AG+ERP+SBIE

Discussion in 'other software & services' started by Overkill, Jun 20, 2013.

Thread Status:
Not open for further replies.
  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Ok guys, please no comments saying "that's overkill" or similar, I would like to know what I have to do (as far as configuring) to make these 3 get along?

    It will be on an win xp sp3 machine 32 bit

    Thanks :D
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Not overkill to me, I use all three with Online Armor. In Online Armor I do have both Windows and Program files excluded.

    In Appgruard, give all the SBIE and ERP exe's memory guard read write excludions. I also made the erp exe's power apps. Additionally in my case I added all the OA exe files to the memory guard exclusions, both read and write.

    I also add Adobe and other appropriate apps to the guarded list.

    To Make ERP work with SBIE do the following:

    1) Open SandboxIE
    2) Browse to Configure->Edit Sandbox
    3) Under the sandbox paragraph (ex: [DefaultBox]) add this line:

    OpenIpcPath=*NVTERP_IPC*
    OpenIpcPath=$:EXERadar.exe

    Or add those lines under Resource Access>IPC ACCESS>Direct Access

    Under ERP I whitelist all of Windows and Program Files.

    Then under the Vulnerable tab, which should already have some exe's in it, I add all the Java exe's


    Hope this helps.

    Pete
     
  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Wow you must be bulletproof with all those plus OA, Thanks for the quick reply...I had a thought right after I posted this about maybe using faronics anti-executable instead of erp, would FAE get along as well?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    FAE is a great product, but the answer is nope. I looked at it before getting into ERP. It's solid, can do DLL's although I don't see the need. I was talking with them as I had problems getting it to work with SBIE, and then it broke FDISR, because it locked it's driver. Then there is the cost. $64 per license, and about $35 per year renewal.

    At this point ERP is so much superior. The whitelisting of command lines, and the wildcard commandlines. The vulnerable processes, just to name a few.

    Then there is cost, plus a big difference in support. Nope stick with ERP.

    Pete
     
  5. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA

    Yea that's way to expensive for me, I think you get a way better deal in all aspects with ERP, Thanks Peter :thumb:
     
  6. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Peter is right, stick with ERP

    Personally, I think it's more affordable, more powerful and provides the best technical support I have ever seen.

    I'll tell you something what, NoVirusThanks EXE Radar Pro is the best purchase I have made security wise ever, Hopefully it'll be the same for you.

    P.S. I'm honored that you're still using the Sandboxie icon I made a while ago, thanks :thumb:
     
    Last edited: Jun 21, 2013
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA

    Thanks for your input, hey it's a sweet looking icon, you did an excellent job :thumb:
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    [DefaultBox]

    OpenIpcPath=*NVTERP_IPC*
    OpenIpcPath=$:EXERadar.exe

    I put the lines above under each sandbox or just defaultbox?

    also, if I wanted to make sbie a power app, which exe's do I put?
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Each Sandbox. I didn't make SBIE a powerapp, just put all the SBIE exe's in as memory guard exceptions allowing both read/write. Try that first.

    Pete
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Ok other than a ton of these alerts, everything seems to be ok
    06/21/13 08:59:03 Prevented <Sandboxie Control> from reading memory of <Google Chrome>.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Putting SBIE exe files in the Appguard memory exceptions, should stop those.

    Pete
     
  12. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Should I add the other exe's?
    these I have so far

    sandboxierpcss.exe
    sandboxiedcomlaunch.exe
    sandboxiecrypto.exe
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Just keep adding them until the messages stop. But I also have
    sbiesvc.exe
    sbiectl.exe

    Pete
     
  14. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    I knew I should have added those, no more alerts! Thanks
     
  15. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Thank you very much, I appreciate that :thumb:
     
Thread Status:
Not open for further replies.