Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

  1. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,874
    i think he's trying to say "icing (on the cake)". looks like a typo.
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    i had a game which write "hicing" (it still do) which is the same as "icing", i dont know why.
    the matter what i want to tell that vendor on the result tabel(s) on VT is participating in the results and get alert when at least one engine found malware. even microsoft. windows10 has a good malware detection, comparable to others, has antiexploit detection, has ransomware detection, even in mails. has aslr (v2), has dep, has cf, (process isolation is called sandbox) - has real sandbox now. has process management (whitelist), has rights managment. problem - people dont use it if they dare. to admin that other products had "cloud" before windows defender, either like VT or its own database and without defender never get that strong, but for now its not really needed. people like to stick with the past.

    a current example how people are influenced
    https://github.com/processhacker/processhacker/issues/454#issuecomment-559461593

    processhacker had no change since 2017, first warning was march or may 2019 and now end of nov'19 windows defender. big crying, wtf, how and why me. they ignored that this file existed for over 2 years now and nobody complained. some vendors ruddered back, also microsoft, you wont find sys-file listed in windows defender because there is no reason. maybe the code is similar and in times about emotet and co are sensible. the problem behind is that they stick with the past and their behavior. instead telling people how bad the web is - ofc in parts it is evil - some need to tell them how to react, in special on "certain" mails.

    i abandonned any active antivirus or hips a decade ago, its complete waste of time. dont want it? dont click it! dont load it!
    people scared by attacks in browser? why? wrong browser? wrong page? since browsers got really powerful against bad content ransomware get spread in most cases by email. Rasheed pointed it out, although the example is old.

    anyhow it is worth trying without full blown suites, or hips, or tools like hmp(a).
     
  3. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    447
    Location:
    USA
    Ok. Maybe the Jan 2020 version of Edge will be compatible with Sandboxie.
    Thanks for the responses.
     
  4. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    I doubt it, as that will also run AppC.
     
  5. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    447
    Location:
    USA
    Well darn!
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    i tried new edge (chromedge) to install in sandboxie - failed. needed shadow defender. evaluating binary extraction from msi file...
     
  7. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    187
    Is the Chromium Edge an official release now or is it still in the beta stage? (Never mind for the time being that this knucklehead is too lazy to look it up. o_O)
     
  8. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    It's currently available as a beta. Official release is coming in January, so I guess this month ;)
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    not matter of this thread but new Edge could be very limited in extensions (would say: none), need beta to install from chrome store. for now its better to stick with chromium then. extraction binary from msi file failed, not the same file.
     
  10. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Key word here is "could". We don't know yet. I think it would be foolish of them not to allow you to install extensions from the Chrome store.

    Personally, I'm happy with AppContainer/Edge and SMPlayer using Malwarebytes Anti-Exploit. Less issues than Sandboxie/Firefox and Sandboxie/SMPlayer IMO
     
  11. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    571
    Location:
    USA--Colorado
    I'm sorry, but I'm confused. I'm currently using the Edge beta and I have 9 extensions installed. Are you saying that when it comes out of beta that my extensions will no longer work or won't be available?
     
  12. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    see Beyonder
     
  13. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    121
    I need to install a MSI file/package that is needed for another program to run, in a sandbox, and am unable to. I tried extracting MSI file, that works, but I can't install it then...
    Do you guys know of any workaround that could enable installing a MSI package inside a sandbox (under Sandboxie)? Maybe some setting that I could (temporarily) change in Sandboxie?
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    which program exactly?
    normally it is possible to use extracted msi setups because the result is a msi file + data, but if it already failed in sandboxie i dont have much hope for you.
     
  15. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Feel free moving this discussion here
    https://www.wilderssecurity.com/thr...ed-edge-looks-like.414193/page-4#post-2879850

    The short answer is that they will work, and nothing will change. Cheers!
     
  16. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    121
    https://www.mono-project.com/download/stable/

    The 32-bit version.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,260
    no problems here, windows 10 1809 x86. box has web access and admin rights. no other limitations. msi and as extracted msi+data.
    create a logfile next time and search for failure.
     
