[.06] Conflict with Online Armor in new beta
I'm pretty sure that Pete uses AppGuard and NVT ExeRadar Pro if I recall correctly.tzuk wrote:It's probably not the Hasher program per se Blues. More likely some conflict/incompatibility with forced program in general. In any case I tried it just now but I still get normal and expected behavior.
Do you guys use any other security software in the mix?
I just run (in real-time) Sandboxie with OA and Emsisoft Anti-Malware. (I scan manually with MBAM Pro.)
Blues
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Tzuk,
A little bit later when I have a moment and have backed up my system with a new image, I'll install the latest SBIE beta and try again.
That would be the one remaining question mark since I already know that the forced folder issue is not happening with 3.76 and either the OA beta or stable release.
I'll report results as soon as possible.
A little bit later when I have a moment and have backed up my system with a new image, I'll install the latest SBIE beta and try again.
That would be the one remaining question mark since I already know that the forced folder issue is not happening with 3.76 and either the OA beta or stable release.
I'll report results as soon as possible.
Blues
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Tzuk, I can confirm that the issue still exists.
I downloaded and installed the new beta you released today. (Installed on top of 3.76)
Ran "Hasher" from my forced downloads folder and system became unresponsive. I could see after some time that SBIE was trying to load the app in the designated sandbox but it was not completed successfully and I could neither terminate the sandbox nor reboot without a hard reset.
Reinstalled 3.76 and ran "Hasher" from the forced downloads folder and it ran as normal.
So, at least now we know that it's neither the OA beta nor stable release of OA which is at the heart of the matter as both run the forced folder and executable fine under 3.76.
Wish I had better news to report. I'll be sticking with 3.76 until a resolution to the issue can be found.
I downloaded and installed the new beta you released today. (Installed on top of 3.76)
Ran "Hasher" from my forced downloads folder and system became unresponsive. I could see after some time that SBIE was trying to load the app in the designated sandbox but it was not completed successfully and I could neither terminate the sandbox nor reboot without a hard reset.
Reinstalled 3.76 and ran "Hasher" from the forced downloads folder and it ran as normal.
So, at least now we know that it's neither the OA beta nor stable release of OA which is at the heart of the matter as both run the forced folder and executable fine under 3.76.
Wish I had better news to report. I'll be sticking with 3.76 until a resolution to the issue can be found.
Blues
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Tzuk
I did some further testing. As Blues said I normally run OA in a muted mode(I have Program Files and Windows excluded) and NVT's ExeRadarPro (ERP and Appguard.
To narrow things down here is the test mode. I ran all tests from the desktop by right clicking leaktest.exe(GRC) and telling it to run sandboxed. SBIE 4.01.04 OA 1798 Appguard 3.4.2
1. If I exclude the Desktop in OA everything is fine. If I drop the exclusion leaktest gives an application error. To run this test Appguard is in install mode
2. I uninstalled NVT's ERP and re tested. Same result.
3. I installed Appguard and re tested. Again same result (At this point it was just OA and SBIE 4.01.04
4. I removed the IPC statement for ERP to work with SBIE and re tested. Again same result
5. Re installed SBIE 3.76 and this time everything worked fine.
I may test again with 4.01.05
Pete
PS You should now have OA 1798
I did some further testing. As Blues said I normally run OA in a muted mode(I have Program Files and Windows excluded) and NVT's ExeRadarPro (ERP and Appguard.
To narrow things down here is the test mode. I ran all tests from the desktop by right clicking leaktest.exe(GRC) and telling it to run sandboxed. SBIE 4.01.04 OA 1798 Appguard 3.4.2
1. If I exclude the Desktop in OA everything is fine. If I drop the exclusion leaktest gives an application error. To run this test Appguard is in install mode
2. I uninstalled NVT's ERP and re tested. Same result.
3. I installed Appguard and re tested. Again same result (At this point it was just OA and SBIE 4.01.04
4. I removed the IPC statement for ERP to work with SBIE and re tested. Again same result
5. Re installed SBIE 3.76 and this time everything worked fine.
I may test again with 4.01.05
Pete
PS You should now have OA 1798
Hi BluesBlues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?
(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)
I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.
Pete
No problem, Pete. I was able to do it and posted results above. (I'm back to 3.76 for now as stated.)Peter2150 wrote:Hi BluesBlues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?
(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)
I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.
Pete
Blues
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Real-Time: Sandboxie (Lifetime), Online Armor Premium, Webroot SecureAnywhere AV
On Demand: Shadow Defender, MBAM Pro, HitmanPro, Drive Snapshot / Macrium Reflect
Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.
tzuk
That's great Tzuk. I have no doubt you will figure it out.tzuk wrote:Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.
Pete
Please check version 4.01.06.
Please note: From my checks and my point of view, it seems the Online Armor Program Guard component gets locked up,
when it is running in the context of a program that is supervised by Sandboxie v4 and trying to block access to some resource.
My workaround is for programs in the sandbox to bypass some of the hooks placed by Program Guard. This may not work in all system configurations as other hooks inserted by other security software may confuse this workaround.
Also, the workaround is currently limited to the few Program Guard hooks that I found to be relevant. You may still get lock up,
in that case please tell me which program is triggering the lock up. It is easy to find out which program triggered the lock up,
by restarting the computer after the lock up, and inspecting the History view in Online Armor and locate a history entry for a
resource that was blocked.
Please note: From my checks and my point of view, it seems the Online Armor Program Guard component gets locked up,
when it is running in the context of a program that is supervised by Sandboxie v4 and trying to block access to some resource.
My workaround is for programs in the sandbox to bypass some of the hooks placed by Program Guard. This may not work in all system configurations as other hooks inserted by other security software may confuse this workaround.
Also, the workaround is currently limited to the few Program Guard hooks that I found to be relevant. You may still get lock up,
in that case please tell me which program is triggering the lock up. It is easy to find out which program triggered the lock up,
by restarting the computer after the lock up, and inspecting the History view in Online Armor and locate a history entry for a
resource that was blocked.
tzuk
Who is online
Users browsing this forum: No registered users and 0 guests