AppGuard and Sandboxie

Discussion in 'other anti-malware software' started by Brocke, Apr 4, 2011.

Thread Status:
Not open for further replies.
  1. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,190
    Location:
    USA,IA
    Do you guys think running both is over kill? considering Appguard really doesnt let anything passed.
     
  2. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    Yes, AppGuard alone should be enough.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i think you dont really need sandboxie when you have appguard guarding ur system;)
     
  4. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,190
    Location:
    USA,IA
    yeah running MSE and AG on both my laptops. very good products. im just alittle concerned by the AG changes that may happen.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what changes?that may happen mano_O
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I ran Appguard and Sandboxie. True both should stop stuff, but with Sandboxie, it is easier to make it go bye bye.

    Also while you can sandbox USB flash drives, etc, Appguard handles that nicely.

    I just like having them both.

    Pete
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    if it doesnt slow you down go for it man or if it doesnt give you any isues why not:)
     
  8. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,190
    Location:
    USA,IA

    we dont know yet havnt heard anything yet. just making a statment :)

    thanks for the opinions all.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i wouldn mind buy this software as it is trouble free and fast and secure;)
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i have set AppGuard at high security level and i feel very secure;)
     
  11. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,190
    Location:
    USA,IA
    yeah same here but right now AG is just whats im looking for nothing gets passed. :thumb:
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    exactly is very strong security program and for 64 bits it plays very nicelly;)
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    AppGuard and Sandboxie operate in different ways, so it is not an overkill to run both together IMO.

    Sandboxie uses a combination of virtualisation and policy restriction, but only for applications running inside the sandbox. Sandboxie is therefore ideally positioned for use as a browser protection utility.

    AppGuard uses policy restriction to provide system-wide protection for the real system but does not use virtualisation. System-wide virtualisation can be added using a light virtualisation program though, if required. AppGuard combined with Returnil or Shadow Defender can make a very effective combination.

    I use a combination of AppGuard, Shadow Defender, and Sandboxie (on demand), and I don't consider it an overkill.
     
  14. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    If AppGuard and Sandboxie are going to play nicely together what settings do you use?

    I tried moving the Sandbox to a partition other than C: and tried adding exemptions in AppGuard for both the Sandbox on the other partition and the Program Files folder of Sanboxie but could not load Chrome sandboxed.

    Can anyone give me some pointers please?

    Thanks,

    Adam :)
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Hi Adam

    I am using them both located at their defaults. Chrome seems to be a troublesome beast, so not sure about that. I tried it and didn't see enough advantage to deal with the problems.

    I did run into an issue with Firefox lately, and downloaded the last 3.6 version, along with the last version of sandboxie, and flash. Still had problems, which I solved by building a new sandbox.

    You might check the sandboxie forum as to the latest on Chrome.

    Pete
     
  16. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,190
    Location:
    USA,IA
    does sandboxie work under limited accounts like Guest?

    also if i set my setting to lets say always run IE9 in the sandbox does that config cover all accounts or do i have to set each account up?
     
  17. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland
    Hi all,

    i can't get SBIE to work with appguard at all.

    Obviously, there is a way as I've read several posts on here saying so from users but the posts don't give instructions on how to get them to work!

    I would appreciate any direction in how to configure appguard to work with SBIE

    Thanks
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    It didn't take anything special. I did add exceptions for Sandboxie exe's in the memguard exception list, but that was it.

    Pete
     
  19. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    For Sandboxie to work with AppGuard, it must be possible for guarded applications, e.g. browsers, to be able to write to the Sandbox folder.

    This will depend on where the sandbox folder is located. If it is in its default location on the system partition (usually C:\Sandbox), AppGuard will treat it as part of system space, which means that guarded applications cannot write to it by default. The sandbox folder must then be added to the AppGuard list of exception folders that guarded applications are allowed to write to.

    If the sandbox folder is located on an alternate (i.e. non-system) partition, AppGuard will treat the sandbox folder as belonging to extended user space, which means that it can be written to by default and no additional AppGuard configuration should be necessary to make it writeable.

    As Peter2150 has done, it's also a good idea to make exceptions for Sandboxie in the MemoryGuard exception list. The following Sandboxie executables should all be given memory Write access: sandboxierpcss.exe, sbiectrl.exe, sbiesvc.exe, and start.exe.

    Not adding these to the MemoryGuard exception list won't stop applications from running inside the sandbox but it might weaken Sandboxie's protection if it is unable to inject code into the memory space of sandboxed processes in order to control them. :doubt:
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thank you for that guide, pegr! I've been wondering how I'd solve the puzzle between AppGuard and Sandboxie without lowering any of the softwares' protection level by mistake.
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I'm having some problems with Sandboxie and AppGuard. Here's my settings.


    Untitled4.png
    Untitled5.png

    Do I need to allow the .exes of Sandboxie to have _both_ write/read access in Memory Guard exception list? The following .exe have been added to AppGuard memoryguard exception list with 'write' permission:

    Untitled3.png

    Here's the error I'm getting:

    Untitled.png
    Untitled2.png




    Does anyone know the solution for this?
     
    Last edited: Apr 13, 2011
  22. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland

    Perfect! Thanks very much pegr and Peter :thumb:

    Update:

    IE9 seems to only work if right-clicked run in sandbox.

    If I launch from shortcut by clicking directly on it I get this:

    SBIE2334 Cannot load DLL file: COMCTL32.dll

    And a windows memory refernce error followed by the windows close program dialog.

    I have all sbie processes in exceptions list in appguard
     
    Last edited: Apr 13, 2011
  23. xorrior

    xorrior Registered Member

    Joined:
    Mar 22, 2010
    Posts:
    66
    Most malware authors exploit visible modules mapped in memory and thread characteristics to detect both, and logic bomb out of them or do nothing to live longer. Sandboxie+BSA can still be detected by virtual allocation functions, and through some lesser known syscalls to do with thread states and structures. There are ways to do it in native driver IOCTL queries too. Hijacking their injected code may also be possible if the driver doesn't protect them.

    This 'isn't a problem' if I remember correctly though. I use sandboxie for easy cleanup and just block access to history and login data on machines where 'remember' functions are used. Appguard is okay but it's not really flexible.
     
    Last edited: Apr 13, 2011
  24. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    976
    Location:
    Brooklyn, USA
    Pegr,
    Thanks for info. Could you please help me understand exactly what steps to take to add these SBIE exe files to exceptions list with memory write access as you mentioned. I understand how to add Sandobie folder to exceptions list but am confused about how to deal with exe files and thanks.

    Gary
     
  25. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hi Gary,

    If you open the AppGuard GUI, press the Customize... button and go to the Advanced tab, you will see the MemoryGuard Application Exception List. Click on the Add button to the right and from the explorer panel that opens, navigate to the .exe file that you want to add and click the Open button to add the application to the list. It will automatically be added for Write access as the default. Repeat this for each application you want to add.

    If you need to change the access type, clicking on the word Write in the Type column will display a drop-down list where you can change it to Read or ReadWrite as necessary. You shouldn't normally need to change it though unless the MemoryGuard blocking messages in the Events panel show that the application is being blocked from reading memory, which won't usually be the case.

    Regards
     
Loading...
Thread Status:
Not open for further replies.