sandboxie and imon problem

Discussion in 'NOD32 version 2 Forum' started by mizar, Jul 30, 2006.

Thread Status:
Not open for further replies.
  1. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    i heard about these sandbox and hips products and installed "sandboxie".nice software and it is free, it almost passed all the tests on websites of other sandbox vendors (i.e. bufferzone)

    the problem is that when start my default browser(opera 9.0) sandboxed and visit a website then open nod32 2.5 control center i'm not able to see
    the files that are scanned by imon( no file name seen under status frame but i can see scanned ones in amon, but it is not the same case when i open opera without sandboxed,i can see files are being scanned by imon.

    are the files just going to sandboxed opera cache folder without scanned by imono_Oo_O(i think yes because eicar virustest file was caught by amon)How can i solve that?

    i've asked about the same problem in sandboxie forum,no solution came up(no problem just one man improving a nice software);) http://sandboxie.com/phpbb/viewtopic.php?t=353
     
  2. ASpace

    ASpace Guest

    Can you post a screenshot of your NOD32/IMON so that we see exactly what is happening ?
     
    Last edited by a moderator: Jul 30, 2006
  3. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    clipboard01ik3.jpg

    also number of files scanned is only 3
     
    Last edited: Jul 30, 2006
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Maybe the website is loaded from cache?
     
  5. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    thanks for the replies

    no i tried that after deleting entire cache also the system was clean, i had restored with acronis true image, nod32 is the first antivirus.

    i installed ewido 4.0 and it is able to see sandboxed opera connections ,i think, because i can see opera in analysis/connections tab of ewido, but imon still doesn't work

    and the case is not specific just for browsers, imon does not check any of the sandboxed applications that use web connection
     
    Last edited: Jul 30, 2006
  6. ASpace

    ASpace Guest


    Why exactly do you use these sandibox ?? Isn't NOD32 and Ewido + Opera itself good protection for you ?

    Can you provide us/me/ with more info about this Sandbox .
    IMON checks every HTTP traffic as well as POP3 traffic . IMON also cannot check encupted traffic because it works in early Winsock level
     
  7. hin123

    hin123 Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    12
    I use sandboxie too.

    You can find more info about sandboxie here

    And when I try to access the Eicar AntiVirus test file(http://www.eicar.org/download/eicar.com) in a sandboxed IE, only AMON gives me a warning.

    You can try it yourself:)
     
  8. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    here is info about sandboxie http://www.sandboxie.com/

    quotes from sandboxie overview:
    1.example how it works:
    "If you run Freecell inside the Sandboxie environment, Sandboxie reads the statistics data from the hard disk into the sandbox, to satisfy the read requested by Freecell. When the game later writes the statistics, Sandboxie intercepts this operation and directs the data to the sandbox.

    If you then run Freecell without the aid of Sandboxie, the read operation would bypass the sandbox altogether, and the statistics would be retrieved from the hard disk.

    The transient nature of the sandbox makes it is easy to get rid of everything in it. If you were to throw away the sandbox, by deleting everything in it, the sandboxed statistics would be gone for good, as if they had never been there in the first place."

    2.the reason i use it

    "Anti-Virus Software, Anti-Spyware Tools

    These tools scan your computer files and registry settings looking for known viruses and unsolicited software (spyware). Such tools can only remove viruses and spyware they can identify, and usually only after that software has made its way into your computer. Contrast this with the Sandboxie approach, which keeps the viruses and spyware trapped in the sandbox, and makes them disappear when you throw away the sandbox."

    for me sandboxie provides a last layer of security against unknown malware(that doesn't mean it is the ultimate security software, the most secure computer is the one that has no web connection:D ))

    for the real technical part i don't know how it works,maybe these help

    http://www.sandboxie.com/faq.php#browser

    quote from its faq:

    "What are SandboxieRpcSs and SandboxieDcomLaunch?

    The Windows operating system provides a framework known as the Component Object Model, or COM for short. COM mediates between applications in such a way that allows the applications to focus on what they want to say to each other, rather than exactly how to say it.

    Sandboxie uses the two programs SandboxieRpcSs and SandboxieDcomLaunch (*) to provide a sandboxed instance of the COM framework. The Windows-provided COM framework can connect only non-sandboxed instances of applications to each other, while the Sandboxie-provided COM framework can connect only sandboxed instances of applications to each other. This strengthens the isolation of the sandbox, and makes for better sandboxing."

    also
    http://sandboxie.com/phpbb/viewtopic.php?t=307&highlight=api (small info but maybe useful for you tech-users
    and
    http://sandboxie.com/phpbb/viewtopic.php?t=223&highlight=api
     
  9. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    Bumping this thread since the problem still exists, NOD32's IMON won't scan anything, just AMON scanning cached files.(using the nod32 rc1 now ;imon still doesnt work,i hope developers can fix that issue soon:rolleyes: )
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, IMON does not scan traffic that goes through Sandboxie. I'm not sure if it's even possible from the technical point of view.
     
Thread Status:
Not open for further replies.