Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,443
    Location:
    Viena
    PS: IMHO the best approach would be to add API call logging functionality as a core part of sandboxie and expose that through IPC to 3rd party tools.
    This way compatibility wouldn't be that much of an issue as the logging would be done by sandboxie itself so no more issues when a new version comes out.
     
  2. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I just checked using Sandboxie 5.31.4 under Windows 7 and everything worked fine. Later I will test on Windows 10 and I will report what I find.

    Since Sandboxie development has been restarted I think the best idea would be to open a new thread for BSA so users can report problems. Then we could work together fixing compatibilty issues.
     
  3. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    API logging being done directly by Sandbie is something I proposed to Ronen lont time ago, when we were working together to make Sandboxie BSA friendly, but he replied that was out of the scope of the program. It would be a nice feature.

    Other feature BSA was doing itself but that could be done directly by Sandboxie could be hiding Sandboxie from sandboxed programas. BSA include a driver (BSA.SYS) and also LOG_API has stealth capabilities for Sandboxie components.

    When I was testing BSA I asked Ronen for a custom version where Sandboxie files where named differently. So files were not SbieDll, SbieDrv, etc, etc. If users were allowed to change file names, most of, if not all, these hiding features could be removed because malwares would not know what filenames to look for.
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,443
    Location:
    Viena
    Yes it would be, and I would like to add more logging functionality to sandboxie, and the ability to log and possibly modify all possible API calls sounds extremely useful for software analysis.

    About hiding, changing filenames is not pretty, I think the best would be to enable Sbie to include functionality to optionally hide itself from the programs runnign within.

    If you could provide the code for the LOG_API*.dll and the BSA.sys that would speed up adding that functionality.
     
  5. diversenok

    diversenok Registered Member

    Joined:
    Oct 7, 2018
    Posts:
    18
    Location:
    Russia / Netherlands
    I know that it sounds cool, but can anyone explain me the actual value of this? Are there really any known examples of malware that purposefully changes its behavior when running under Sandboxie's supervision? It is literally impossible to cover all (or even the majority) of possible ways to fingerprint Sandboxie.
     
  6. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Of course. Many malware use this code-snippet:

    https://github.com/MojtabaTajik/Sandbox-Detection/blob/master/SandboxDetection/SandboxDetection.cpp

    or similar stuff.
     
  7. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,363
    Location:
    sweden
    Hi

    I am trying out latest version of S-boxie on a fully updated W10-64bit Home Os and i can hardly install anything in it because it says i need admin rights. Whats up, i am admin, thats the only account. It is my home Pc. I have set UAC to the lowest because i do not want thoose promts and it is a stripped and moded Os with NTLite but as far as i know i have not removed anything that sandboxes like Comodo`s or S-boxie would need.

    So after right click i choose to run as admin in S-boxies promt but yet no go.

    Any idèes of what is wrong?
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Check Drop rights in Sandbox settings. You can't install programs in sandboxes that are resticted. So, you need to disable Drop rights.

    Bo
     
  9. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    1,363
    Location:
    sweden
    I dont even have it activated.
    Is S-boxie self sufficient when it comes to functionality, i mean, it does not need any hyper-v or something like that activated in Windows?

    I can run a browser in it as well as in Comodo`s d.o, at least it looks like it though, the coloured line is there around the frame but if the functionality/security is ok i dont know for shure.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,926
    Location:
    The Netherlands
    Guys I have a weird problem, it seems that when I try to run MP4 video files via MPC-BE inside the sandbox, it gets blocked by Sandboxie, why would it do this? I get the SBIE2314 "Cancelling process mpc-be.exe" error. Also, do you guys think that Sandboxie can cause websites to be displayed incorrectly? Recently I was having problems with instagram.com and fd.nl, disabling all extensions in Vivaldi and clearing cookies didn't help.

    https://sourceforge.net/projects/mpcbe/
     
  11. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    337
    Have you tried if the websites work unsandboxed? From memory: Most of the time when it was about website problems (on the forum) it seemed to be a broken browser profile and not sandboxie. At least that's how I remember it. For me personally I can't remember a website that broke through sandboxie for me.

    FF and Brave worked ok for me for instagram

    Edit: Quote
     
    Last edited: May 20, 2020
  12. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    There is nothing you need to activate in Windows for Sandboxie to work. You install Sandboxie, and the sandbox is ready to go (with Default settings).

    Be aware that some programs don't install sandboxed. Complicated programs don't install sandboxed. So, try first installing programs that are simple like Firefox, Irfanview, or test using the installer posted by Rasheed (in reply right below your last post). See what I tell him, below.

    Bo
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Hi Rasheed. I just tested viewing videos sandboxed using MPC. I used the installer from the link you posted, installed MPC in a sandbox, and videos play well. Look below.

    Sin título.jpg

    The only thing that comes to mind is that perhaps you need a new sandbox, it could be your sandbox is corrupted. So, try running MPC in a new sandbox, or if you have the player installed in a sandbox, delete this installation, and reinstall it. It appears to me MPC is working fine with SBIE.

