Sandboxie and AppGuard Help

Discussion in 'sandboxing & virtualization' started by Dark Shadow, Oct 26, 2011.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Having a small Problem with SB and AG together.When I open browser sandboxie It takes a very long time to open and noticed that in the event log that sandboxie is being blocked and its not in the guarded list.It works fine on install but anything above its doomed.

    I spent a lot of time and the only way I could get it to open normaly was to uncheck guarded Internet explorer.I am not worried because the browser is still in SB.I am thinking its something with the user space but for the life of me I cant figure it out.

    So my work around is as mentioned above is to uncheck IE guarded app.I know I am not alone with this because I was recently asked how to configure SB with AG but obvious I am of no help.Hopefully some of you brilliants minds can help all of us with this.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    What is the blocking error message you are getting.

    Pete
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Let me check be RB.


    K says prevented process < internet explorer from writing to C:sandbox\name\defaultbox\\user\current\appdata\local microsoft internet explorer.There is other logs they say some different like preventing to local temps and favorites.there is a lot of them.I tried to screen shot it but wont let me for some reason.


    Like I said if I unchecked app guard for IE its perfect and outside of sandboxie with appguard checked its perfect.Even with restrction removed from SB same resullts.
     
    Last edited: Oct 26, 2011
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Djohn, Try putting appguard in install mode. Then run IE sandboxed. I got the same message trying to run firefox sandboxed. Appguard didn't seem to like that. Sandboxie gave me a "unable to mount registry hive" error message. I put appguard in install mode then ran sandboxie. I then put it back into high. Seems to be working at the moment. I'll let you know if it works on restart.
     
  5. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    207
    Add the following files to the MemoryGuard exception list with write permission:

    sandboxierpcss.exe
    sandboxiedcomlaunch.exe
    sandboxiecrypto.exe

    Also add c:\sandbox folder to the folder exception list under the guarded apps tab with read/write permissions.


    Edit: Fixed typo
     
    Last edited: Oct 27, 2011
  6. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Ok that failed horribly. I'm still getting the registry hive error when trying to run firefox sandboxed. Hopefully someone that has some experiance with both of these can shed some light. I really don't have time to be messing with it.
     
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Well there ya go. Thanks Kid!
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I just tried that didn't work it took a 1 minute and 30 seconds before I was able to use browser.:argh:
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    OK try that now.


    No it didn;t work it open but it takes to long.Maybe conflict with ie 9 and guard.
     
    Last edited: Oct 26, 2011
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Do what kid just said. I tried it and it seems to be working well. Just make sure when you add C:/sandboxie to the list change it from deny to write/read.
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    K did that still same slow as snails,just going to keep Ie guard unchecked.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Got it working now, I was doing it wrong the first time of adding the exclushions...:thumb: Thanks Kid
     
    Last edited: Oct 27, 2011
  13. Francis93

    Francis93 Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    311
    Mine's working great too! :thumb: Thanks Kid Shamrock. ;)
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Glad you guys got it. I had the same issue, and found the same solution. Kjd, beat to it. Good work.

    Pete
     
  15. chris1341

    chris1341 Guest

    Couple of quick questions. Anyone getting this combo working on win 7 x 64? I have the same settings as on Vista 32 but on Win 7 keep getting errors.

    On a different note is the sandbox container user space? If not the AE functionality of AppGuard is not going to kick in so you still need start run restrictions?

    Thanks
     
  16. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Thanks much for that Kid Shamrock,
    but you probably mean "SandboxieRpcSs.exe".
    No biggie but I was using a search tool and was not finding it...
    ;)
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Glad to hear and I dont know about you but I was going bonkers trying to figure it out.I just needed some sleep and went back to kids Shamrock suggestions thanks.I put all the ones suggested by kid except the C\Sandboxie I put someting else in there by mistake and everything was deny Duh.
     
    Last edited: Oct 27, 2011
  18. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thanks peter anyways,I know you would have been the go to guy to get us on our way if Kid did not post the solutions first.:thumb:
     
  19. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    The settings mentioned in this thread work fine on my WinXP machines. On my 7 x64 machine I can only run SBIE if I use the Sandboxed Web Browser shortcut or right click on my browser icon and use the run sandboxed selection. The problem for me on 7 x64 seems to stem from the forced program setting for my browsers. If the browser is launched forced I have a failure every time, and I have not found any AppGuard settings to solve this other unchecking the guarded application box for the browser. o_O

    Dave
     
  20. chris1341

    chris1341 Guest

    Dave, that is exactly my problem. Glad it is not just me going mad! Maybe the way SBIE intercepts the browser on 64 bit when launched direct from the shortcut is different than 32 bit because of patchgaurd and this triggers AppGuard intervention/protection. Although for me at least nothing is logged.

    Might head over to the SBIE forum and see if Tzuk has a solution or at least explanation.

    Thanks
     
  21. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    That's very similar to what I was thinking Chris. Hopefully, Tzuk can give us some idea what's going on. :)
     
  22. chris1341

    chris1341 Guest

    I'll post back here if I get a resolution for any with the same issues. Meantime http://www.sandboxie.com/phpbb/viewtopic.php?t=11781

    Cheers
     
  23. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    I just posted there also. :)
     
  24. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    OK here is a quick one that is giving issues.

    10/27/11 19:28:33 Prevented process <googleupdate.exe> from launching from <c:\users\kjdemuth\appdata\local\google\update>.

    Now would that go into the memoryguard or under the apps?
     
  25. Dave53

    Dave53 Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    114
    I excluded that folder from user space, and that seemed to take care of it.

    Dave
     
Loading...
Thread Status:
Not open for further replies.