a keyboard shortcut will be a good feature, it will allow users to avoid losing datas or their works because they have to hard-reboot.

    anyway it is a good news that Sbie is still strong ;)
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    In order to be taken seriously, next time you write something like that, have proof. No more blah blah.

    @chris, a few days ago, I suggested to Invincea the keyboard shortcut to terminate all programs. I think we are going to get that.:)

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.