Search the Community
Showing results for tags 'sandbox'.
Found 3 results
Hey there, I'm trying to build a home sandbox for learning and filtering processes. I'm using Python to run files into a VM, open them there for behavioral analysis and scan and then pass on to the network. I was hoping to use Malwarebytes inside the VM to do a prescan of the file (having the python script run it silently) and then also collect the logs from the background running MBAM process for behavioral analysis. And while the latter part is doable (more or less, cause if it finds something, it'll pop up the GUI and I only need the logs), the former is now apparently not. Do you and when do you expect the mbamapi or the old CLI features to return to the home version of your excellent product?
I understand there's tricks/exploits certain malware use to fool the user who is running an infected application sandboxed that it is safe. But how does it do that? I recently came across a file I scanned in an online sandbox which upon execution, launched 2 RATs that installed themselves along with adware applications that bombed the sandbox with downloads to millions of ads. I know developers can 1. Put out a fake warning to make it seem like the application errored and nothing malicious has launched 2. Use exploits to break out of the sandbox and infect the PC(rarely seen this myself) Knowing that, is there any way for them to detect a online sandbox? It seems to me that the online sandbox is fool-proof because it just works so perfectly and everytime sandboxie launched no malware, the online sandbox would show me that it actually did launch something else along with saying that it tried to detect the sandbox using a certain method. In conclusion, what methods does malware use to detect VMs/sandboxes(VMs is kind of easy to figure out) and is there a way for the developers to fool online sandboxes. Im talking about professional malware developers not script kiddies with RATs.
I'll cut to the chase. I recently started up both Opera and Chrome (latest versions) to find them showing a blank screen. Troubleshooted this on the web and got both working using the '-no-sandbox' flag. Dig some more digging and it seemed to be linked to security software, so after testing I discovered the blank screen shows up whenever MBAM's Exploit Protection module is enabled. Disable this - or switch off protection for those two apps under 'Manage Protected Applications' - and both apps launch with no problem. Has anyone else encountered this, or is it just me? Thanks for any input you can give. Platform: Windows 10 MBAM version: 188.8.131.529, Component package version: 1.0.96, Update package version: 1.0.1673