Keylogger blocked by sandboxie - Windows Server
Posted: Wed Nov 29, 2017 11:14 am
Hi,
I am running a program that "might" be dangerous regarding its use of graphics cards memory and it does need internet access to run.
I have setup a seperate normal user account for just that program to run in and have used NTFS permissions to block off all folders and drives except C:\windows. I have used GPO settings to block control panel and settings and regedit and powershell. The program does need the cmd though as well as windows gui forms etc.
This program runs in the sandbox on that account used only for this program. NTFS permissions deny that account access to all browsers.
Is it possible for the program to view other user's video memory - it does not run as admin and no permissions are asked? Also is the sandboxed program able to run key logging on other user accounts whilst running in the sandbox.
All normal actions take place in other user accounts and outside of the sandbox. The "rogue" program runs in the sandbox.
I tried using a legitimate keylogger to test if it could see outside the sandbox and it was not able to!
The OS is Windows server 2016.
I would appreciate all advice on if it can view outside the sandbox e.g. other user screen memory and keyboard events. And any other advice to lockdown the system.
Thanks!!!
I am running a program that "might" be dangerous regarding its use of graphics cards memory and it does need internet access to run.
I have setup a seperate normal user account for just that program to run in and have used NTFS permissions to block off all folders and drives except C:\windows. I have used GPO settings to block control panel and settings and regedit and powershell. The program does need the cmd though as well as windows gui forms etc.
This program runs in the sandbox on that account used only for this program. NTFS permissions deny that account access to all browsers.
Is it possible for the program to view other user's video memory - it does not run as admin and no permissions are asked? Also is the sandboxed program able to run key logging on other user accounts whilst running in the sandbox.
All normal actions take place in other user accounts and outside of the sandbox. The "rogue" program runs in the sandbox.
I tried using a legitimate keylogger to test if it could see outside the sandbox and it was not able to!
The OS is Windows server 2016.
I would appreciate all advice on if it can view outside the sandbox e.g. other user screen memory and keyboard events. And any other advice to lockdown the system.
Thanks!!!