Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    To me, it is clear that it does. If I was using an Standard user account, I would use the setting whenever possible since using the setting would stop any installer (could be malware) that gets downloaded into the sandbox if it attempts to Start and run. Using the setting is probably more important if we are using a non restricted sandbox than if the sandbox is restricted (as only a few programs are allowed to run in the one that's restricted).

    Bo
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Same here, Pete. I gave it a hell of a ride last night in my XP. All flying colors. And I am now in my W7. Same results.

    Bo
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,068
    Location:
    Canada
  4. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    I remember Tzuk saying something like, Drop rights was not "ground breaking". That was in a thread from I think 2010 and about Drop rights. The setting had been implemented a short while earlier. If someone likes to find that thread, it should be easy to find or I can find it. It is a very long thread.

    One thing that I can add about Drop rights is that just about all if not all POCs or weakness found in Sandboxie that I remember reading about, fail when Drop rights is in place. That's pretty solid. I mean, if the setting is ticked, POCs don't work and vulnerabilities can not be taken advantage (to escape the sandbox).

    Bo
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,068
    Location:
    Canada
    Earlier today in a different thread, I surmised hackers don't seem to challenge Sandboxie in contests probably because they know it will be a waste of time and effort for them, resulting in no prize money for their efforts. That said, I'm really hoping, for interest sake, the top hackers who attend PWN2Own and such will attempt escaping through a tightly configured Sandboxied browser just to see what kind of progress, if any, they would make. I suppose it would at the very least require a kernel exploit to be successful.
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,277
    Location:
    Under a bushel ...
    Bo - I have to thank you for your endless patient and detailed advice on SBIE. I am sure everyone else on this thread feels the same.
    I think you should host a SBIE Masterclass at some resort in Nicaragua. :)
     
  7. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Helping with Sandboxie is my way of giving something back. This program turned my computer and internet experience into something truly enjoyable. No worries of any kind. It wasn't like that before. I owe that feeling to Sandboxie.

    Bo
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Paul, I read your post in the Firefox addons thread about Hello showing as false in about:support but you are not sure why. I think your Firefox profile is either corrupted or you changed a preference in about:config that did it.

    Like I said there, you can create a new profile and do it under Sandboxie. After Firefox runs, check Hello and then close the browser and delete the sandbox. Creating, using and testing new profiles under SBIE can be done quickly.

    Right click your Desktop and do the steps to create a shortcut with the path below:

    "C:\Program Files\Sandboxie\Start.exe" /box:All "C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -P "NewProfile"

    If you create the shortcut as I wrote it, Firefox will run with the new profile in a sandbox named All. You can create a new sandbox and name it All, and that's where Firefox will run. Or you can change the name to another one or DefaultBox. But make sure in Sandbox settings all programs are allowed to run and have access to the internet.

    Bo
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,772
    Location:
    .
    FWIW ~ little test > Paranoid Fish report w Sandboxie.
    http://betanews.com/2016/03/23/malware-detect-sandbox/
    with Sandboxie and Active vaccination disabled

    * Pafish (Paranoid fish) *

    Some anti(debugger/VM/sandbox) tricks
    used by malware for the general public.
    [-] Debuggers detection
    [*] Using IsDebuggerPresent() ... OK

    [-] CPU information based detections
    [*] Checking the difference between CPU timestamp counters (rdtsc) ... OK
    [*] Checking the difference between CPU timestamp counters (rdtsc) forcing VM ex
    it ... OK
    [*] Checking hypervisor bit in cpuid feature bits ... OK
    [*] Checking cpuid hypervisor vendor for known VM vendors ... OK

    [-] Generic sandbox detection
    [*] Using mouse activity ... OK
    [*] Checking username ... OK
    [*] Checking file path ... OK
    [*] Checking common sample names in drives root ... OK
    [*] Checking if disk size <= 60GB via DeviceIoControl() ... OK
    [*] Checking if disk size <= 60GB via GetDiskFreeSpaceExA() ... OK
    [*] Checking if Sleep() is patched using GetTickCount() ... OK
    [*] Checking if NumberOfProcessors is < 2 via raw access ... OK
    [*] Checking if NumberOfProcessors is < 2 via GetSystemInfo() ... OK
    [*] Checking if pysical memory is < 1Gb ... OK
    [*] Checking operating system uptime using GetTickCount() ... OK
    [*] Checking if operating system IsNativeVhdBoot() ... OK

    [-] Hooks detection
    [*] Checking function ShellExecuteExW method 1 ... traced!
    [*] Checking function CreateProcessA method 1 ... OK

    [-] Sandboxie detection
    [*] Using GetModuleHandle(sbiedll.dll) ... traced!

