Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    I've tried to install Ghostery inside IE 11, but it doesn't seem to work, bit of a bummer.
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I had a chance to get a debug version of Ghostery from their forum, but the guy said he sent it, even though he didn't. I waited 2 weeks, so I just gave up.
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    954
    Not even possible to install Ghostery for Internet Explorer version 4.0 (IE11/W7 64 bits/Sandboxie beta 4.17.1) : appcrash all the time.

    Logboeknaam: Application
    Bron: Windows Error Reporting
    Datum: 11-3-2015 12:51:51
    Gebeurtenis-id:1001
    Taakcategorie: Geen
    Niveau: Informatie
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****
    Beschrijving:
    Foutbucket , type 0
    Naam van gebeurtenis: APPCRASH
    Antwoord: Niet beschikbaar
    Id van CAB-bestand: 0

    Handtekening van probleem:
    P1: IEXPLORE.EXE
    P2: 11.0.9600.17689
    P3: 54e68526
    P4: ghostery.dll
    P5: 4.0.0.27
    P6: 54c1d680
    P7: 80000003
    P8: 000e4cbe
    P9:
    P10:
     
  4. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    It makes no sense for AppLocker to block the execution of SbieSvc.exe if that file is located in Program Files and there are rules allowing everyone to run every executable from that folder and all subfolders. I've tried adding rules so that various other types of users (like NT AUTHORITY\ANONYMOUS LOGON for example) would also be explicitly allowed to run anything in the Sandboxie folder and the folder where the file I want to isolate is located. Yet AppLocker still blocks the execution for some reason. I've tried Process Monitor to see if I had misses an executable launching from a folder without the necessary AppLocker rules. Everything seems to be correct... on paper. It must be something within Sandboxie, the way it launches its processes maybe?

    I know about the audit option. I've tried it and it tells me the process would've been blocked if AppLocker was on. It still doesn't give any helpful information as to why it is blocked.

    I also have virtual machines but sometimes I need to test a program that has some functionality that requires a real machine or I simply need to run it on my real PC but don't want it to leave traces.
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Grrrrrrrrrrrrr! SpyShelter didn't like Ghostery in Sandboxie either...
     
  6. 142395

    142395 Guest

    Upon download, Ghostery for IE should give such message:
    1. Ghostery IE will not work for Internet Explorer 64 bit mode
    2. Ghostery IE requires logging on under an admin level Windows account to be usable
    Sandboxed process is under anonymous logon user (more restricted than LUA). So it shouldn't work. Maybe same reason for SS.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    Shouldn't the Ghostery BHO be able to work inside the sandbox? And SS is blocking "network hooks", that's why it won't work, apparently you can't make an exception rule in SS, quite silly.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,151
    Location:
    Canada
    That's because AppLocker with Default-deny ruleset blocks anything that isn't included in its ruleset, either as an allowed Path, Publisher or Hash rule. You should just be able to create one of these type rules for the Sandboxie process(es) that is/are blocked.
     
  9. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    I already said that I had tried that and it didn't work.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    Does anyone know how to get my old Rasheed187 account back on the SBIE forum? I can not recover my password because my old email address doesn't exist anymore.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Try emailing Curt
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,779
    Location:
    The Netherlands
    Yes silly me, I didn't see their email addresses were visible on the forum, will try that, thanks.

    EDIT: Actually, it's not true what I said, it's "curt-at-invincea.com", I suppose?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The option would be PM him
     
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Very interested in the response to this, as I was about to switch AppLocker on out of audit mode.

    Perhaps one of the questions to ask Curt is whether they've signed all their executables including the driver. Looking at this link at the bottom, under Printer Drivers,

    https://helgeklein.com/blog/2012/08/applocker-solutions-to-common-problems/

    it says that files that are not digitally signed are still blocked, so even if you added the Sandboxie certificate, it would still block that component. Sometimes developers forget, especially if there's been a major change.
     
