I would like to test Sandboxie and give it a try in portable mode, but I've already run into a problem with Hitman Pro Alert. I'm probably misunderstanding something somewhere, but I cannot start Firefox from a sandbox without HMPA interfering. To continue, I tried turning off mitigations for Sandboxie in HMPA, but I still get an Attack Intercepted alert (Sandboxie COM services). A beginners question: What is the proper way to avoid this from happening so I can continue testing? Spoiler Code: Mitigation PrivGuard Timestamp 2022-07-28T11:01:53 Platform 6.1.7601/x86 v945 06_4e PID 3624 Application U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SandboxieRpcSs.exe Created 2022-07-28T09:51:06 Description Sandboxie COM Services (RPC) 5.57.6 Local Privilege Escalation detected Code Injection 00060000-00061000 4KB U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SbieSvc.exe [5564] 00070000-00071000 4KB 77533000-77534000 4KB 1 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SbieSvc.exe [5564] 2 C:\Windows\System32\services.exe [752] 3 C:\Windows\System32\wininit.exe [704] wininit.exe Process Trace 1 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SandboxieRpcSs.exe [3624] 2 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SbieSvc.exe [5564] 3 C:\Windows\System32\services.exe [752] 4 C:\Windows\System32\wininit.exe [704] wininit.exe Services 5564 SbieSvc Dropped Files 1 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\Sandboxie-9112392.tmp Dropped by \Device\HarddiskVolume8\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SbieSvc.exe [5564] 2 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\Sandboxie-9112985.tmp . . . . 24 U:\SwApps\Thin\SandBoxie+\Sandboxie-Plus\Sandboxie-9117260.tmp Dropped by \Device\HarddiskVolume8\SwApps\Thin\SandBoxie+\Sandboxie-Plus\SbieSvc.exe [5564] Thumbprints b341ba81e6dc59ab8f5be68a6535ffe7e2fe010eab919ca598bdf460dac78465
Perhaps adding this line to your firefox sandbox settings (DefaultBox?) might help (if not already present): Code: [DefaultBox] . . Template=HitmanProAlert The option to edit sandboxie.ini (where this setting goes) is in the GUI
I'm assuming you deleted the contents of the sandbox before starting firefox sandboxed again. I do not use HitmanPro. Hopefully, others who do will chime in.
Your version is the current latest. One other thing to try is to add "SandboxieLogon=n" (or change from y to n) in the [Global Settings] of sandboxie.ini, reboot and try again.
I found a solution to get Firefox to launch. Instead of disabling Exploit mitigations for Sandboxie in HMPA, went to Risk Reduction > Process Protection > uncheck Local Privilege Mitigation. Not sure though what the risks are disabling this function.
Yes correct, this is the only way to fix this, since HMPA hasn't implemented a whitelist, so it basically sees Sandboxie as malware. The risk is that malware might still elevate priviliges if it manages to run in the first place.
