Discussion in 'other anti-malware software' started by shadek, Mar 12, 2011.
Yeah, I don't know why.
These are not blocked Firefox processes but Sandboxie control processus, so add Sandboxie to the allowed PowerApps (i. e. whitelist it) and you're done.
that's an expert talking there
Try putting the C:Sandboxie folder in the Application - Exception list and change the type to read/write.Also take a look at the tutorial here as it may offer some help. http://www.blueridge.com/support/products/appguard/files/AppGuard_ReleaseNotes_3_4.pdf
I wish but thanks.Actually natZone may just have provide the answer.
What do you mean? I can't add the entire folder. If you can see my screenshot, I have Sandboxie executables added in the Application Exception list. Should I just change the settings from 'Write' to 'ReadWrite'?
The Sandboxie executable only? Or should I include sandboxiedcomlaunch.exe, sandboxierpcss.exe and sandboxiecrypto.exe?
Its been a while since using SBIE but I had a issue with AppGuard and was able to add the whole sandbox folder.but that was before the new addition of powerapp of AppGuard.
Try what natZone said and see if that helps any.
Okay. I just opened Google Chrome. It has the same issue.
I added SbieCtrl.exe to the PowerApps list and it seems that the notifications have ceased.
Glad you got worked out.
I am experimenting with AppGuard's "Locked Down" Protection Level.
I have one issue that I have not been able to figure out. What do I need to get rid of this "Event" Message?:
XX/XX/XX XX:XX:XX Prevented <Firefox> from reading memory of <CTF Loader>.
This "Event" Message occurs when I open Firefox (sandboxed). Do I really need to do anything to get rid of the "Event" Message? I am able to surf the web while getting this "Event" Message.
Thanks in Advance.
Operating System: Windows XP Pro SP3 (32 bit)
I have a house full of females, wife and my girls. I work out of town and only come home about every four to six weeks for the weekend and it consumed most of my home time to update five laptops and one desktop. There is no getting them to understand how to do the updates and I never liked having WinUpdates set to auto because of potential crashes after a bad update which of course they would know nothing about how to restore. With AG installed, it was another hoop for them to jump through to disable protection for the update back when AG had to be disabled for WinUpdates to install. In my situation, I'm just miles ahead by using AG on High for them and Locked Down for me. If they can't install something, naturally they are going to call me for the "why isn't this installing?". This way, I know what they are installing and if it's legit, I can let them know how to lower AG's protection for the installation. I know that sounds hard but with my bunch, all they know about PC's is use, use and use. They know nothing about maintain and protect.
Most MemoryGuard events are harmless. If it isn't stopping anything from working normally, just ignore it. Unless you are using the alternative user input feature of MS Office, I don't think you need CTF Loader (ctfmon.exe) anyway.
Sometimes I do use East Asian Language Input, but usually only once or twice a month. I just tested whether or not East Asian Language Inputs would be allowed: "High" Protection Level = Yes, "Locked Down" Protection Level = No.
Any ideas on what I need to do to fix this minor problem?
Thank in Advance.
Try adding ctfmon.exe as a PowerApp. If that doesn't work, switch to the default High protection level whenever you want to use the feature. You don't really need to be using Locked Down all of the time anyway.
I run AppGuard at the High protection level because it is more flexible, provides better overall compatibility with other applications, and causes me the least problems. If you really like using Locked Down for normal use then temporarily switch to High when Locked Down is preventing something from working that you haven't been able to overcome by AppGuard configuration.
Earlier, I had tried adding ctfmon.exe (Including Firefox.exe) as PowerApps which didn't solve the problem. I also tried adding Firefox.exe and ctfmon.exe to MemoryGuard's Application Exception List (both ReadWrite) which did not solve the problem.
With "Full" Protection Level I have not had any issues. I will run in "Full" Protection Level most of the time.
You definitely don't want to be making exceptions for an Internet-facing application like Firefox, as you will be negating some of the protection of a guarded application. Changing to the default High protection level for normal operation is, as you say, a better option.
When I first installed AppGuard, I followed all of the recommendations given here:
Does anyone know the answer to the question asked in the above link:
Any other comments on the recommendations in the above link?
Thanks in Advance.
MemoryRead events only tend to occur when the protection level is set to Locked Down. You shouldn't be seeing these at the High protection level. AppGuard exceptions should not be made as a matter of routine; the AppGuard events panel will tell you what, if any, exceptions need to be made.
Regarding Sandboxie, it varies from one system to another, depending on the OS version and where the Sandboxie container folder is located. On my Windows XP system, I run AppGuard and Sandboxie together without any AppGuard exceptions. (Guarded applications have to have write access to the Sandboxie container folder, but I have it located on a RAM disk so it's automatically in extended user space.)
If, on your system, AppGuard is reporting MemoryGuard write events for sbiectrl.exe then add sbiectrl.exe as a PowerApp in order to ensure that Sandboxie functions properly. If there are no sbiectrl.exe blocked events then there is no need to do anything. The same applies to all of the other Sandboxie executables.
Sounds like a good stragedy.
You think it's bad now - just wait until late mid age!
Not sure how sandboxie works exactly, but if the other processes are called by the sandboxie executable, then there is no need to add the other ones. They will inherit their "powerappness" from the calling app.
If you are not seeing any anomalies when running Firefox (other than the message), I don't think that you need to worry about it.
Answering your later posts on this subject (i.e. trying to allow this in Locked Down protection level), I don't believe that there is a way of doing this. Adding CTF Loader as a power application will not allow a Guarded Application to read its memory. The exception that would have to be made would be to not have Firefox memory read protected in Locked Down. Locked Down protection policy enforces Memory read protection on all Guarded applications and is not configurable by the end-user.
Separate names with a comma.