Service not implemented for Firefox

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Sandboxie User
Posts: 24
Joined: Thu Oct 29, 2015 12:39 am
Location: Australia m8

Service not implemented for Firefox

Post by Sandboxie User » Thu Sep 22, 2016 11:53 pm

Hi, according to this page, it says:
Kaspersky Products (2015, 2016, 2017)

Home Page: http://www.kaspersky.com

Problem: "Service not implemented" error when running Sandboxie and / or Sandboxie will crash with KS 2015/16/17 installed (Win 10, 8 & 8.1)

Solution: For Windows 7, you must add Sandboxie Folder to Kaspersky's 'Threats and Exclusions' section for KIS 2015/2016 in Windows 7.

For Windows 8/8.1 & Win 10 -KS 2015 and 2016/2017 is not compatible with Sandboxie. Kaspersky must NOT be installed, otherwise Sandboxie will not work.

IT'S BEST TO NOT HAVE ANY KASPERSKY PRODUCTS INSTALLED. DISABLING WILL NOT WORK. We've instructed KIS what they need to change in their code, at this time, they have not. Thus, their code disrupts Sandboxie.
And I have done that yet the problem still persist, so it doesn't work for Firefox? Check this
Untitled.png
Exclusion screenie
Untitled.png (26.37 KiB) Viewed 1240 times
and this
Capture.PNG
Service not implemented
Capture.PNG (36.26 KiB) Viewed 1240 times
attachment for screenshot.

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Re: Service not implemented for Firefox

Post by bo.elam » Fri Sep 23, 2016 5:26 pm

Kaspersky is not compatible with Sandboxie. You should uninstall it.

Bo

Sandboxie User
Posts: 24
Joined: Thu Oct 29, 2015 12:39 am
Location: Australia m8

Re: Service not implemented for Firefox

Post by Sandboxie User » Wed Oct 26, 2016 4:35 pm

bo.elam wrote:Kaspersky is not compatible with Sandboxie. You should uninstall it.

Bo
Sorry for late reply, got busy and forgot about this. :mrgreen: :|

So you're telling me I should give up my 30 years worth of licensing(Because that's how much I like Kaspersky as it's guarded me well over the past few years. It's split among computers in total of course - otherwise 30 years for a single computer does seem pretty silly and expensive) for Kaspersky Internet Security (KIS) and use what?

I tested this with previous versions of Sandboxie, and I found that version 3.76 seems to work perfectly fine(both Chrome and Firefox - with this new version neither Chrome or Firefox will open if you have KIS installed and running), however later versions don't...it seems you've done something that made it incompatible somehow..... Obviously the latest version should supposedly be more stable and bug free which is why I wish to run the latest version of Sandboxie over 3.76. :roll:

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2809
Joined: Wed Apr 22, 2009 9:17 pm

Re: Service not implemented for Firefox

Post by bo.elam » Wed Oct 26, 2016 5:23 pm

Sandboxie User wrote:..it seems you've done something that made it incompatible somehow....
As I understand it, ts old code leftovers in Kaspersky what interferes with Sandboxie. Thats why there is conflict and the result being that you cant use SBIE and KIS at the same time.

Bo

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: Service not implemented for Firefox

Post by Syrinx » Wed Oct 26, 2016 5:29 pm

https://forum.kaspersky.com/index.php?s ... &p=2483066
Issue with Sandboxie will be fixed in the future
https://forum.kaspersky.com/index.php?s ... &p=2491553
There is no release date right here & now.....other than it is on the list of known issues to be fixed.
https://forum.kaspersky.com/index.php?s ... &p=2540215
SBIE support:
Why KIS hooks at the level SBIE would for that process is unknown to our Devs and a bit troublesome for an A/V Product. Few, if any do that.
I understand where you are coming from and even some of the posts I didn't quote from the thread mirror my belief that prevention is better than containment and I've went on rants here about how the corporate Invincea products also seem to share this thought but the reality is just this:

Kaspersky changed something in their code that interferes with Sandboxie so unless Kaspersky is able to work around it and still keep the same level of protection (which seems to be implied from the responses quoted above) but just haven't gotten around to it... and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something. Regardless of who is at fault, a choice by the user will be required as they simply do not play well together at this time.

