Sandboxie Support

Sandboxie already protects the MBR oneder... Sandboxie protects against everything that I have thrown at it and yes I should of stated that the Seftad Ransomware sample is contained if run sandboxed. MBRguard could be a usefull install where the user is too lazy to use a decent security app like Sa...

There are now root-kits that hi-jack the Master Boot record in order to load their drivers into windows, and hide themselves. You could have a look at MBRguard for 32 bit installs? http://www.blueridgenetworks.com/support/mbguard/mbguard.php Tested against Seftad Ransomware sample and MBRguard prot...

If I run the installer for the rogue AV "Antivirus 8" via SB then try to grab a snip of the rogue the Snipping Tool seems to lock up till I terminate the rogue installer.

As soon as it's terminated the snip proceeds.

!http://www.mediafire.com/file/ep26e980c ... 3_brs7.rar

Excellent Buster. Will give it a whirl in a little while.

Buster wrote:I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Sounds good buster, wouldn't mind a look at it if OK by you.

The batchflie must be already running before executing the malware . This may be nice for those testing malware (not me!) :wink: Franklin and I are always testing malware so the batch works a treat in not having to reset with these screenlockers. :wink: On my XP VM's where I'm not using SB I point ...

Ok thanks tzuk. For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open. Thanks to majoMo wilders. ::30=30 sec. @echo off :START ping 127.0.0.1 -n 30 > nul start "" "C:\Program Files\Sandboxie\Start....

Built in dedicated Hotkeys that can't be circumvented to the terminate command would be of help against some ransom/screenlockers type malware.

I know they are contained but hotkeys could save a reset.

Beta version 3.51.08 seems to have fixed this one.

SB beta 3.51.06 - Win 7

Realised that if I have four exes sitting on desktop outside the sandbox and open a sandboxed FF then browse for files on desktop to upload to Virus Total.

Even if I don't upload any of the four exes they can't be deleted till I shutdown the sandboxed FF.

Thanks for testing nick s. Hotkeys pointing to SB's terminate.bat works fine in killing that sample as do hotkeys pointing to RogueKiller which I keep handy. http://www.sur-la-toile.com/RogueKiller/ The latest sample I posted the hotkeys don't seem to work in an XP VM. If ran sandboxed the rogue is ...

For those that can't test the first sample via Sandboxie/Win 7 then try the one below via Sandboxie/XP.

My hotkeys pointing to Terminate.bat doesn't work with this one.

Warning - PRON.
!http://www.mediafire.com/file/lb98consx ... btkzhr.rar

Thanks for testing fellas.

Don't think it's much to worry about

The KSAFE.exe must be running in memory or something as I can't grab it from anywhere but shows in Task Manager and SB's gui.

Funny how it was the very first exe I tried after updating to the latest beta.

Hmmm, seems it might be just this one sample that I picked up and ran as I'm not getting the prompt with other samples. It was the very first exe I ran after installing the latest beta. You may wanna have a look? !http://www.mediafire.com/file/vx97buno2279xj6/setup4.rar http://www.virustotal.com/fil...

XP VM, SB beta 3.51.03

If I run an exe from desktop in a default sandbox then delete the contents the exe I ran is prompted to recover.