Antivirus/Anti-malware|SBIE v5+[working/not][Updated 7/14/17]

[nicknomo]

Hello nicknomo,

You can either disable BitDefender, or add "WriteFilePath=C:Program Files\Bitdefender Antivirus Free\*" to your Global configuration in Sandboxie.

Open Sandboxie Control --> Configure --> Edit configuration
Paste the following at the end of [GlobalSettings]
WriteFilePath=C:\Program Files\Bitdefender Antivirus Free\*

Let me know if that works.

Regards,
Barb.-

Thanks for the help...

[Chr1s]

Hello nicknomo,

You can either disable BitDefender, or add "WriteFilePath=C:Program Files\Bitdefender Antivirus Free\*" to your Global configuration in Sandboxie.

Open Sandboxie Control --> Configure --> Edit configuration
Paste the following at the end of [GlobalSettings]
WriteFilePath=C:\Program Files\Bitdefender Antivirus Free\*

Let me know if that works.

Regards,
Barb.-

Thanks for the help...

Finally found a solution to this issue... thanks.
Isn't it possible for sanboxie to automatically change its config if bitdefender free is detected?

[lopezgreat]

report: firefox will not work with sandboxie using symantec endpoint protection (generic exploit mitigation enabled)

btw so what antivirus & firewall is compatible with sandboxie now?

[Barb@Invincea]

Hello lopezgreat,

What is the exact issue that you are experiencing?

See the first page of this post for possible options:
viewtopic.php?f=11&t=21539

Regards,
Barb.-

[Barb@Invincea]

All,

Regarding ESET and a possible SBIE2101 error with Firefox:

viewtopic.php?f=61&t=24329&p=129027#p129021

Regards,
Barb.-

[Syrinx]

I took BitDefender Total Security 2018 for a test run in a Windows 10 x64 CU VM after seeing some posts here and also got the -4 errors.

Longish story short I found that I could stop these errors and prevent the program (in this case firefox) from crashing by blocking the related "BitDefender Active Threat Control Usermode Filter" dll from getting loaded in the sandboxed process.
Adding something like ClosedFilePath=*atcuf*.dll did the trick in my tests and should work across BitDefender builds with different folder structures but carries a small risk of catching a similarly named (but unrelated) dll

In the end using something like

Code: Select all

ClosedFilePath=*BitDefender*atcuf*.dll

wouldn't carry such a risk and it should do the trick across build types [untested].

This method would be slightly better IMO as it blocks access to the involved dll in order to prevent the crash but also allows the other BD dlls to get injected normally so that less 'potential protection' is lost for the sandboxed app(s).

[Syrinx]

I looked over the first page again and noticed the Kaspersky entry still says:

Kaspersky Internet 2015/16 (Windows 10, and 8/8.1 as well) (Must be removed for SBIE to function correctly) [On Win 7/8.1 that have SBIE excluded in KIS 2015, users have had some success ]

I haven't checked it recently but back when I did last a similar .dll block as the BD one mentioned above did the trick in my tests.

viewtopic.php?f=11&t=23420&p=124072#p124069

Code: Select all

ClosedFilePath=*klsihk*.dll

Figured I might as well tack it on here as well even if it is rather belated.

[searchlight4759]

I took BitDefender Total Security 2018 for a test run in a Windows 10 x64 CU VM after seeing some posts here and also got the -4 errors.

Longish story short I found that I could stop these errors and prevent the program (in this case firefox) from crashing by blocking the related "BitDefender Active Threat Control Usermode Filter" dll from getting loaded in the sandboxed process.
Adding something like ClosedFilePath=*atcuf*.dll did the trick in my tests and should work across BitDefender builds with different folder structures but carries a small risk of catching a similarly named (but unrelated) dll

In the end using something like

Code: Select all

ClosedFilePath=*BitDefender*atcuf*.dll

wouldn't carry such a risk and it should do the trick across build types [untested].

