Sandboxie 4.02 + EMET 4.0: Delete Invocation won't work while running under EMET

Discussion in 'sandboxing & virtualization' started by Tyrizian, Jun 23, 2013.

Thread Status:
Not open for further replies.
  1. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I sandbox all my browser's and I always have Delete Invocation enabled in Sandboxie, so when I close out a browsing session, it deletes the contents of that sandbox.

    Now, I just started to notice a problem with Sandboxie and EMET, even after Sandboxie detects and adds EMET to it's compatibility list.

    I noticed if I add Firefox or anything plugin related, Adobe Flash, etc. to EMET, Delete Invocation in Sandboxie no longer works and the processes will hang after initiating a close/exit.

    If I go back into EMET and delete firefox, plugins, etc. from the processes list, then Delete Invocation in Sandboxie all of a sudden works again.

    I want to have these two working side by side, but I can't seem to get it to work.

    Do any of you have any advise, maybe a path that I can add in Sandboxie's configuration file?
     
  2. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I figured out how to fix it.

    I had originally set my EMET profile to Maximum security settings.

    Just F.Y.I. - Maximum security settings will halt the Delete Invocation feature in Sandboxie

    Changing the profile name to "Recommended security settings" won't halt the Delete Invocation feature in Sandboxie and therefore will work simultaneously with one another.

    It would be nice if they worked well with one another under the Maximum security setting.

    If one has a suggestion on how to make it possible under the Maximum security settings, please let me/us know.
     
    Last edited: Jun 23, 2013
  3. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    It depends on the (general) DEP settings you choose in EMET4. And seems to be a problem esp. on Win8x64. For application opt-in and opt-out it should work, no matter how you set up all other mitigations.
     
  4. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    I have Maximum security settings for EMET4 in Windows 8 x64, use firefox, have my sandbox set to delete invocation and I don't have the same problem as you TyRidian. What version of Firefox do you use I'm curious? I'm using v21 of xhmikosr's build.
     
    Last edited: Jun 23, 2013
  5. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    I'm running Win8 64 bit, Firefox 21, and EMET 4.0. In order for the sandbox contents to be deleted on Firefox's close I have to set DEP to Opt-in from Always On. You can leave SEHOP and ASLR to Always On. I feel slightly less secure running my system this way but hey at least it works now.

    Tzuk is looking into this matter.

    Later...
     
  6. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I'm using build 21 as well.

    I'm gonna have to try a few thing's, see if I can get Maximum security settings to work for me.
     
  7. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    The way I read your post, I'm not the only one with the problem.

    I still want to try to get Maximum security settings to work though, since 1chaoticadult said he has no problems under that set up.
     
  8. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    I'm curious whats causing that issue. Are using vanilla firefox or someone else's custom build?
     
  9. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    I'm using the official Firefox
     
  10. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Maybe thats why I'm not having the issue because I'm using a custom build?
     
  11. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    Have Sandboxie V4 and EMET 4 in Windows 8 Pro – EMET set to Maximum Settings.

    I have no issues with (vanilla) Firefox - latest version, if I run it via a sandboxed shortcut. BUT – if I run Firefox 'forced' sandboxed, Firefox will not shutdown! I have to use SBIEs 'Terminate All Programs' option to shut it down. Similarly, I.E refuses to shutdown under any form of SBIE control.
    Bizarrely, have no such issues with Palemoon browser.

    I've played around with EMET settings and the only system settings which allow the above browsers to behave normally are:
    DEP = Opt In
    SEHOP = Always On
    ASLR = Opt In

    It seems to me that SLE was right - DEP setting is the problematic one!
     
  12. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    tzuk has released 4.03.01 which at least for Firefox 21 fixes the EMET 4.0 final problem. I can now run DEP with the Always On setting instead of Opt-in. The sandbox contents are now being deleted on close.

    Later...

    Bob
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    Yeah, because with Sandboxie 4.02 and EMET, I'm forced to use these settings, at least for now.

    DEP = Application Opt-In
    SEHOP = Always On
    ASLR = Application Opt-In
    Certificate Trust (Pinning) = Enabled

    Thank you for letting us know that it has been fixed in Sandboxie 4.03
     
Loading...
Thread Status:
Not open for further replies.