Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.
I took the easy out, and added dllhost to my sbie boxes
Forced or ?
No, thats one process you do not want to force. But for convenience, you might want to add it to the programs that are allowed to run (Sandbox settings>Restrictions>Start Run access.
Should I add it to like my browser sandbox?
Nothing wrong doing that, Pete. It is still very safe to do it since ONLY dllhost thats installed in your computer (out of the sandbox) can run when the process is added to the list of programs that are allowed to run. After adding dllhost to the list, if malware using the name dllhost downloads into the sandbox, it wont run. I think this restrictions work beautifully.
You can add it or not, it really doesn't matter. Whether you add it or not, you ll still be able to do what you doing sandboxed without allowing dllhost to run. I add it to my everyday browser sandbox in the list of programs that are allowed to run.
It's also interesting that dllhost wants to communicate to network when downloading files in Chrome. I don't give that right to this process, but I do let it run.
Exactly what I do, let it run but no Internet allowed so any attempt to retrieve or worst to send data is blocked. When I close Chrome session every piece of data (sensitive or not) is destroyed.
dllhost aka "com surrogate" is a called security feature, read more:
so if there is something wrong with other code - malware, wrong hook, wrong jump, breaking DEP/ASLR - that wont concern the calling process and makes it weak or vulnerable.
it is possible to deactivate surrogate by id, but it lowers security. in most cases a 3rd-party security software causes problems with it.
if you experience trouble check processes first.
if surrogate eats cpu or ram its matter of the called dll file (see above)
Thank you for this information, enlightening indeed.
Thanks for the feedback. I will post about it on the SBIE forum, I don't believe it should be this sluggish.
I don't get it, can't it update inside the sandbox?
Sure it can, but then I exit, the sandbox deletes, and the updates are gone.
New beta, 5.05.1 has been released.
Running v5.05.1 with no problems.
Ditto for me also. So far no problems.
I just discovered that apps (and SBIE processes) won't terminate correctly, what a bummer, I will upgrade to 5.05.
Sometimes setting a program as the Leader program in a sandbox, solves the issue of a program remaining running after the sandboxed application is closed. Use this setting for the primary program of the sandbox. You can also try adding processes to the list of Lingering programs. Don't add Sandboxie processes to either list, they auto terminate when nothing else is running sandboxed. Its not really abnormal to experience something like this in one, maybe two sandboxes, but it shouldn't be happening in every sandbox you are using. Read here.
I've had a few problems with my Sandboxie. One of them - issues with printing - has been resolved.
My second problem was this.
I could not run the Delete command upon closing Sandboxie on my Windows 7. I got used to that and decided to wait till I update Win 7 to Windows 10.
Yesterday, I updated my Windows 7 computer to Windows 10, but I still get the same "Delete command" problem.
Here is the pop-up window snapshot.
Could you help me to resolve it?
Thanks in advance.
Had a few Firefox false starts with v5.05.1
I'll delete the 1mb and second Run Web Browser is okay.
Had some false starts with v4.x.x.
Must be me. I'll try Forced and see.
Zmechy, I am not familiar with using Eraser to delete the sandbox. I use RMDIR (default) and that works well. Take a look at this recent thread about Eraser and SBIE, it might help you figure out what you need to do to get Eraser working with SBIE. Your issue probably has to do with Eraser not setup correctly in Sandboxie settings.