The Anti-Sandboxie Rats use. Was this patched?

ericprince811 · Post by **ericprince811** » Thu Jun 15, 2017 12:09 pm

Yes i found some troubling information about rats that can get around the sandbox with coding.
This link shows you can patch a server but not sandboxie itself.
https://www.youtube.com/watch?v=vhBooSrRtnc

I am concerned with this considering I am seeing cmd.exe launch whenever chrome is launched. And it is attached to sandboxie. So bottom line is this issue been dealt with or are we still at risk?

RooJ · Post by **RooJ** » Fri Jun 16, 2017 5:37 am

ericprince811 wrote: ↑
Thu Jun 15, 2017 12:09 pm
Yes i found some troubling information about rats that can get around the sandbox with coding.
This link shows you can patch a server but not sandboxie itself.
https://www.youtube.com/watch?v=vhBooSrRtnc

I am concerned with this considering I am seeing cmd.exe launch whenever chrome is launched. And it is attached to sandboxie. So bottom line is this issue been dealt with or are we still at risk?

The link seems to be showing someone modding the sub7 rat so that it (sub7) doesn't detect sandboxie (by changing the check for SbieDll.dll), it's not in any way getting around sandboxie, sandboxie is doing it's job and protecting the system.

Malware often checks if it is being executed in a sandbox in order to avoid analysis by security researchers; In the example you provided for instance it's sub7 that's stopping it's own execution in the first example, not sandboxie closing it. This is just showing how you can modify the sub7 sandbox check in order to run the program in sandboxie (presumably to analyse sub7), sandboxie will still sandbox the program.

ericprince811 · Post by **ericprince811** » Fri Jun 16, 2017 5:45 pm

But for this it shows that it was able to re-open itself after termination. If that is the case can it re-write itself even after the contents are deleted.

Post by **Barb@Invincea** » Mon Jun 19, 2017 11:40 am

Hello ericprince811 ,

Once you delete the contents of the Sandbox, all the applications that were inside it will be gone from your system.

There is also a way to do a Secure Delete, you can find more info here:
https://www.sandboxie.com/index.php?SecureDeleteSandbox

Regards,
Barb.-

RooJ · Post by **RooJ** » Mon Jun 19, 2017 2:54 pm

ericprince811 wrote: ↑
Fri Jun 16, 2017 5:45 pm
But for this it shows that it was able to re-open itself after termination. If that is the case can it re-write itself even after the contents are deleted.

No, it doesn't re-open itself after termination. Every time it starts it is executed by the user who drags the exe into sandboxie.

Dan_Br0673 · Post by **Dan_Br0673** » Sun Jul 30, 2017 10:02 am

Barb@Invincea wrote: ↑
Mon Jun 19, 2017 11:40 am
Hello ericprince811 ,

Once you delete the contents of the Sandbox, all the applications that were inside it will be gone from your system.

There is also a way to do a Secure Delete, you can find more info here:
https://www.sandboxie.com/index.php?SecureDeleteSandbox

Regards,
Barb.-

I run my sandbox in a ram drive, that should terminate everything once you shut down or restart the computer. I also set Sandboxie to "delete all contents at close also

henryg · Post by **henryg** » Mon Jul 31, 2017 9:26 am

Dan_Br0673 wrote: ↑
Sun Jul 30, 2017 10:02 am
I run my sandbox in a ram drive, that should terminate everything once you shut down or restart the computer. I also set Sandboxie to "delete all contents at close also

Me too, although I have auto-delete and non-delete sandboxes; until system close of course when all disappears.

Sandboxie Support

The Anti-Sandboxie Rats use. Was this patched?

The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Re: The Anti-Sandboxie Rats use. Was this patched?

Who is online