Qihoo 360 Total Security

[mart]

Windows 8.1
Chrome version 41 (64-bit)
Qihoo 360 Total Security version 6.2.0.1027
Sandboxie Beta Version 4.17.2

Qihoo Total Security uses a browser extension called '360 Web Threat Protection', When enabled, this causes the following message:

SBIE2335 Initialization failed for process 360webshield.exe [33 / 0]

Qihoo comes with its own sandbox. I have this set to: 'Virtual sandbox is disabled'.

Edit: The extension is added by right-clicking on the Qihoo icon in the System Tray and going into 'Settings'. Go to: 'Active Protection > Chrome > Install'. This opens the Chrome Web Store and the extension is installed from there.

[adrianvincent]

I'm seeing the same problem on a Windows 7 SP1 64 bit installation but not on Windows 7 SP1 32 bit.

The PC showing the problem has the following set-up

Windows 7 Home Premium 64 bit SP1 with no updates
Sandboxie 5.06 64 bit
Google Chrome Version 48.0.2564.97 (presumably 64 bit)
Chrome has the following Extension installed (available from Chrome webstore) 360 Internet Protection Version 2.0.14

If I try to run Chrome in Sandboxie on this PC I get the message "SBIE2335 Initialization failed for process 360webshield.exe [33 / 0]"
and I can see 360webshield.exe isn't running in my Sandbox

However, on a PC running Windows 7 Home Premium 32 bit SP1 with no updates there's no problem, 360webshield.exe starts OK
and I can see it running in my Sandbox. The Chrome, Sandboxie and 360Webshield versions are the same, but they are the 32 bit versions.

Any advice? I've tried adding the extension into Chrome whilst Chrome was running in the Sandbox, and I've tried adding it to Chrome outside the Sandbox. But whatever route I take on the 64 bit machine, when I try running Chrome with the extension in the sandbox, I get the error message.

Adrian

[Craig@Invincea]

I'm seeing the same problem on a Windows 7 SP1 64 bit installation but not on Windows 7 SP1 32 bit.

The PC showing the problem has the following set-up

Windows 7 Home Premium 64 bit SP1 with no updates
Sandboxie 5.06 64 bit
Google Chrome Version 48.0.2564.97 (presumably 64 bit)
Chrome has the following Extension installed (available from Chrome webstore) 360 Internet Protection Version 2.0.14

If I try to run Chrome in Sandboxie on this PC I get the message "SBIE2335 Initialization failed for process 360webshield.exe [33 / 0]"
and I can see 360webshield.exe isn't running in my Sandbox

However, on a PC running Windows 7 Home Premium 32 bit SP1 with no updates there's no problem, 360webshield.exe starts OK
and I can see it running in my Sandbox. The Chrome, Sandboxie and 360Webshield versions are the same, but they are the 32 bit versions.

Any advice? I've tried adding the extension into Chrome whilst Chrome was running in the Sandbox, and I've tried adding it to Chrome outside the Sandbox. But whatever route I take on the 64 bit machine, when I try running Chrome with the extension in the sandbox, I get the error message.

Adrian

You can confirm if Chrome is 64 bit by clicking the (3) horizontal pancake lines on the upper right corner of chrome, help>About google chrome (if will give version number & specify 64 bit.)

Default installs are 32 bit, even on a 64 bit system unless you specify otherwise.

Little confused, you said you "take this route on the 64 bit" machine..you get the error. As a machine, you mean a totally Windows 64 bit machine? Different than the 32 bit machine?

I've tested this A/V recently. Both 32/64 Windows. With not problems (As related to Windows and SBIE)

However, It was the default installation (which included everything "On.") and under 32 bit web browsers (we don't test A/V browser extensions....) as they are problematic, if they work..great. If not...remove them.

And yes, the best way to install that extension is outside of the sandbox. Make sure the extension is out to date. Close Chrome, Re launch Chrome again (not sandboxed) and confirm it is indeed on.

I'd then DELETE the contents of your sandbox before launching Chrome in there with that extension enabled.

[adrianvincent]

Thanks for your quick reply.

Considering the PC with 64 bit Windows installed, I did some checking.

1) The Windows 7 Home Premium Version is 6.1.7601 Build 7601
2) I have 360 Total Security Version 8.2.0.1066 installed (not sure if this is a 64 or 32 bit version - it doesn't say, but it is installed in C:\Program files (x86), so I presume it's 32 bit)
3) I uninstalled Google Chrome and deleted browsing history
4) I deleted the contents of my Sandbox
5) I downloaded and reinstalled Chrome 48.0.2564.97 (not in SandBox) and set as my default browser. I think it's the 32 bit Version, it's in Program Files (x86)
6) I ran Chrome (not in Sandbox) and checked Extensions, only the default Google Docs 0.9, Google Docs Offline 1.1, Google Sheets 1.1 and Google Slides 0.9 are there.
7) I closed Chrome
8 ) I right-clicked on my Sandbox>Run Sandboxed>Run Web Browser, everything works fine. Google opens and runs in Sandbox with no SBIE error message.
9) I closed Chrome and deleted contents of my Sandbox
10) I ran Chrome (not in Sandbox) and added extension 360 Internet Protection 2.0.14 from chrome.google.com/webstore.
11) Closed and reopened Chrome everything OK, extension has been added.
12) I right-clicked on my Sandbox>Run Sandboxed>Run Web Browser, now I get the error message "SBIE2335 Initialization failed for process 360webshield.exe [33 / 0]"
13) Checking Sandbox I see Chrome is running, but 360webshield.exe is not there

If I carry out the test same sequence on my other PC, (which has Windows 7 SP1 32 bit installed), everything is OK, I get no error message at Step 12, and at step 13 I see that both chrome and 360webshield.exe are running in the Sandbox.

