AppGuard 4.x 32/64 Bit - Releases

No problem!

 

No problem!

 

Thanks a lot CE, going to try tomorrow asap.
At the last minute I decided to read your 2 options and realized I've already tried that. Moreover, that's my current config actually (option 2), except for the SbieSvc.exe part (option 1).
Outcome: didn't work out. Also I tried both options at once and nothing.

 

I don't have Sandboxie installed right now. You could try option 1, and also add this other executable from the installation folder as a power app in addition to SbieSvc.exe. I don't remember what it was called now. If you could take a screen shot of your installation folder I would recognize it if I saw it. If you try option 1 then what exactly is being blocked then? That might help me come up with a fix. I don't have Windows 8, or 8.1 to work with.

 

Happened again this afternoon - I believe it was WR updating to version 8.0.5.109. It blocked the 4 x .dll quoted in my OP. I've now taken on board your further advice and added to Publishers.

 

Just use the settings I listed, and AG should also allow all executions from WSA in the user-space.

 

Spoiler

http://i.imgur.com/9mFeAQu.png

 

Try making SandboxieDcomLaunch a power app. I think I had to make SandboxieDcomLaunch a powerapp in the past. If that does not work then remove that one, and try making SandboxieRpcSs a power app. If that does not work then try adding them both as power apps. If that does not work then copy your blocked events, and paste them here so I can see what files are being blocked and their path.

btw.. don't remove SbieSvc as a power app.

 

We already tried that Peter. I recommended that in post 2425 as option 2.

 

No good outcome. I'll proceed to gather and copy blocked events. Here they are:

Spoiler

AppGuard
11/21/14 09:34:59 Prevented process <combase.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:34:59 Prevented process <shlwapi.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:34:59 Prevented process <imagehlp.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:34:59 Prevented process <msvcrt.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:34:59 Prevented process <user32.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:32:59 Prevented process <combase.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:32:59 Prevented process <shlwapi.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:32:59 Prevented process <imagehlp.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:32:59 Prevented process <msvcrt.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.
11/21/14 09:32:59 Prevented process <user32.dll | c:\windows\system32\rundll32.exe> from launching from <c:\sandbox\mrx\internet_explorer\drive\c\windows\system32>.

Sandboxie
SBIE2205 Service not implemented: NtCreateProcessEx (XXXX)

Windows Powershell
Windows Shell Common Dll has stopped working

As you can see the problem is by the time being with IE only. For Chrome or Firefox or any other program I use to sandbox, just fine.
Moreover, even though I hide blocked events log with a wildcard, obviously the Sandboxie and Windows Powershell errors pop up.

 

What OS are you using Peter? Mister X is using Windows 8.1 x86 EN.

 

Have followed your advice and set-up accordingly. Thanks.

 

After looking at your event log I really don't know what else to recommend. This really needs to be reported Blue Ridge Networks. Maybe they know of another way, or maybe they need to make some changes to AG. Maybe another Sandboxie user knows of a fix that i'm not aware of, but it would probably be faster to email BRN for support. You can email support at appguard@blueridgenetworks.com They will need a copy of your policy file, and the event log.

 

Ok, thanks CE.

 

What Pete told above.
You can certainly neglect 2. step in that. It is just for extra AG protection for the sandboxes. I use both 2. and 3.
1. And no power apping SBIE processes or guarding them.

This is just my computer of course.

 

I already asked this a few posts before:

However CE told me it poses a security risk:

So we have here opposing views about whether adding C:\Sandbox to User-Space or not. Is not the same to add extra protection by AG than a security risk situation.

 

I would not call it exactly a security risk. Those apps inside a sandbox are already taken care and sort of isolated from your system, by Sandboxie. But if you want AG taking its guard on sandboxed apps too beside Sandboxie, do Pete's advise step 2. too.

Because of step 2 I need allow user space launches from AG icon in those few times I install a program in to a sandbox. Makes it less convenient, but I like the added "security"

 

Fine, I'll manage my Sandboxied IE issues neglecting step 2. Thank you guys, all of you.

 

Thank you, in that page it never talks about adding C:\Sandbox to User Space so I think I've got my secure and functional settings.

 

Adding C:\Sandbox to user space is definitely not going to solve the problem, if anything, it's causing it. Though I am still puzzled why the dlls are launching from the container folder. If Firefox is running sandboxed, it's not launching from there either, just the writes are redirected to that folder.

 

That's why I meant to say, if you read my previous posts. Adding C:\Sandbox to User Space is causing me problems above described.

 

The Sandboxie AG discussion has been brought up multiple times in this thread. It's probably the most popular topic in the entire thread. Most user's add the sandbox folder to the user-space in AG. If you don't add the sandbox folder to the user-space then AG will not block executions in the sandbox, thus not blocking drive-by-downloads from sandboxed browsers, or the execution of other malware from other sandboxed applications like mail clients, etc. If you trust sandboxie will handle drive-by-downloads from the browser, and other malware you might encounter with your sandboxed applications then the user can of course depend on Sandboxie instead. I do consider this a security risk, but I guess I should have been more clear. You just don't get the benefit of AG's protection with your sandboxed applications. AG would only come into play if some malware was able to break out of the sandbox. AG might keep it from spreading then. Most user's are able to add the sandbox to the user-space without having the problems MisterX is having. I myself am able to add the sandbox to the user-space without any problems. That's why I say MisterX might still want to report this to BRN so they are aware of the situation so they can see if there is anything they can do. If more users report problems like these then BRN might be able to improve AG.