Unless you're on XP or Vista, 3.76 shouldn't be used (or even on those if at all possible), especially on x64 systems.
http://forums.sandboxie.com/phpBB3/view ... 90#p120187
It will stop working after certain updates. Version 5.05 of SBIE was broken after patch Tuesday updates back in Oct 2015 that rendered SBIE unusable in OS's from Win 7 through Win 10.
Goo.gl/p8qFCf

Sandboxie User
Posts: 24
Joined: Thu Oct 29, 2015 12:39 am
Location: Australia m8

Re: Service not implemented for Firefox

Post by Sandboxie User » Fri Oct 28, 2016 7:29 pm

bo.elam wrote:
Sandboxie User wrote:..it seems you've done something that made it incompatible somehow....
As I understand it, ts old code leftovers in Kaspersky what interferes with Sandboxie. Thats why there is conflict and the result being that you cant use SBIE and KIS at the same time.

Bo
ts old coode?
Syrinx wrote:https://forum.kaspersky.com/index.php?s ... &p=2483066
Issue with Sandboxie will be fixed in the future
Ok, that's nice to know.....
Syrinx wrote:https://forum.kaspersky.com/index.php?s ... &p=2491553
There is no release date right here & now.....other than it is on the list of known issues to be fixed.
Ok, at least they know it's a known issue and will be fixed, however it looks like they aren't even interested in getting it *done* asap...so I guess expect it to never be fixed...if ever?
Syrinx wrote:https://forum.kaspersky.com/index.php?s ... &p=2540215
SBIE support:
Why KIS hooks at the level SBIE would for that process is unknown to our Devs and a bit troublesome for an A/V Product. Few, if any do that.
Isn't that why KIS is among one of the best AV products to own on your computer...?
Syrinx wrote:I understand where you are coming from and even some of the posts I didn't quote from the thread mirror my belief that prevention is better than containment and I've went on rants here about how the corporate Invincea products also seem to share this thought
In general, yes prevention is better than containment in my opinion, however if prevention fails, at least you have a second layer that is containment to confine them. Also depending on the situation, containment would be better, for example if you're just testing something you suspect could be malware but would like to still see what it does - so analysis of malware. But the reason why I run Sandboxie is for a two protection system, prevention being the first that gets hit by malware and if that fails, at least I have containment....and if both fail...well then I'm big (censored). hahaha
Syrinx wrote: but the reality is just this:

Kaspersky changed something in their code that interferes with Sandboxie so unless Kaspersky is able to work around it and still keep the same level of protection (which seems to be implied from the responses quoted above) but just haven't gotten around to it... and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something. Regardless of who is at fault, a choice by the user will be required as they simply do not play well together at this time.
If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?

Ok, so I tried other browsers, and it looks like Opera works with the latest version of Sandboxie AND KIS running. So how come Opera works but not Chrome or Firefox? Maybe we need to pull the devs from Chrome and Firefox into this mess too?

Agh, frustrating that I can't use my favorite web browser with Sandboxie as it would seem KIS is to blame...... :evil:
Syrinx wrote:Unless you're on XP or Vista, 3.76 shouldn't be used (or even on those if at all possible), especially on x64 systems.
http://forums.sandboxie.com/phpBB3/view ... 90#p120187
It will stop working after certain updates. Version 5.05 of SBIE was broken after patch Tuesday updates back in Oct 2015 that rendered SBIE unusable in OS's from Win 7 through Win 10.
64-bit Windows XP doesn't even work with Sandboxie as I've discovered already and I don't have any computers running Vista.

