Should I use EMET with SBIE 64?

Discussion in 'sandboxing & virtualization' started by jo3blac1, Nov 1, 2012.

Thread Status:
Not open for further replies.
  1. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Okay so I got SBIE 64 bit on my W7. I know this protection is not as good as the 32 bit version so I was wondering if I should add EMET. Will it even work inside sandboxie? Also I would use EMET 2.1 because it has less footprint than the newer version.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Sandboxie 64 bit is not as strong as 32 bit based on what facts.I dont hear any one being infected by malware on 64 bit any more then 32 bit. The last I looked, seems like no one is getting malware Planted on there system thats using sandboxie. As far as EMET I dont no if it provides anything extra that sandboxie already provides.
     
  3. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Alright that puts some of my worries to rest. I really like the way MSE and SBIE work together, both extremely light on CPU.
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    FWIW, I am using SBIE 64 with EMET 3.0 on windows 7 64 bit.

    I have no problems yet.

    The policy I use is ALL 3rd party exe's I put into EMET so they can't use the bad program tricks EMET blocks.

    IF they get tagged by EMET I take them off the setup.
     
  5. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Short answer: Yes.

    Long answer: EMET makes it easy to set certain system settings that harden your computer against attacks. For example, ASLR (address space layout randomization) re-arranges certain data areas to prevent memory overflow attacks. This takes place on a level well below any piece of software, including Sandboxie. Therefore, Sandboxie can't stop it: the kernel will do it no matter what. So the settings provided by EMET will apply to everything that runs, sandboxed or not.
     
  6. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Im not sure if EMET 2.1 provides ASLR thou. Also SBIE not suppose to let anything out of its virtual system and I only use SBIE for Chrome and rarely friend's USB.
     
  7. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    I'm not sure, as I have 3.0 installed. But the principle is the same: the protection provided by EMET is so low-level that Sandboxie can't affect it.
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Sorry, my thinking is different. Since SBIE 64 is a 3rd party product I apply EMET 3.0 to IT ie SBIE itself. So on my set up I restrain SBIE and ALL 3rd party products.
     
  9. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Yes, it does apply to SBIE.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, you should add EMET. You'll need to allow an IPC exception to every sandbox you wish to use it with. The other option is to install EMET to the sandboxes you want to use it in.
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    What is the reason for the IPC exception?
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Apparently it's necessary for EMET to protect the program. I can't really remember the specifics - I haven't used Sandboxie in a few months.
     
  13. DR_LaRRY_PEpPeR

    DR_LaRRY_PEpPeR Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    141
    Location:
    St. Louis area
    EMET should automatically be detected in Software Compatibility, and enabled there... Which results in:

    Template=Microsoft_EMET

    appearing under [GlobalSettings] in Sandboxie.ini, thus Open*'ing the IPC path and WinClass in all sandboxes. :)

    Actually I don't think the IPC exception is even needed for EMET to work in sandboxed processes -- the IPC "object" is seemingly created just so the EMET GUI can "see" it and display the "Running EMET" checkmark.
     
Loading...
Thread Status:
Not open for further replies.