    [-] Wine detection
    [*] Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... OK
    [*] Reg key (HKCU\SOFTWARE\Wine) ... OK

    [-] VirtualBox detection
    [*] Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
    [*] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
    [*] Reg key (HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions) ... traced!
    [*] Reg key (HKLM\HARDWARE\Description\System "VideoBiosVersion") ... OK
    [*] Reg key (HKLM\HARDWARE\ACPI\DSDT\VBOX__) ... OK
    [*] Reg key (HKLM\HARDWARE\ACPI\FADT\VBOX__) ... OK
    [*] Reg key (HKLM\HARDWARE\ACPI\RSDT\VBOX__) ... OK
    [*] Reg key (HKLM\SYSTEM\ControlSet001\Services\VBox*) ... OK
    [*] Reg key (HKLM\HARDWARE\DESCRIPTION\System "SystemBiosDate") ... OK
    [*] Driver files in C:\WINDOWS\system32\drivers\VBox* ... OK
    [*] Additional system files ... OK
    [*] Looking for a MAC address starting with 08:00:27 ... OK
    [*] Looking for pseudo devices ... OK
    [*] Looking for VBoxTray windows ... OK
    [*] Looking for VBox network share ... OK
    [*] Looking for VBox processes (vboxservice.exe, vboxtray.exe) ... OK
    [*] Looking for VBox devices using WMI ... OK

    [-] VMware detection
    [*] Scsi port 0,1,2 ->bus->target id->logical unit id-> 0 identifier ... OK
    [*] Reg key (HKLM\SOFTWARE\VMware, Inc.\VMware Tools) ... traced!
    [*] Looking for C:\WINDOWS\system32\drivers\vmmouse.sys ... OK
    [*] Looking for C:\WINDOWS\system32\drivers\vmhgfs.sys ... OK
    [*] Looking for a MAC address starting with 00:05:69, 00:0C:29, 00:1C:14 or 00:5
    0:56 ... OK
    [*] Looking for network adapter name ... OK
    [*] Looking for pseudo devices ... OK
    [*] Looking for VMware serial number ... OK

    [-] Qemu detection
    [*] Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
    [*] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
    [*] cpuid CPU brand string 'QEMU Virtual CPU' ... OK

    [-] Bochs detection
    [*] Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
    [*] cpuid AMD wrong value for processor name ... OK
    [*] cpuid Intel wrong value for processor name ... OK

    [-] Cuckoo detection
    [*] Looking in the TLS for the hooks information structure ... OK
    YMMV
     
    Last edited: Mar 23, 2016
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Excellent post, bjm. I hope people who use Sandboxie for testing "suspicious" files, read the article and stop doing it. Using Sandboxie for testing unknown or suspicious files to see their behavior is totally wrong.

    Bo
     
  11. wolfrun

    wolfrun Registered Member

    Joined:
    Jul 26, 2009
    Posts:
    680
    Location:
    Canada
    Sandboxie working well here as always. Matter of fact, I can't remember anytime in the past, that Sandboxie has not worked well.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,106
    Location:
    Mountaineer Country
    Does anyone know what needs to be allowed for Amazon videos to work while firefox is sandboxed? I just tried it unsandboxed and it works fine. The player uses silverlight and I'm sure there is some sort of DRM in the mix. I'm not getting a pop-up saying anything was not permitted to run and I do have run and internet restrictions in the sandbox.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Innerpeace try viewing the video in a non Start Run restricted sandbox. If that dont work, if you have Drop rights enabled, untick it.

