Jump to content

Recommended Posts

As far as I am aware there is no workaround yet. I've tried the 'injectdll' function of sandboxie but I haven't been able to get it working yet.

If you do find a work around. Please post it here, I believe there are quite some people who would like to know around here. (Me for starters.)

Link to post
Share on other sites

Hello, there is already a a fix with this. You must configure your shortcut for the sandboxed browser to be launched by explorer.exe. If you are using Pro version of Sandboxie, just use the forced program feature. Another method is to run explorer.exe sandboxed, search for your browser and run it there. 

Link to post
Share on other sites

Interesting, thanks Conan!!

 

I will post your workaround in the MBAE Known Issues & Conflicts list.

Hello, after reading in the Sandboxie forums, what I posted is for EMET to work with Sandboxie. I haven't tested if it also would work with MBAE (I think it would still work with what I mentioned but a template, I think is needed to be added in Sandboxie). Sorry for the confusion (since I have been using EMET and MBAE and removed Sandboxie)

Link to post
Share on other sites

I've given it a try, so far no luck.

I opened "my computer" sandboxed, thus opening a windows explorer window (taskmanager confirms the process behind it is explorer.exe). Than I opened the exploit-test which came with MBAE, it worked flawlessly (the exploit) thus the calculater opened.

Than I ran firefox from the same sandboxed windows explorer window. MBAE doesn't show a thing. ProcessExplorer does not indicate any injected dll's.

If this wasn't the procedure meant, please correct me so I can try again.

Link to post
Share on other sites

I know this runs counter to the experiences of some other users.

 

My W7 Pro 64-bit SP1 OEM Up to date system is currently running:

 

MBAE 0.09.5.0250 Preview

EMET 4.1 w/Deep Hooks and Maximum security settings

Sandboxie 4.07.05 (64-bit) beta Paid/Registered

 

I do not have any known workarounds in place.

 

From the attached JPEG, you can see, in the background, MBAE+EMET+SBIE.

 

I am experiencing continuous trouble launching the new TOR-Browser-Bundle 3.5 in a sandbox.  [Reported to SBIE]

 

and

 

MBAE blocks Opera 12.16 with certain web sites.  [Reported to Pedro]

 

But that's it...

 

YMMV :)

post-17252-0-16737800-1388485406_thumb.j

Link to post
Share on other sites

I know this runs counter to the experiences of some other users.

 

My W7 Pro 64-bit SP1 OEM Up to date system is currently running:

 

MBAE 0.09.5.0250 Preview

EMET 4.1 w/Deep Hooks and Maximum security settings

Sandboxie 4.07.05 (64-bit) beta Paid/Registered

 

I do not have any known workarounds in place.

 

From the attached JPEG, you can see, in the background, MBAE+EMET+SBIE.

Forgive me, but are the browsers definitely being sandboxed when MBAE shows them to be protected? You don't show the Sandboxie Control window.

Link to post
Share on other sites

After further review...  :(

 

Embarrassingly I must fully retract my results in post #15 above in this thread as it is a misrepresentation of the true facts.  I failed to double-check my work before I posted.  I truly apologize to all that have been mislead.

 

Indeed it appears that Sandboxie 4.07.05 blocks the injection of mbae.dll in my browsers.  The true and more complete picture of my results are attached below.

 

henryg_1:   I support your original post and I apologize for my misleading answer to your question above.

 

Pedro: The mbae-test operates thusly: Normal = Launches the Calculator while Exploit = Exploit Blocked message.  Yes - I still lurk Usenet as gems of wisdom still surface from time to time.  My first email account was opened in 1987.

post-17252-0-72284200-1388784281_thumb.j

Link to post
Share on other sites

After further review...  :(

 

Embarrassingly I must fully retract my results in post #15 above in this thread as it is a misrepresentation of the true facts.  I failed to double-check my work before I posted.  I truly apologize to all that have been mislead.