  15. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    404
    Location:
    Event Horizon
    I have a question regarding the licensing of sandboxie. I purchased a lifetime license when Tzuk was the developer of the Software. Now Invincea says on their Website that licenses Count only for a single Computer so If you want to protect 2 Computers that you own you have to purchase 2 licenses I assume. Now I don't know how this was handled before Invincea bought Sandboxie but I guess that you were allowed to use sandboxie on as many Computers you wished. You just had to be the owner of These Computers. Correct me if I am wrong. I would like to know if the "old" lifetime licenses are still good to be used on more than just one Computer. Otherwise I would have to buy another license. Can anyone shed light on this?
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,885
    Location:
    Nicaragua
    The terms for your old lifetime license is the same now as it was when you purchased it. You can use it in all computers that you personally own. :)

    Bo
     
  17. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,827
    I think I found a comfortable configuration for all my sandboxes.

    and I would like to thank bo elam for helping me along the way. :thumb:
     
    Last edited: Mar 23, 2015
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,885
    Location:
    Nicaragua
    You are welcome, Ty:cool:.

    Bo
     
  19. 142395

    142395 Guest

    I don't know if it can be addressed from SBIE side, but maybe they won't put much priority on it. I personally don't feel much need for Ghostery IE, so haven't used it.
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,885
    Location:
    Nicaragua
    Beta version 4.17.2 is out now.

    Fixes in 4.17.2

    1) Added Hitman Pro Alert to templates.ini
    2) Changed hook for ChangeDisplaySettingsEx() to allow CDS_RESET. A user reported that a game (fifa15) is trying to use this and failing resulting in incorrect display colors.
    3) DFS mapped drives are now supported (viewtopic.php?f=11&t=18825&p=100656)
    4) VMWare HGFS (Host Guest File System) mapped drives are now supported.
    5) A BSOD bugcheck reported by a user when using bittorrent has been removed (this was a rare situation). SbieDrv was detecting corrupted memory when no corruption had occurred.
    6) Fixed a rare bug in clipboard handling that could crash SbieSvc.
    7) WebEx running under Chrome would sometimes hang.
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=50&t=20793#p107685

    I have been using it for a few days and cant find nothing wrong with it.:cool:

    Bo
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,112
    Location:
    Mountaineer Country
    I'm using Sandboxie version 4.16. I have my sandbox setup to block access (closedfilepath) to my external HDD partitions. When I download a file and purposely make it recover to my HDD it actually does this. Is this a mistake or something new? I could have sworn in the past it blocked all reads and writes to my external HDD. If it is normal is there a way to block all reads and writes to my external HDD partitions from programs known and unknown running in my sandbox?

    Recently my Samsung 840 SSD died on me with less that two years use. After installing a new SSD I set it up using a ram disk. Can you think of any reason it might not be as secure setting the container folder in a ram disk?
     
  22. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    If I understand correctly you've set up a box that should close off a partition ex, "ClosedFilePath=G:\"
    What I don't understand is the next line where you say, "download a file and purposely make it recover to my HDD"

    If it's set up and working properly the program in the box cannot open the partition so how are you even navigating to it to save a file in the first place? Here's a snipped shot of what you should see if it's working properly (eg no conflicting rules) and try to access a blocked partition.

    *Edit:
    Updated example to reflect the screenshot-

    I also use a ramdisk for some of my boxes, including this browser where that screenshot was made and it hasn't affected my blocks but I can't say with certainty it isn't a factor though I can't see why it would be. I use imdisk.
     

    Attached Files:

  23. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,112
    Location:
    Mountaineer Country
    Thanks syrinx. This is in my config.

    ClosedFilePath=E:\
    ClosedFilePath=F:\
    ClosedFilePath=\Device\Mup\
    ClosedFilePath=G:\
    ClosedFilePath=H:\

    I normally recover to downloads but have the option to recover anywhere. If I choose one of the above partitions it lets me save the file. If I can write to the partitions so can malware. I honestly thought I wasn't able to do this but I was using an older version of Sbie for a long time.

    recover.jpg
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,885
    Location:
    Nicaragua
    Removing a folder from your recovery folders list will keep files from being recovered from there. If you remove F, files wont recover there via UI.

    You could also set up your browser to ask you where to save, that way you ll get a message like the one Syrinx got when trying to download files to a blocked folder using file explorer.

    Bo
     
    Last edited: Apr 14, 2015
  25. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,112
    Location:
    Mountaineer Country
    Thanks Bo. I usually get the Sbie pop-up but I could also set the browser to ask. It would just cause a little more work recovering.

    If I do what you say and remove F: from the recovery list is there a way to test if the blocking works? I mainly block access to the partitions to keep malware from writing to my external hdd. It's something I picked up from Peter years ago and it's one of the main reasons I use Sbie.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.