  18. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    121
    I'm on v1903 of Windows 10 and I can't install MSI files in a sandbox (under Sandboxie). I think I was able to when I was on v1809.
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,336
    https://www.sandboxie.com/KnownConflicts#Installing programs
     
  20. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    I've seen lots of reports about MSI install failures so I did some testing in my VMs. I found that things which would previously install properly in SBIE would not even 'start' on Windows 10 1909 x64. I was then able to open enough to allow it to 'start' but then later in the chain it would again fail. Those same installers would have no issues with SBIE and older Windows 10 versions.

    This is a real issue specific to 1909 x64 (I haven't tested x86 but judging from the above comments it doesn't face the same problems.) As 1909 is well and beyond official release and x64 is much more widespread you'd hope sophos would take notice and do some testing itself instead of repeating old and unrelated things.

    As such I find all these unhelpful comments and quotes related to more generic possibilites when the specifics have been mentioned time and time again to be rather annoying...like I suspect many of you find me to be :p

    When first launching the msi, before anythign is even actually installed or even a prompt given I would encoutner an alert, "The Windows Installer Service could not be accessed." blah blah blah

    After adding "{000C101C-0000-0000-C000-000000000046} Msi install server" to OpenClsid it would actually allow it to start the INSTALLER again.

    However once you got so far as the actuall INSTALL, you'd be greeted with another alert from the INSTALLER itself, "The Windows Installer Service could not be accessed." blah blah blah sound familiar?

    After that even after bypassing some other resources to basically expose as much as possible I wasn't seeing why it was failing and it simply refused to even start installing. My guess is they need to update the hardcoded checks for MSIs and 1909.

    Also worth noting, I didn't test on an up to date 1903 x64 either but had no issues on an up to date 1809 x64 but even my 1909 x64 test was done on a virgin install with no updates required to reproduce so it should be rather simple for others to see if they also bother to try instead of assume its related to something the msi is trying to add...this is basically instant!
     
    Last edited: Jan 2, 2020
  21. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    319
    Location:
    Canada
    MSI installers used to work fine, it broke after some random CU update that happened in 1903.
     
  22. Bellzemos

    Bellzemos Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    121
    Is there a way to find the exact Windows Update which messed up MSI installations under Sandboxie and remove it?
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,449
    Location:
    .
    Hi
    Since, Firefox 72.0 or 72.0.1. I'm seeing >
    png_3722.png png_3723.png
    Code:
    SBIE1308 Program cannot start due to restrictions - CompPkgSrv.exe [Firefox]
    SBIE2222 To add the program to Start/Run Access Restrictions, please double-click on this message line
    SBIE2314 Canceling process CompPkgSrv.exe
    Curious, before I Hide.
    Is 'CompPkgSrv.exe [Firefox]' a Windows service https://www.file.net/process/comppkgsrv.exe.html or Firefox service.
    Why 'SBIE2314 Canceling process CompPkgSrv.exe' when calling Firefox support pages and YouTube pages?
    What program cannot start?
    'SBIE1308 Program cannot start due to restrictions - CompPkgSrv.exe [Firefox]'
    png_3726.png png_3727.png
    Comments?

    Edit:
    Code:
    SbieCtrl_HideMessage=2222,CompPkgSrv.exe [Firefox]
    SbieCtrl_HideMessage=1308,CompPkgSrv.exe [Firefox]
    SbieCtrl_HideMessage=2314,CompPkgSrv.exe
    
    Curious...what's CompPkgSrv.exe?
     
    Last edited: Jan 8, 2020
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,683
    Location:
    Nicaragua
    Hi bjm, I haven't seen any messages related to CompPkgSrv.exe. According to a quick Google search that file is part of the operating system.

    I gone to YouTube, and the file doesnt try to run.

    FWIW, I found an annoyance (an old one) coming back to Firefox with the update to 72.0.1 (I skipped 72). See the Firefox thread.

    Bo
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,449
    Location:
    .
    Okay....CompPkgSrv.exe remains head scratch, for me.
    Thanks
    Okay....posted on Firefox thread.

    Edit: as test > removed SbieCtrl_HideMessage code + disabled Firefox add-ons and reproduced (intermittent) CompPkgSrv.exe message on more sites. So, not just YouTube n' Firefox Support sites.
    Wilders w CPS w 72.0.1 (1).png
     
    Last edited: Jan 11, 2020
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.