Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.
I've tried to install Ghostery inside IE 11, but it doesn't seem to work, bit of a bummer.
I had a chance to get a debug version of Ghostery from their forum, but the guy said he sent it, even though he didn't. I waited 2 weeks, so I just gave up.
Not even possible to install Ghostery for Internet Explorer version 4.0 (IE11/W7 64 bits/Sandboxie beta 4.17.1) : appcrash all the time.
Bron: Windows Error Reporting
Datum: 11-3-2015 12:51:51
Foutbucket , type 0
Naam van gebeurtenis: APPCRASH
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0
Handtekening van probleem:
It makes no sense for AppLocker to block the execution of SbieSvc.exe if that file is located in Program Files and there are rules allowing everyone to run every executable from that folder and all subfolders. I've tried adding rules so that various other types of users (like NT AUTHORITY\ANONYMOUS LOGON for example) would also be explicitly allowed to run anything in the Sandboxie folder and the folder where the file I want to isolate is located. Yet AppLocker still blocks the execution for some reason. I've tried Process Monitor to see if I had misses an executable launching from a folder without the necessary AppLocker rules. Everything seems to be correct... on paper. It must be something within Sandboxie, the way it launches its processes maybe?
I know about the audit option. I've tried it and it tells me the process would've been blocked if AppLocker was on. It still doesn't give any helpful information as to why it is blocked.
I also have virtual machines but sometimes I need to test a program that has some functionality that requires a real machine or I simply need to run it on my real PC but don't want it to leave traces.
Grrrrrrrrrrrrr! SpyShelter didn't like Ghostery in Sandboxie either...
Upon download, Ghostery for IE should give such message:
1. Ghostery IE will not work for Internet Explorer 64 bit mode
2. Ghostery IE requires logging on under an admin level Windows account to be usable
Sandboxed process is under anonymous logon user (more restricted than LUA). So it shouldn't work. Maybe same reason for SS.
Shouldn't the Ghostery BHO be able to work inside the sandbox? And SS is blocking "network hooks", that's why it won't work, apparently you can't make an exception rule in SS, quite silly.
That's because AppLocker with Default-deny ruleset blocks anything that isn't included in its ruleset, either as an allowed Path, Publisher or Hash rule. You should just be able to create one of these type rules for the Sandboxie process(es) that is/are blocked.
I already said that I had tried that and it didn't work.
Does anyone know how to get my old Rasheed187 account back on the SBIE forum? I can not recover my password because my old email address doesn't exist anymore.
Try emailing Curt
Yes silly me, I didn't see their email addresses were visible on the forum, will try that, thanks.
EDIT: Actually, it's not true what I said, it's "curt-at-invincea.com", I suppose?
The option would be PM him
Very interested in the response to this, as I was about to switch AppLocker on out of audit mode.
Perhaps one of the questions to ask Curt is whether they've signed all their executables including the driver. Looking at this link at the bottom, under Printer Drivers,
it says that files that are not digitally signed are still blocked, so even if you added the Sandboxie certificate, it would still block that component. Sometimes developers forget, especially if there's been a major change.
I have a question regarding the licensing of sandboxie. I purchased a lifetime license when Tzuk was the developer of the Software. Now Invincea says on their Website that licenses Count only for a single Computer so If you want to protect 2 Computers that you own you have to purchase 2 licenses I assume. Now I don't know how this was handled before Invincea bought Sandboxie but I guess that you were allowed to use sandboxie on as many Computers you wished. You just had to be the owner of These Computers. Correct me if I am wrong. I would like to know if the "old" lifetime licenses are still good to be used on more than just one Computer. Otherwise I would have to buy another license. Can anyone shed light on this?
The terms for your old lifetime license is the same now as it was when you purchased it. You can use it in all computers that you personally own.
I think I found a comfortable configuration for all my sandboxes.
and I would like to thank bo elam for helping me along the way.
You are welcome, Ty.
I don't know if it can be addressed from SBIE side, but maybe they won't put much priority on it. I personally don't feel much need for Ghostery IE, so haven't used it.
Beta version 4.17.2 is out now.
Fixes in 4.17.2
1) Added Hitman Pro Alert to templates.ini
2) Changed hook for ChangeDisplaySettingsEx() to allow CDS_RESET. A user reported that a game (fifa15) is trying to use this and failing resulting in incorrect display colors.
3) DFS mapped drives are now supported (viewtopic.php?f=11&t=18825&p=100656)
4) VMWare HGFS (Host Guest File System) mapped drives are now supported.
5) A BSOD bugcheck reported by a user when using bittorrent has been removed (this was a rare situation). SbieDrv was detecting corrupted memory when no corruption had occurred.
6) Fixed a rare bug in clipboard handling that could crash SbieSvc.
7) WebEx running under Chrome would sometimes hang.
I have been using it for a few days and cant find nothing wrong with it.
I'm using Sandboxie version 4.16. I have my sandbox setup to block access (closedfilepath) to my external HDD partitions. When I download a file and purposely make it recover to my HDD it actually does this. Is this a mistake or something new? I could have sworn in the past it blocked all reads and writes to my external HDD. If it is normal is there a way to block all reads and writes to my external HDD partitions from programs known and unknown running in my sandbox?
Recently my Samsung 840 SSD died on me with less that two years use. After installing a new SSD I set it up using a ram disk. Can you think of any reason it might not be as secure setting the container folder in a ram disk?
If I understand correctly you've set up a box that should close off a partition ex, "ClosedFilePath=G:\"
What I don't understand is the next line where you say, "download a file and purposely make it recover to my HDD"
If it's set up and working properly the program in the box cannot open the partition so how are you even navigating to it to save a file in the first place? Here's a snipped shot of what you should see if it's working properly (eg no conflicting rules) and try to access a blocked partition.
Updated example to reflect the screenshot-
I also use a ramdisk for some of my boxes, including this browser where that screenshot was made and it hasn't affected my blocks but I can't say with certainty it isn't a factor though I can't see why it would be. I use imdisk.
Thanks syrinx. This is in my config.
I normally recover to downloads but have the option to recover anywhere. If I choose one of the above partitions it lets me save the file. If I can write to the partitions so can malware. I honestly thought I wasn't able to do this but I was using an older version of Sbie for a long time.
Removing a folder from your recovery folders list will keep files from being recovered from there. If you remove F, files wont recover there via UI.
You could also set up your browser to ask you where to save, that way you ll get a message like the one Syrinx got when trying to download files to a blocked folder using file explorer.
Thanks Bo. I usually get the Sbie pop-up but I could also set the browser to ask. It would just cause a little more work recovering.
If I do what you say and remove F: from the recovery list is there a way to test if the blocking works? I mainly block access to the partitions to keep malware from writing to my external hdd. It's something I picked up from Peter years ago and it's one of the main reasons I use Sbie.
Separate names with a comma.