    I am not familiar with Amazon videos. Seems like a paid site, maybe? Get me a link that I can check and I ll try the site. I found previews, can you watch the trailers in the sandbox?

    www.amazon.com/gp/product/B005DNPFMC/ref=pd_cbs__4/190-7712269-7396913

    Are you using W7, what?

    Bo
     
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,106
    Location:
    Mountaineer Country
    Movies run in the default (no run/internet restrictions) sandbox. I have amazon prime to watch the prime movies (included with prime) but I think you can watch the free ad supported movies if you log into your amazon account (if you have one). I'm using windows 8.1.

    Edit: Internet access restrictions.
    firefox
    dllhost
    plugin-container

    Start/run restrictions.
    firefox
    dllhost
    plugin-container
    plugin-hang-ui
    agcp
    foxitreader.
     
    Last edited: Mar 25, 2016
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    The, thats what it is. You have to use a non Start Run restricted sandbox to view videos at Amazon videos. Some sites work that way in some systems. I found that to be the case in one site in XP. While in W7, at the same site, I can restrict the sandbox and the videos play. For the future. If videos don't play at a particular site, play with Sandbox settings. Same with DR.


    Bo
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Reply to the Edit. I dont see Silverlight being allowed to run and connect. So, that could be the reason Silverlight doesn't run in the restricted sandbox you are using. You need to allow the exe or exes that the program uses when you are using a restricted sandbox (I dont have Siverlight installed so I cant tell you what they are).

    And the reason you are not getting messages from Sandboxie about Silverlight attempting to run could be that you have disabled the option to be notified. Look in Sandbox settings>Restrictions>Start/Run access, look at the bottom left of the windows. Either that, or you Hidden the message.

    Bo
     
  17. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,106
    Location:
    Mountaineer Country
    Hi bo. Thanks for your replies. A search shows AGCP.exe is silverlight. Maybe I need to allow it internet access. When I try running a video with IE in default box I get a pop-up error about mfpmp.exe which seems to be some sort of drm.

    Your preview worked fine in IE default box but a movie gives the above error. The movie works find outside the sandbox in IE just like firefox.

    Messages are allowed but I may have hidden one by accident. I looked around and clicked on "Forget hidden messages" so hopefully that restores anything I may have screwed up.

    I'll play around with agcp.exe and mfpmp.exe in the restrictions and see what I can come up with.

    Edit: Ok, I added both programs in both restrictions and it works :).
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Great. :cool:

    About "Forget hidden messages". I think you did good clicking it. That unhides all messages you have hidden. Thats all it does, you can do no harm to hide or unhide messages

    Bo
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    New beta 5.11.2 is out. Looks for Chrome in W10 only. I dont use W10 or Chrome but even so, I like testing and installing all Sandboxie betas for two reasons. One, it helps the development of Sandboxie, and Two, if changes to the code breaks SBIE working smoothly in my computers, I want to know as soon as possible, so I can report it soon afterward, this makes it easy to detect the change causing my issue. Rarely happens but it has happened. :)
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=57&t=22660#p119291

    Bo
     
    Last edited: Mar 30, 2016
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    Beta 5.11.3 is out.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=57&t=22660#p119291

    Hey Rasheed. Look at Change 2. Looks to me like this restriction fixes what you found and reported in the post below, and later, I reproduced and made Curt aware of it.
    https://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-86#post-2541548

    Bo
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,578
    Location:
    The Netherlands
  22. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,576
    appreciated that change. nevertheless i dont like lasso to create another power config because mine is perfect. but... lasso is preventing my monitor going to sleep while some programs are running and i have no clue why. this sucks - deleted!
     
  23. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,828
    Location:
    Nicaragua
    At the time, this is what Curt told me about it.
    https://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-88#post-2542417

    They probably thought about it and decided to block it. I think this is a good change.

    Bo
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,578
    Location:
    The Netherlands
    Yes, that's why I reported it, apps shouldn't be able to change things on the real system, so why not block it.
     
  25. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    766
    Location:
    usa
    This morning, suddenly I started receiving a pop-up window with the following Sandboxie's message:
    sdproblems.PNG

    I've upgraded Sandboxie to 5.11-3 but the problem persists.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.