Pretty lame, owning both KIS and Sandboxie and I have to choose between the two if I want to run Firefox....... :roll: :cry: :( *sigh*

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: Service not implemented for Firefox

Post by Syrinx » Fri Oct 28, 2016 10:48 pm

If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?
Not exactly, no. Sbie 4.x was a huge redesign. 3.x and below used kernel hooks (major reason it didn't work with x64) and a specific deny approach. With 4.x that got turned around to use ANONYMOUS LOGON [think default deny] and making certain things which it is normally blocked from accessing 'allowed' via the service and some internal rules. That's what I get from it anyway, that may not be accurate...Anyway, I played with it a little tonight for the first time:

I haven't tested this thoroughly and I'm sure you lose some, if not most, of the extra protections kaspersky might offer for browsers but here's a potential workaround:
Only tested on a Windows XP VM with SBIE 5.14 & a trial of Kaspersky Total Security 17.0.0.611 so far...

In sandboxie and the box you want to use with firefox (I suggest having a separate one)
Sandbox Settings > Resource Access > File Access > Blocked Access > Edit/Add

Code: Select all

*klsihk*.dll
This allowed me to launch firefox sandboxed without all the service errors or crashes. Even if it works for you I can't say how much doing this will amputate Kasperskys other protections but if you really want to use both of them together it might be worth considering as a possible workaround? Assuming it even works for you like it did me of course....
Goo.gl/p8qFCf

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: Service not implemented for Firefox

Post by Syrinx » Sat Oct 29, 2016 10:49 am

Did a couple more tests on Windows 7 x64 / Windows 10 x64 with SBIE 5.14, Kaspersky and Firefox.
Blocking that dll seemed to do the trick in both of them as well but my tests were not extensive.

I'm guessing that the problem is somehow related to its attempts at hooking KiUserCallbackDispatcher? Beyond that guess though I haven't a clue what's actually going on.
Goo.gl/p8qFCf

Syrinx
Sandboxie Guru
Sandboxie Guru
Posts: 620
Joined: Fri Nov 13, 2015 4:11 pm

Re: Service not implemented for Firefox

Post by Syrinx » Wed Nov 02, 2016 12:23 am

After testing it myself (see above) and figuring out what was causing this issue I felt the need to update/correct an area where I had posted before.
and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something.
Now that I (believe I) understand what's going on this statement is incorrect. [That is of course if I actually found the issue at hand]
Before I had assumed it was some kernel level struggle but that doesn't seem to be the case from what I have seen.

It doesn't have to do with SBIE being unable to access something (or do its job) but instead it is Kaspersky attempting to do something via this dll [inside the box/program] which Sandboxie is unwilling to let it do. Sure, Invincea could likely add a routine to allow it to pass through but then malware could also use this avenue in an escape attempt. /cough

As I don't understand the Windows APIs enough to say one way or the other (heck, maybe I'm completely wrong!) I wouldn't feel correct saying that Sandboxie is in the right here but I do wonder why Kaspersky would attempt a userland hook for an API that is meant to run usermode code from a kernel process. /me just got a headache from trying to sound like I know what I'm talking about, I DON'T!
[This implies to me that such a kernel process already exists and expects to handle it but like I said, I'm not a Windows pro (or any type of dev) so, doh!] Surely it would make more sense to control this via a driver or service to start with? Anyway, I'm just talking out my butt here so please feel free to ignore my likely incorrect drunken ramblings on this one...

/me is ready fer skool! :D
Goo.gl/p8qFCf

Sandboxie User
Posts: 24
Joined: Thu Oct 29, 2015 12:39 am
Location: Australia m8

Re: Service not implemented for Firefox

Post by Sandboxie User » Tue Dec 27, 2016 9:56 pm

That's right, I had a thread going on on this topic that I must have forgotten about, sorry!
Syrinx wrote:
If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?
Not exactly, no. Sbie 4.x was a huge redesign. 3.x and below used kernel hooks (major reason it didn't work with x64) and a specific deny approach. With 4.x that got turned around to use ANONYMOUS LOGON [think default deny] and making certain things which it is normally blocked from accessing 'allowed' via the service and some internal rules. That's what I get from it anyway, that may not be accurate...
I see......
Syrinx wrote:Anyway, I played with it a little tonight for the first time:

I haven't tested this thoroughly and I'm sure you lose some, if not most, of the extra protections kaspersky might offer for browsers but here's a potential workaround:
Only tested on a Windows XP VM with SBIE 5.14 & a trial of Kaspersky Total Security 17.0.0.611 so far...

