[.06] Conflict with Online Armor in new beta

Listing issues addressed in beta version 4.01
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Apr 10, 2013 9:58 am

It's probably not the Hasher program per se Blues. More likely some conflict/incompatibility with forced program in general. In any case I tried it just now but I still get normal and expected behavior.

Do you guys use any other security software in the mix?
tzuk

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Wed Apr 10, 2013 10:21 am

tzuk wrote:It's probably not the Hasher program per se Blues. More likely some conflict/incompatibility with forced program in general. In any case I tried it just now but I still get normal and expected behavior.

Do you guys use any other security software in the mix?
I'm pretty sure that Pete uses AppGuard and NVT ExeRadar Pro if I recall correctly.

I just run (in real-time) Sandboxie with OA and Emsisoft Anti-Malware. (I scan manually with MBAM Pro.)
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Wed Apr 10, 2013 10:36 am

Tzuk,

A little bit later when I have a moment and have backed up my system with a new image, I'll install the latest SBIE beta and try again.

That would be the one remaining question mark since I already know that the forced folder issue is not happening with 3.76 and either the OA beta or stable release.

I'll report results as soon as possible.
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Wed Apr 10, 2013 12:06 pm

Tzuk, I can confirm that the issue still exists.

I downloaded and installed the new beta you released today. (Installed on top of 3.76)

Ran "Hasher" from my forced downloads folder and system became unresponsive. I could see after some time that SBIE was trying to load the app in the designated sandbox but it was not completed successfully and I could neither terminate the sandbox nor reboot without a hard reset.

Reinstalled 3.76 and ran "Hasher" from the forced downloads folder and it ran as normal.

So, at least now we know that it's neither the OA beta nor stable release of OA which is at the heart of the matter as both run the forced folder and executable fine under 3.76.

Wish I had better news to report. I'll be sticking with 3.76 until a resolution to the issue can be found.
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Wed Apr 10, 2013 1:38 pm

Tzuk

I did some further testing. As Blues said I normally run OA in a muted mode(I have Program Files and Windows excluded) and NVT's ExeRadarPro (ERP and Appguard.

To narrow things down here is the test mode. I ran all tests from the desktop by right clicking leaktest.exe(GRC) and telling it to run sandboxed. SBIE 4.01.04 OA 1798 Appguard 3.4.2

1. If I exclude the Desktop in OA everything is fine. If I drop the exclusion leaktest gives an application error. To run this test Appguard is in install mode

2. I uninstalled NVT's ERP and re tested. Same result.

3. I installed Appguard and re tested. Again same result (At this point it was just OA and SBIE 4.01.04

4. I removed the IPC statement for ERP to work with SBIE and re tested. Again same result

5. Re installed SBIE 3.76 and this time everything worked fine.

I may test again with 4.01.05

Pete

PS You should now have OA 1798

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Wed Apr 10, 2013 1:39 pm

Blues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?

(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)
Hi Blues

I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.

Pete

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Wed Apr 10, 2013 1:55 pm

Hi Tzuk

Just retested with 4.01.05 No change in the results.

Pete

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Wed Apr 10, 2013 3:40 pm

Peter2150 wrote:
Blues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?

(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)
Hi Blues

I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.

Pete
No problem, Pete. I was able to do it and posted results above. (I'm back to 3.76 for now as stated.)
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Apr 11, 2013 9:04 am

Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.
tzuk

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Thu Apr 11, 2013 9:56 am

tzuk wrote:Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.
That's great Tzuk. I have no doubt you will figure it out.

Pete

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Thu Apr 11, 2013 10:01 am

Thanks Tzuk and Pete. I'll look forward to hearing what you come up with.
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Apr 22, 2013 6:41 am

Please check version 4.01.06.

Please note: From my checks and my point of view, it seems the Online Armor Program Guard component gets locked up,
when it is running in the context of a program that is supervised by Sandboxie v4 and trying to block access to some resource.

My workaround is for programs in the sandbox to bypass some of the hooks placed by Program Guard. This may not work in all system configurations as other hooks inserted by other security software may confuse this workaround.

Also, the workaround is currently limited to the few Program Guard hooks that I found to be relevant. You may still get lock up,
in that case please tell me which program is triggering the lock up. It is easy to find out which program triggered the lock up,
by restarting the computer after the lock up, and inspecting the History view in Online Armor and locate a history entry for a
resource that was blocked.
tzuk

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Mon Apr 22, 2013 7:53 am

Will test later and post results.

Thanks Tzuk

Pete

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Post by Peter2150 » Mon Apr 22, 2013 8:48 am

Okay. Tested and for me it works beautifully. But be warned I am excluding both Windows and Program Files, so I may be seeing limited exposure.

Anyway for me it's perfect.

Thank you Tzuk

Pete

Blues
Posts: 214
Joined: Sun May 10, 2009 7:37 pm
Location: Blue Ridge Mtns

Post by Blues » Mon Apr 22, 2013 9:22 am

I'll download and give it a try later this morning or afternoon and report back.
Blues

Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV

On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect

Locked

Who is online

Users browsing this forum: No registered users and 0 guests