Any ideas?

[Craig@Invincea]

All this add on does, is give you access to their malicious URL database. Which, Google Chrome already does for you. You can set SBIE up to make sure you're using it in Sandboxie Control > Sandbox Settings > Applications > Web Browser > Google Chrome

I can say that the webstore add on was not tested. Unless web protection is installed with the core program, the type of addons are not added when A/V is tested.

It appears that the add on extension needs to communicate to the 360.exe program on your host. That by default maybe troublesome considering SBIE would block that. You may need to edit the sandboxie.ini file to allow it to communication, but you're punching a hole in the sandbox http://www.sandboxie.com/index.php?OpenFilePath

I would recommend you not do this. Add ons / Tools bar related to AV have a long history of causing issues. It's something you simply do not need when running sandboxed.

[adrianvincent]

Many thanks again for your reply

As an experiment, I tried adding OpenFilePath=360webshield.exe into my Sandbox ini file, but I still get the error message. I even tried (as a very temporary experiment!) adding OpenFilePath=C:\ into my Sandbox ini file, but I still get the error message. The strange thing is that the problem doesn't occur on my other PC which is running Win 7 SP1 32 bit.

Anyway, I take your point that maybe I don't need to run the AV plugin. However the plugin claims to do more than block malicious URLs. It claims to also check downloads.

OK. Suppose if I don't use the plugin, but I do run 360 Total Security AV outside the Sandbox. Would you expect the AV to be able automatically check any downloads in Chrome, within the Sandbox? For example suppose I accidentally download an .exe which contains a virus using Chrome in my Sandbox. Does the AV see this download during the download process inside the Sandbox? If not, will it see it if I run the .exe within the Sandbox? Or maybe it only detects it when I recover the file? Or have I misunderstood altogether, do I need to run my AV inside the Sandbox? Sorry for my dumb questions.

[Craig@Invincea]

Many thanks again for your reply

As an experiment, I tried adding OpenFilePath=360webshield.exe into my Sandbox ini file, but I still get the error message. I even tried (as a very temporary experiment!) adding OpenFilePath=C:\ into my Sandbox ini file, but I still get the error message. The strange thing is that the problem doesn't occur on my other PC which is running Win 7 SP1 32 bit.

Anyway, I take your point that maybe I don't need to run the AV plugin. However the plugin claims to do more than block malicious URLs. It claims to also check downloads.

OK. Suppose if I don't use the plugin, but I do run 360 Total Security AV outside the Sandbox. Would you expect the AV to be able automatically check any downloads in Chrome, within the Sandbox? For example suppose I accidentally download an .exe which contains a virus using Chrome in my Sandbox. Does the AV see this download during the download process inside the Sandbox? If not, will it see it if I run the .exe within the Sandbox? Or maybe it only detects it when I recover the file? Or have I misunderstood altogether, do I need to run my AV inside the Sandbox? Sorry for my dumb questions.

Most A/V software will "see" downloads coming into the sandbox session. I cannot speak specifically for this one. Of course, once you recover it to your host machine..it's on your machine. The you hope that this A/V can detect any and all malicious exploits. Once you commit to moving that file to your host, you're outside of the isolation and at the mercy to your local A/V product.

[bo.elam]

Would you expect the AV to be able automatically check any downloads in Chrome, within the Sandbox? For example suppose I accidentally download an .exe which contains a virus using Chrome in my Sandbox. Does the AV see this download during the download process inside the Sandbox? If not, will it see it if I run the .exe within the Sandbox? Or maybe it only detects it when I recover the file? Or have I misunderstood altogether, do I need to run my AV inside the Sandbox? Sorry for my dumb questions.

I think most antiviruses check the download as they are created in the PC. If Qihoo works that way and its working properly along SBIE, then it should scan downloads as they get created in the sandbox. You can test to see if Qihoo scans files within the sandbox by running the Eicar test.
http://www.eicar.org/85-0-Download.html

One way you can avoid depending on antiviruses after you recover files out of your browser sandbox is to continue running files sandboxed even after they are recovered. Thats exactly what I do. For example, you can set a folder as your Downloads folder and force this folder, that way files that run out of there, would run sandboxed automatically. This is perfect for exes you download. Any exe that executes out of a forced folder, runs sandboxed.

Bo

[adrianvincent]

Excellent, many thanks for your help. I tried downloading the EICAR virus test files with following results.

eicar.com was deleted by my AV as it was downloaded
eicar.com.txt was deleted by my AV as it was downloaded
eicar_com.zip was downloaded OK, but as soon as I opened the zip file the content was deleted by my AV
eicarcom2.zip was downloaded OK, but as soon as I opened the zip file the content was deleted by my AV

My setup is as follows

Browser - Google Chrome 48.0.2564.97 running inside Sandboxie 5.06 64 bit
AV - 360 Total Security 8.2.0.1066 running outside the Sandboxie
AV - 360 Internet Protection Plugin/Extension V2.0.14 for Chrome - not installed
OS - Windows 7 SP1 Home Premium 64 bit with no updates

So it seems that 360 Total Security can detect Viruses downloaded by Chrome inside Sandboxie without needing the AV Plugin. I'm happy!

Problem solved, I'm happy not to use the AV plugin.