Sandboxie Acquired by Invincea

I can add \Device\NamedPipe\hmpalert along side [\Device\NamedPipe\hmpalert]. Sandboxie does not object.

 

So far it's working fine over here.

 

Hello, Bo!

Uninstall Vivaldi and Yandex! Or I would have given you the error codes!
Post #2284
Current install browsers are UC Browser and K-Meleon.

Making today great and tomorrow even better.

 

Sandboxie beta 5.07.2 has been released. For Sandboxie users who have Office 2013 and like to sandbox their office files, this version is nice since running Office 2013 under SBIE had been broken by beta 5.07.1 (likely, this happened only in W10).

http://forums.sandboxie.com/phpBB3/viewtopic.php?f=55&t=22151#p116055

Bo

 

FWIW, all works well with this beta in my systems (XP and W7 32 bits). Nothing breaks.

Bo

 

5.07.2 beta working well here also. Win 7 64 bit.

 

me too W8.1x64

 

Thank you for the notification, Bo! 5.07.2 now running fine on two 7x64 machines.

 

Running well here on Win 8 (64 bit)...

 

Running simply fine also on Windows OEM 8 64 bit. Never updated once. Far as i ever got with XP was SP2 so par for the course on this end with absolutely no issues whatsover. Happy 8 camper.

 

A question on Sandboxie and Malwarebytes-Antiexploit (I have not read all the posts in this thread. I am sorry if this problem has been answered.):

I have installed MBAE 1.08 and Sandboxie 5.06 on a virtual machine which is running WinXP SP3 (32-bit).

I hope to use MBAE to protect the applications running in the Sandbox. I find the following template in the forum of Sandboxie:

Code:

[Template_MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
OpenIpcPath=$:mbae-svc.exe
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll

I simply copy this template to the config file of Sandboxie (Sandboxie.ini), and add a line to the [GlobalSettings]:

However, when I run Firefox in Sandbox, it is not protected by MBAE (according to the log of MBAE)...

I would appreciate it if anyone could help me to solve this issue.

 

It should be ok if it says cmd is protected when you open your applications.

 

@Online_Sword
Then check with Process Explorer how mbae.dll and/or mbae64.dll is injected...

 

@busy

Thank you for your reply. When I launched Firefox or IE in the Sandbox, MBAE said nothing...

@Mister X

Thank you for your reply. I have checked the DLL injection with Process Explorer.

It seems that when I run Firefox outside of Sandboxie, then mbae.dll is properly injected into the process of ff.

But when I run Firefox inside the Sandbox, then I cannot find mbae in the DLL list corresponding to Firefox.

Spoiler: screenshot

https://i.imgur.com/nOcCDGC.png

I do not know what to do next.

 

It's a shame I can't reproduce your issue as I don't have a XP VM or something.

 

Thank you for your help all the same.

 

To this day the template only works on XP with SBIE 3.x. I can't figure out why it doesn't work in newer versions while it does work with 4.x and 5.x on vista through 10 both 32 & 64 versions. If you figure it out let me know so I can update the template.

I've been through several procmon logs at various points (not recently) and as far as I can tell the MBAE svc just doesn't even attempt to communicate with the protected app while under SBIE 4/5 so manually injecting it via the template makes no discernible difference. That being said, the more recent betas of SBIE have changed the injection process so when I have time to pour through thousands of lines in procmon I'll give it another go.

My latest (unofficial) update/toying makes this issue a bit more apparent even inside of SBIE

Code:

[Template_XPMBAE]

Tmpl.Title=MBAE (XP & SBIE 3.76 ONLY)
Tmpl.Class=Security
Tmpl.Scan=s
#Scan for key in registry, *should* only be found on XP : I hope!
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility
OpenIpcPath=$:mbae-svc.exe

[Template_32MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit (x86)
Tmpl.Class=Security
Tmpl.Scan=s
#Scan for MBAE in registry, only found on 32 bit OS
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*

[Template_64MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit (x64)
Tmpl.Class=Security
Tmpl.Scan=s
#Scan for MBAE in registry, only found on 64 bit OS
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*

 

I'm not sure what you mean, because months ago I did manage to make MBAE protect sandboxed apps on Win 8.1, with the help of your template. But I decided to temporarily remove MBAE because of shutdown problems, probably caused by the ERP + MBAE combo. But I will soon reinstall MBAE.

I'm also not sure, but he did tell me that HMPA uses a different injection method, that's why you don't have to use any special templates. Would be cool if they could tweak MBAE's method of injection.

 

Quick question, can you guys perhaps check if y'all can run SuperTuxKart sandboxed? I can install it, but I get an error on start up.

http://supertuxkart.sourceforge.net/

In all fairness, SurfRight never managed to fix my problem with the HMPA + SBIE combo, not that I blame them, because every system may behave differently and it's sometimes hard to pinpoint the problem.

 

He meant to say that on XP the template works only with SBIE 3.x not 4.x not 5.x
Yet the template works on Vista through 10 with SBIE 4.x and 5.x

 

OK I see, my mistake. I didn't read it correctly.