    Regarding the problem of websites not displaying correctly, that sounds more like a content blocker type issue, not something that's Sandboxie related.

    Bo
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,498
    Location:
    .
    Hi Rasheed: I used the installer from the link you posted, installed MPC (Default Installation) in default sandbox.
    png_6157.png png_6159.png
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,926
    Location:
    The Netherlands
    Thanks guys. And to clarify, I installed MPC-BE outside the sandbox, and I was trying to play video files inside the sandbox, but I get this error. Might be a corruption thing, or perhaps Sandboxie was a bit confused since I also installed MPC-BE inside the sandbox, and perhaps I didn't remove it correctly. MPC-HC works just fine though.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,926
    Location:
    The Netherlands
    I'm also thinking it might be some weird problem with Vivaldi, however in the past I have seen browsers start to malfunction out of the blue when running sandboxed. Might be a sandbox that got corrupted somehow. For example, I had to stop using an old version of Firefox because it would use 100% of the CPU when running sandboxed. Luckily, Firefox 77 seems to work just fine, it's not my main browser though.
     
  17. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    Hello, today I couldn't access the live mail sign in page on my desktop. I believe this has been known issue. I am using 5.31.6 , is the latest stable version 5.33.3 or 5.40 ?
    Thanks in advance
     
  18. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    513
    Location:
    VPN city
    Hi there! There's a simple fix to this!

    just add

    ClosedFilePath=*\cryptngc.dll

    To the global rules

    and then try logging into your microsoft account from a sandboxed browser after restarting all sandboxed processes
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    The latest version developed by Curt for Sophos was 5.33.6. This version is a link between old SBIE and Open source SBIE. I suggest you upgrade. Here is the link.

    https://community.sophos.com/produc...ndboxie-5-33-6-release-and-open-source-update

    Bo
     
  20. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    Bo,

    Today was a very sh... day, due to that Windows 2004 update, plus updates for iphones, etc...
    In short.
    I've read your praises for SBIE 5-33-6 and decided to install it.
    I HAVE NEVER EVER HAD ANY SERIOUS ISSUES WITH SANDBOXIE, but...
    I need your help.
    I cannot install that 5.33.6. What's more, I cannot install ANY SBIE, and my Sandboxie (previous) does not work.
    It's a very sh.... day.

    How to TOTALLY UNINSTALL Sandboxie?

    s1.PNG s2.PNG
     
    Last edited: May 28, 2020
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,191
    Location:
    Nicaragua
    Hi zmechy, I don't like that file in your first screen (KmdUtil). It is not part of Sandboxie, it doesn't come with Sandboxie. I don't have it in my computer. But searching Google, it is mentioned along Sandboxie installations that are malicious (perhaps some that comes with crack), I also found one link that relates KmdUtil to an old SBIE utility that sort of made or made Sandboxie portable. So, I don't know, but that file is strange.

    Sin título.jpg

    Where did you get the installer for version 5.33.6? I hope you got it from Sophos, or a friend that can be trusted.

    Yes, try to uninstall whatever you have, and reinstall. Run an installer, and choose Uninstall (You dont want to save settings) or uninstall from Control panel. After uninstalling make sure the Sandboxie folder in Program files is deleted. I would also make sure the Sandboxie.ini file in Windows is deleted. And would delete the Sandbox folder in C Drive.

    Do a reboot, and try to reinstall SBIE.

    Also, look for KmdUtil in your computer.

    FWIW, I did the upgrade and came out of it about 2 hours ago. Not all looks perfect but seems OK for Hour 2 in the new system. Things related to SBIE, so far I only ran Firefox sandboxed, and it seems fine. I saw your post before doing the upgrade, your post pushed me into doing the upgrade to see what happens. After I get out of here, during the next couple of hours I am going to test everything I do sandboxed. Good luck, and later.

    Bo
     
    Last edited: May 29, 2020
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    1,167
    Location:
    usa
    Thanks.

    Thank you for your answer.
    Yes, I've tried to by-pass that Sophos application form and downloaded from a web-site that I've never used before.
    I've scanned with my Bitdefender - it showed being safe.
    I've followed your guidance and uninstalled SBIE, and, after downloaded from Sophos, reinstalled Sandboxie.
    I'll re-scan my computer for that strange KmdUtil file.

    Thank you.
     
    Last edited: May 29, 2020
  23. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,443
    Location:
    Viena
    KmdUtil.exe is a regular sandboxie file that is used by the installer to start stop the driver, it is not being installed to the system, it lives only in the temp folder during the Installation/Uninstallation process.

    If some one wants to create a portable Sandboxie installation he needs to capture that file and use it to stop the driver when the portable instance terminates.
    This file can also be used by cracks to stop the driver such that it can be replaced with a patched version without the need for a reboot.
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,498
    Location:
    .
    png_6349.png
    png_6349.png
     
    Last edited: May 29, 2020
  25. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    Sorry GrDukeMaiden, tried that and it didn't work, but thanks for trying :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.