Sandboxie Support

thanks tzuk so we dont need drop rights anymore!

i have exactly the same problem too

confirmed. 4.01.05 is faster than previous 4.01.x i had also some slowness issues too.tnx tzuk

hi. actualy is the windows weak t2embed.dll true type font engine vulnerability and not a sandboxie weak architecture duqu (stuxnet family) can explot exactly that to access kernel to bypass all(?) security programs a temporary workaround is :Resource Access > File Access > Blocked Access and add c:...

thanks tzuk ,buster and all of you for your efforts about our beloved sandboxie BTW 4.01.04 is runnning smoothly win 7 64 bit

finaly a POC ,this will help for sure thanks buster

UPDATE: trojan gabz cant run in my sandboxie 3.76 64 bit maybe its sandboxie aware but i dont care
but is this the real trojan tha buster mentioned?

theoretically as tzuk said the sandboxie will isolate it perfectly i just received a sample of that trojan and i will try it in the real sytem :twisted: i hope its the right trojan as buster mentioned i want to see if the SetWindowLong and SetWindowLongPtr can be used to bypass sandboxibe be patient...

hi . as tzuk said "I would like to revise my earlier comments about this. I was reading up on this a bit and it seems that a process can't use SetWindowLong (or SetWindowLongPtr) to adjust the window procedure address for a window which belongs to another process. " according tzuk the gabz cant work...

confirmed: its a gabz family variant B and injecting a shellcode into explorer.exe address space how it works: http://www.welivesecurity.com/2012/12/27/win32gapz-steps-of-evolution/ it uses 5 steps 1. Open one of the shared sections from BaseNamedObjects mapped into explorer.exe address space, and w...

This is variant B. I have this malware sample and I will test it soon. Thanks!

might SE7EN can help here

indeed after Peter2150 comments i think something strange is happening here

anyway buster said sbie 3.76 and 4.01 is vulnerable and due to security reasons my opinion is to inform users til the fixed release

sorry buster my bad i was in a hurry do u know if this can work in 4.0.3 too?

nice find but its a serious issue how come an old trick (2008) can still work in the new releases
so for a 5 years a go users had a false sence of security??
this topic worth a high attention !!