Sandboxie Acquired by Invincea

Discussion in 'sandboxing & virtualization' started by ad18, Dec 16, 2013.

Thread Status:
Not open for further replies.
  1. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    Sandboxie doesn't need Comodo's protection, it rather needs to be protected from Comodo, so Comodo's bugs can't be used to escape the sandbox.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi guest

    I suspect the reason you aren't getting an answer is most folks are like me. I don't know the answer, and just don't have the time to try and figure it out
     
  3. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    Last edited: Nov 16, 2015
  4. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    Code:
    Files:
    C:\Program Files\Sandboxie\*
    C:\Windows\Sandboxie.ini
    Reg Keys:
    HKLM\SYSTEM\*ControlSet*\services\SbieDrv*
    HKLM\SYSTEM\*ControlSet*\services\SbieSvc*
    *\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SandboxieControl*
    
     
  5. guest

    guest Guest

    thank you very much !

    @Peter2150 i guessed it, but finally have one ;)
     
  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    Hello Rasheed. I was told Windows Power Mgmt. communicates to a service running in the host, Curt doubts this function can be sandboxed. The solution seems to be for Sandboxie to block all changes to power mgmt.

    Bo
     
  7. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Thanks for this!
     
  8. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    OK, thanks, but how I'm suppose to protect these SBIE's registry keys? With what exactly?
     
  9. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    @CoolWebSearch
    guest is using CIS according to his/her signature so those registry keys were for CIS. But you can use them with other security softwares (eg. Outpost) or some sort of registry monitoring tool (eg. MJ Registry Watcher, WinPatrol).

    Those registry keys are already protected by most of the security softwares. You don't need to protect them unless you want strict protection.
     
  10. guest

    guest Guest

    Exactly what i plan to do, those keys (and those of other security softs im using) will be added in CIS' Protection Setting > Protected Registry keys.

    Me and others are doing experiments to setup CIS as tight as possible. More for learning than real security worries.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Well, I guess it's not a big deal, as long as it can't be abused by malware.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes I agree, but sometimes simple apps don't work at all, so this always makes me a bit suspicious. And to clarify, I test apps in separate sandboxes, I don't run them in my browser (exploit containment) sandboxes. BTW, can you perhaps check if these apps are able to run sandboxed:

    http://www.moo0.com/?top=http://www.moo0.com/software/ConnectionWatcher/
    http://www.xyplorer.com/free.php
     
  13. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    I'm able to run both of them sandboxed. (zip versions)
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    That's weird, they automatically shut down on my system, SBIE refuses to run them. Perhaps I should make a new sandbox.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    Same here. No errors of any kind installing either program in a sandbox.

    Rasheed, use a default settings sandbox.:)

    Bo


    mon.jpg

    explorer.jpg
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    If the programs shuts down and the sandbox deletes after running the installer, that means you have to untick "Automatically delete contents of sandbox" in Sandbox settings.

    Bo
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    That setting is not enabled, the apps both exit, and SBIE also notifies me that the process has terminated.

    To be honest, I don't see any settings that should cause this, not even "Drop Rights" is enabled , and other apps do work. It's weird as hell.
     
  18. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    OK, if the setting to automatically delete the sandbox is not ticked, then if the program did indeed install in the sandbox, you need to run the program via Start menu. Right click Sandboxie icon, hover your browser over the sandbox where you installed the program, click Run from start menu, find the program in one of the menus, like in the Desktop, and click it.....the result, the program you installed sandboxed, runs sandboxed.:)



    Bo
     
  19. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    I just added the registry keys into the sandboxie.ini file for each sandbox; no issues to report since I added them. The sandboxie.ini file can be added to AppGuard's Guarded Apps folder settings with a choice of Protected (change to Exemption if you need to enter the ini file itself, changes made via GUI are fine). As for the Sandboxie folder in Program Files; that's watched over by SRP, ERP and by running as a Limited User.

    I didn't bother with the firewall approach since I use W7FwAS.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    I'm afraid that something weird is going on, on my system. I made a new sandbox and then XYplorerFree would indeed work. But Moo0 Connection Watcher still wouldn't work, and even worse, it actually made "Sandboxie Control" crash. Like I said, I don't use any special settings, I only have protected certain folders, so I don't get it.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
  22. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    too bad MBAE isn't compatible.
     
  23. guest

    guest Guest

    with sandboxie? it is.

    open "edit configuration"
    under "global setting" add :

    Code:
    Template=MBAE
    scrolldown to the bottom, add:


    Code:
    [Template_MBAE]
    
    Tmpl.Title=Malwarebytes Anti-Exploit
    Tmpl.Class=Security
    Tmpl.Scan=s
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
    Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
    OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
    OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
    OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
    OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
    OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
    OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
    OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
    OpenIpcPath=$:mbae-svc.exe
    InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
    InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
    InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
    
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,053
    Location:
    Mexico
    New beta 5.07.1 is out.
    Just a quick heads up lol
    I want Bo to make the appropriate announcement.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    OK, here it is, Mr X.:)
    http://forums.sandboxie.com/phpBB3/viewtopic.php?f=55&t=22151#p116055

    Bo
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.