Strange problem with AppLocker & Sandboxie 4.01.05

Discussion in 'sandboxing & virtualization' started by Sadeghi85, Apr 13, 2013.

Thread Status:
Not open for further replies.
  1. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    I use AppLocker with dll blocking and only use default rules. It was working fine with Sandboxie 3.76, but today I installed 4.01.05 and get an error every time I want to open any program in sandboxie(default sandbox). Anyone else have this problem?

    Sandboxie error:
    Untitled.png

    AppLocker error:
    Untitled.jpg
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    You might want to post this on the Sandboxie forum. Tzuk doesn't respond to problems posted anywhere else.

    Pete
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    The default dll rules don't look to cover non-microsoft dll's for that particular location. It looks like you'll have to create either a Path, Hash or Publisher rule for it.
     
  4. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    @Peter: Done:http://www.sandboxie.com/phpbb/viewtopic.php?p=88889#88889

    @wat:

    rpcepmap.dll is microsoft dll. btw the default rule is a path rule that covers all dlls inside Windows folder.

    Could the reason be the new change to use "anonymous logon"? The default rule is written for "Everyone" group and that probably doesn't include anonymous user?
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm not experiencing that behavior. Perhaps, a third-party conflict?
     
  6. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    I set up a fresh Widows 7 VM, set up AppLocker with dll blocking + default rules -> restart -> installed Sandboxie 4.01.05 -> restart -> clicked on "Sandboxed Web Browser" shortcut

    Same problem, so it should be reproducible for everyone & definitely no third-party app involvement.

    List of dlls that were blocked:

    %SYSTEM32%/IMM32.DLL
    %SYSTEM32%/SXS.DLL
    %SYSTEM32%/RPCEPMAP.DLL
    %SYSTEM32%/UXTHEME.DLL (5 times)
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Unfortunately, I cannot start a fresh system to see if it would happen there, but in this one (Windows 7 SP1 32-bit) I don't have such problem.

    OK. I imagine it has nothing to do with it, but it won't hurt to check. Have you applied Microsoft's hotfix for AppLocker? I have applied it, when it came out sometime ago. Maybe this could be it? :doubt:
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Sorry I missed it was a MS Windows dll.

    I don't use defaults so not sure. Does that one path rule %Windir%\* actually resolve to subfolders of the Windows directory? If from a command line you "echo %Windir%" it returns C:\Windows. Just for kicks, what happens if you create a DLL Path rule with path %System32%\*. Does that resolve the issue?
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The default rule for %Windir%\* is enough, due to recursing to all files and subfolders. But... one never knows...

    Out of curiosity, have you (Sadeghi85) checked if Application Identity service is running? I recall that in the past I had issues with AppLocker because for some reason the Application Identity service wasn't running.
     
  10. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    I don't have the hotfix, where do I get it? What does it fix?


    No, it still occurs.

    Yes, that service is running.
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Download and info here: -http://support.microsoft.com/kb/2532445

    Report back! :) (I hope this helps fixing your issue, because it's weird that it also happened in a clean environment.)
     
  12. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    It worked! :D

    However... There is now another problem. :(

    If I try to run an exe on desktop inside sandbox, Sandboxie correctly gives this error:
    Windows 7 x64 - Sandboxie 4-2013-04-14-22-21-54.png

    To bypass that error I'd tick "Run As UAC Administrator" checkbox, but now it doesn't work and gives same error as above, it used to work with v3.76.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's great!

    Yes, I came across that kind of error as well. Not sure if it's how Sandboxie v4 now works. But, what I did was to create a folder (example in your Desktop), and then create a rule in AppLocker to allow both *.Exe and *.DLL (just in case) for that folder, and force this folder to run in a sandbox. You may also restrict start/run access in the sandbox settings to a bogus process, when you don't need to allow installers/etc. I also whitelist the needed sandbox folders either by path or hash rules.
     
  14. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    That's too much work! :D
    I want everything to work with default settings. Let's see what tzuk will come up with.
     
Loading...
Thread Status:
Not open for further replies.