 

Indeed it appears that Sandboxie 4.07.05 blocks the injection of mbae.dll in my browsers.  The true and more complete picture of my results are attached below.

 

henryg_1:   I support your original post and I apologize for my misleading answer to your question above.

 

Certainly no apology needed.  Kaspersy now seems to be working again with HitmanPro.Alert, and as the latter works with Sandboxie, for my purpose it is the better solution.

 

 

Henry

Link to post
Share on other sites

Did you run the mbea-test sandboxed?

(I don't expect so but I'd like to be sure.)

 

If you did, then there is still hope! :)

 

Hello Durew:

 

Yes.  I ran the mbae-test.exe while I had Firefox 26.0 within a v4.07.05 64-bit beta sandbox and the exploit test produced what is captured in the attached JPEG.

 

Does this answer your question?  :)

post-17252-0-89367100-1388845982_thumb.j

Link to post
Share on other sites

Certainly no apology needed.  Kaspersy now seems to be working again with HitmanPro.Alert, and as the latter works with Sandboxie, for my purpose it is the better solution.

 

 

Henry

 

Hello Henry:

 

Congratulations on your successful experience.

 

IMHO, MBAE is maturing quite nicely to the extent that soon users can re-examine their use of EMET & hmp.alert  :)

Link to post
Share on other sites

Hello Durew:

 

Yes.  I ran the mbae-test.exe while I had Firefox 26.0 within a v4.07.05 64-bit beta sandbox and the exploit test produced what is captured in the attached JPEG.

 

Does this answer your question?  :)

 

It does, thanks for the reply. The picture you included confiremd my "worst fear". :(

I hoped you ran mbae-test.exe by left-clicking->'run sandboxed', but the picture and your description indicate that you ran the test outside the sandbox (while another program, firefox, was sandboxed). On my machine mbae-test.exe gives a, sandboxed, calculator whenever I try use mbae-test.exe in one of my sandboxes/under the supervision of sandboxie (see picture). I hoped you got a different result.

 

Ah, well. Let's go find invincea's costumer support for sandboxie.

post-146800-0-73841900-1389523387_thumb.

Link to post
Share on other sites

It does, thanks for the reply. The picture you included confiremd my "worst fear". :(

I hoped you ran mbae-test.exe by left-clicking->'run sandboxed', but the picture and your description indicate that you ran the test outside the sandbox (while another program, firefox, was sandboxed). On my machine mbae-test.exe gives a, sandboxed, calculator whenever I try use mbae-test.exe in one of my sandboxes/under the supervision of sandboxie (see picture). I hoped you got a different result.

 

Ah, well. Let's go find invincea's costumer support for sandboxie.

 

Hello Durew:

 

Of course I'd prefer Pedro to weigh in on this, but I wonder if sandboxing his mbae-test.exe, defeats the purpose of the exploit test itself?

 

In my system above, when mbae-test is sandboxed, and MBAE is active, mbae-test's Exploit allows calc.exe to launch.

 

As for Invincea, I believe that they may have somehow brought about "tzuk's" untimely departure and it may be an insufferably long time before any useful advances come out of the Sandboxie project.  Pity!

 

My 2 cents...

Link to post
Share on other sites

  • Staff

It is normal that the exploit test executes calc.exe when within Sandboxie, as there is no exploit protection running within Sandboxie. Even if you have MBAE installed, Sandboxie prevents it from injecting applications that are run within Sandboxie. That's why the exploit is able to run within Sandboxie.

Link to post
Share on other sites

Hello Henry:

 

Congratulations on your successful experience.

 

IMHO, MBAE is maturing quite nicely to the extent that soon users can re-examine their use of EMET & hmp.alert  :)

And now it doesn't <sigh>.

 

So it's back to MBAE, but does it actually protect me? 'Support' told me in an email that it would not stop Cryptolocker getting on a clean system if the payload was run, so WTF does it do? Isn't a program seeking to encrypt everything an action worthy of user confirmation to proceed?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.