In sandboxie and the box you want to use with firefox (I suggest having a separate one)
Sandbox Settings > Resource Access > File Access > Blocked Access > Edit/Add

Code: Select all

*klsihk*.dll
This allowed me to launch firefox sandboxed without all the service errors or crashes. Even if it works for you I can't say how much doing this will amputate Kasperskys other protections but if you really want to use both of them together it might be worth considering as a possible workaround? Assuming it even works for you like it did me of course....
Holy (censored); it works! Hmmmm, how do you know this cuts out some of Kaspersky's protection? Without know what protections is cut out, I have no idea if I'm walking into an abyss - thus right into my doom, that's in a pitch black room or if I'm walking into a door that opens to all things I ever wanted(also in the same pitch blackness)!

Wait a second.....there's been no record of *anything* ever escaping Sandboxie right...? So this should be a good enough general fix for anyone who uses firefox and Kaspersky product? Though I guess it would be nice if malware was suddenly discover when browsing on random sites, and if Kaspersky can't block it(thus preventive measures - it has blocked a few *malicious* links I've randomly come across on dodgy sites whilst sandboxing), at least Sandboxie will *hopefully* contain it.....but what if Sandboxie(first wall that malware has to break through sine Kaspersky's probably disabled? in Sandboxie) can't contain it is what I'm worried about? Sure don't visit random dodgy sites, but then what's the point of me having a license for Sandboxie if the purpose *was* to visit dodgy site so that any malware picked along the way is contained, which is what Sandboxie intentions(well overall in general it's intention is to contain everything, but I'm using it so that in the case of me receiving malware, it's at least contained and not screwing up my computer....haha) are?!
Syrinx wrote:
Syrinx wrote:Did a couple more tests on Windows 7 x64 / Windows 10 x64 with SBIE 5.14, Kaspersky and Firefox.
Blocking that dll seemed to do the trick in both of them as well but my tests were not extensive.

I'm guessing that the problem is somehow related to its attempts at hooking KiUserCallbackDispatcher? Beyond that guess though I haven't a clue what's actually going on.
Syrinx wrote:After testing it myself (see above) and figuring out what was causing this issue I felt the need to update/correct an area where I had posted before.
and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something.
Now that I (believe I) understand what's going on this statement is incorrect. [That is of course if I actually found the issue at hand]
Before I had assumed it was some kernel level struggle but that doesn't seem to be the case from what I have seen.

It doesn't have to do with SBIE being unable to access something (or do its job) but instead it is Kaspersky attempting to do something via this dll [inside the box/program] which Sandboxie is unwilling to let it do. Sure, Invincea could likely add a routine to allow it to pass through but then malware could also use this avenue in an escape attempt. /cough

As I don't understand the Windows APIs enough to say one way or the other (heck, maybe I'm completely wrong!) I wouldn't feel correct saying that Sandboxie is in the right here but I do wonder why Kaspersky would attempt a userland hook for an API that is meant to run usermode code from a kernel process. /me just got a headache from trying to sound like I know what I'm talking about, I DON'T!
[This implies to me that such a kernel process already exists and expects to handle it but like I said, I'm not a Windows pro (or any type of dev) so, doh!] Surely it would make more sense to control this via a driver or service to start with? Anyway, I'm just talking out my butt here so please feel free to ignore my likely incorrect drunken ramblings on this one...

/me is ready fer skool! :D
err, what is Kaspersky trying to do inside the box? How could malware use this as an escape route if they've keyed it in with Kaspersky's signature? Unles the malware writers somehow now have access to and is using Kaspersky's digital signature - there's no way they can use it as an escape route....well you would assume, with such a software as this that's touted to contain *anything* and *everything* without fail, they would at least use some sort of verifier(that's not a word?) to verify the authenticity of Kaspersky to a malware pretending to be it and escaping through that hole....

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests