Whitelist "SbieDrv.sys".
There will be a Buster Sandbox Analyzer Beta 8 version with new stuff. Minor change: In previous version I forgot to include "Perceptual Hash...
Thank you for the update, David!
You should whitelist "SbieDrv.sys". Whitelists are made for situations like this one.
You already patched a security issue, the problem with injection mechanism, NtQueryInformationProcess bug, ... All those fixes are included in...
Old Buster Sandbox Analyzer thread in Sandboxie's forum can be accessed through archive.org:...
Did you test using new LOG_API? https://github.com/sandboxie-plus/LogApiDll/releases/download/1.0.5/LogApiDll.zip
Whitelist SbieDrv.sys David is using a leaked cert to sign the driver. That's the reason why some antivirus detect it.
In no time David fixed issues Invicea and Sophos didn't want/didn't know to fix like dll injection problem, a security issue, msi problem, ......
Nice work, David! Congrats! So if I got it right "SandboxieLogon" and "AllowSandboxieLogon" are options available but at the moment are more...
Previously you wrote: "so the next build will contain a dedicated option MsiServerKeepToken=y to allow only msiexec.exe to keep the system sid"...
I got the exclamation mark when Windows Defender detected the driver and stopped it so that's probably the issue.
Good to know, thanks!
What are the security implications of this workaround?
Released Buster Sandbox Analyzer 1.89 Beta 7. If no new features are requested and no bugs are found probably this will be the last version. Beta...
I had a Buster Sandbox Analyzer 1.89 version I never released. This unreleased version included a pair of new features. One of them was perceptual...
BSA 1.89 Beta 5 can be downloaded from here: https://1fichier.com/?716fodhlg017ixhho4bs
Released BSA 1.89 Beta 6. - Fixed error message when BSA is executed for first time from a clean installation - VirusTotal works again in all...
I don't see anything in the report that help me to identify the problem. Make next test... In the same VM you used to test notepad install...
If you have Windows Defender, EMET (Enhanced Mitigation Experience Toolkit) or any other antivirus/security suite installed, disable it temporaly...
"might no be compatible" You should start from here (https://www.sandboxie.com/ResourceAccessMonitor) and then post resource log. That was the...
"Yeah, you're right, the crash happens even when BSA is not involved." This was the expected because LOG_API is injected anyway. "But I have few...
I just installed Sandboxie 5.40.2 and BSA 1.89 Beta 5 on a Windows 10 Pro x64 1903 and everything worked fine: I sandboxed notepad, put some...
Ok, nice. And what Sandboxie version are you using?
This comment should be for diversenok as he found the vulnerabilities, not me.
Separate names with a comma.