This method would be slightly better IMO as it blocks access to the involved dll in order to prevent the crash but also allows the other BD dlls to get injected normally so that less 'potential protection' is lost for the sandboxed app(s).

I have the same BitDefender as you, and same problem. I inserted this line at the end of Global Settings, and now there is no conflict while running with BTS 2018, no error messages appear. I am assuming this is correct, and will not compromise my PC or Browser security?

Btw, will this custom workaround be added or hard coded into v5.21 so that BTS 2018 can work with Sandboxie with no further conflicts?

[Syrinx]

I have the same BitDefender as you, and same problem. I inserted this line at the end of Global Settings, and now there is no conflict while running with BTS 2018, no error messages appear. I am assuming this is correct, and will not compromise my PC or Browser security?

It will not compromise your PC or general browser security per se as it will only affect applications ran inside sandboxie. Most of the BitDefender protections will still be applied normally, including traditional signature scans and the Active Virus Control Usermode Filtering Library. By denying access to the ATC dll, which is involved in the crash, we have specifically cut out part of the usermode side of BitDefenders ATC Monitoring but just for sandboxed apps. I'm fairly at ease saying you won't be missing out on much in the case of BD ATC, so far as I understand it, because most of its protections are redundant or irrelevant when the application in question is already running inside SBIE IMHO.

[searchlight4759]

Thanks for the reply.

Is this workaround going to appear in v5.21 when it is released, or will it be standard for those using BitDefender to manually make the adjustment as you described in the global settings?

[Barb@Invincea]

Hello searchlight4759,

After workarounds are reviewed by the devs, they might get added to a future beta / release of Sandboxie.
When that happens, a notification is added to the original posts, and there is also a mention in the build's notes about it.

Regards,
Barb.-

[bjm]

FWIW
ZoneAlarm Free Antivirus + Firewall version: 15.1.504.17269 feels okay.
Sandboxie processes may be set to any Trust Level.

972.png

YMMV

W10 + Fx55.0.3

[Syrinx]

It seems a newer version of AVG (17) now causes problems with some apps, mainly browsers and pdf readers when they are ran in SBIE.
viewtopic.php?f=11&t=24849
viewtopic.php?f=11&t=24840
viewtopic.php?f=11&t=24841

You can add this in the boxes you are having problems with alongside the new version of AVG to prevent the crash.

Code: Select all

ClosedFilePath=*avg*snxhk*.dll

or via the GUI Sandbox Settings > Resource Access > File Access > Blocked Access > Add >

Code: Select all

*avg*snxhk*.dll

[Tambourineman]

I took BitDefender Total Security 2018 for a test run in a Windows 10 x64 CU VM after seeing some posts here and also got the -4 errors.

Longish story short I found that I could stop these errors and prevent the program (in this case firefox) from crashing by blocking the related "BitDefender Active Threat Control Usermode Filter" dll from getting loaded in the sandboxed process.
Adding something like ClosedFilePath=*atcuf*.dll did the trick in my tests and should work across BitDefender builds with different folder structures but carries a small risk of catching a similarly named (but unrelated) dll

In the end using something like

Code: Select all

ClosedFilePath=*BitDefender*atcuf*.dll

wouldn't carry such a risk and it should do the trick across build types [untested].

This method would be slightly better IMO as it blocks access to the involved dll in order to prevent the crash but also allows the other BD dlls to get injected normally so that less 'potential protection' is lost for the sandboxed app(s).

BitDefender just updated my Total Security 2017 to 2018 and Sandboxie stopped starting. I tried disabling every BD TS module, but no joy. I un-installed BD TSand now Sandboxie starts and runs again. I will reinstall BD TS and try these fixes. Thanks so much for posting them.

[lopezgreat]

report:
sandboxie 5.20 NOT working with Symantec endpoint protection v14 when Generic Exploit Mitigation enabled (tried sandboxied firefox with error 0xc0000142)

works when Generic exploit mitigation turned off

btw so with sandboxie we can only use windows build-in firewall?