Sandboxie 4.02/4.04 not fully compatible with EMET 4.0
Sandboxie 4.02/4.04 not fully compatible with EMET 4.0
OS:Windows 7 32 bit
Sandboxie Version:4.02/4.04
Problem:When use Sandboxie's right click button to start any program, even the program is under EMET list, EMET.dll still won't be loaded, but if let Sandboxie open Windows Explorer first, than open the program, EMET.dll will be loaded properly. The problem is the same as http://www.sandboxie.com/phpbb/viewtopic.php?t=15260
Also even add SandboxieDcomLaunch.exe, SandboxieRpcSs.exe to EMET list, EMET.dll won't be loaded, they will not be protected by EMET; but SbieCtrl.exe, SbieSvc.exe is ok, will show they are protected by EMET, that make me confuse.
Please take a look of this problem, thank you.
Sandboxie Version:4.02/4.04
Problem:When use Sandboxie's right click button to start any program, even the program is under EMET list, EMET.dll still won't be loaded, but if let Sandboxie open Windows Explorer first, than open the program, EMET.dll will be loaded properly. The problem is the same as http://www.sandboxie.com/phpbb/viewtopic.php?t=15260
Also even add SandboxieDcomLaunch.exe, SandboxieRpcSs.exe to EMET list, EMET.dll won't be loaded, they will not be protected by EMET; but SbieCtrl.exe, SbieSvc.exe is ok, will show they are protected by EMET, that make me confuse.
Please take a look of this problem, thank you.
-
- Posts: 291
- Joined: Wed Jul 04, 2012 6:40 pm
- Location: St. Louis area
Of course the child processes get it OK. Start.exe is not involved in starting them, which seems to be the problem!
Hasn't this been the case each time there's an issue...?
Hasn't this been the case each time there's an issue...?
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days?
I looked into this and I can see the problem, but I don't know if I am going to fix it.
The thing is that I want to prevent the "application compatibility layer" DLL (AppHelp.dll) from loading into Sandboxie programs like Start.exe because if one mistakenly sets the option "run this program in compatibility mode for another versions of Windows" then it introduces strange problems in Sandboxie. This has happened in the past.
On the other hand, EMET is relying on that DLL to inject itself into programs, and therein lies the problem, because Start.exe does not load the AppHelp.dll.
Now one kind of fix is to run your browser as a forced program and then Start.exe is not involved and EMET DLLs are injected correctly, but I understand not everyone uses the forced program feature.
So a possible workaround is to create a special shortcut that uses an intermediate program. Right-click New > Shortcut on the desktop, then paste:
So you're getting Explorer.exe to launch Internet Explorer (or whatever browser) and Explorer.exe will load AppHelp.dll and will inject EMET into the new process it is starting.
Hope this helps.
The thing is that I want to prevent the "application compatibility layer" DLL (AppHelp.dll) from loading into Sandboxie programs like Start.exe because if one mistakenly sets the option "run this program in compatibility mode for another versions of Windows" then it introduces strange problems in Sandboxie. This has happened in the past.
On the other hand, EMET is relying on that DLL to inject itself into programs, and therein lies the problem, because Start.exe does not load the AppHelp.dll.
Now one kind of fix is to run your browser as a forced program and then Start.exe is not involved and EMET DLLs are injected correctly, but I understand not everyone uses the forced program feature.
So a possible workaround is to create a special shortcut that uses an intermediate program. Right-click New > Shortcut on the desktop, then paste:
Code: Select all
"C:\Program Files\Sandboxie\Start.exe" explorer "C:\Program Files\Internet Explorer\iexplore.exe"
Hope this helps.
tzuk
Sorry for potentially hijacking this thread, but I was wondering whether this workaround would also fix this issue?:tzuk wrote:I looked into this and I can see the problem, but I don't know if I am going to fix it.
The thing is that I want to prevent the "application compatibility layer" DLL (AppHelp.dll) from loading into Sandboxie programs like Start.exe because if one mistakenly sets the option "run this program in compatibility mode for another versions of Windows" then it introduces strange problems in Sandboxie. This has happened in the past.
On the other hand, EMET is relying on that DLL to inject itself into programs, and therein lies the problem, because Start.exe does not load the AppHelp.dll.
Now one kind of fix is to run your browser as a forced program and then Start.exe is not involved and EMET DLLs are injected correctly, but I understand not everyone uses the forced program feature.
So a possible workaround is to create a special shortcut that uses an intermediate program. Right-click New > Shortcut on the desktop, then paste:
So you're getting Explorer.exe to launch Internet Explorer (or whatever browser) and Explorer.exe will load AppHelp.dll and will inject EMET into the new process it is starting.Code: Select all
"C:\Program Files\Sandboxie\Start.exe" explorer "C:\Program Files\Internet Explorer\iexplore.exe"
Hope this helps.
http://www.sandboxie.com/phpbb/viewtopic.php?t=15797
Sandboxie + SUA + DEP
Windows Firewall + NAT Router
Drive SnapShot (on-demand)
Windows Firewall + NAT Router
Drive SnapShot (on-demand)
Thanks for the workaround. But, I know it is difficult, I still hope one day there is a normal way to use EMET 4 with Sandboxie 4 without using other workaround.
Also can you please take a look of Malwarebytes Anti-Exploit?It has a similar problem, too.
The three products both have ability to protect user from zero day exploit, if user can combine these together, I think it will very effective to defend bad things from web.
Also can you please take a look of Malwarebytes Anti-Exploit?It has a similar problem, too.
The three products both have ability to protect user from zero day exploit, if user can combine these together, I think it will very effective to defend bad things from web.
Who is online
Users browsing this forum: No registered users and 0 guests