Service not implemented for Firefox

[Sandboxie User]

Hi, according to this page, it says:

Kaspersky Products (2015, 2016, 2017)

Home Page: http://www.kaspersky.com

Problem: "Service not implemented" error when running Sandboxie and / or Sandboxie will crash with KS 2015/16/17 installed (Win 10, 8 & 8.1)

Solution: For Windows 7, you must add Sandboxie Folder to Kaspersky's 'Threats and Exclusions' section for KIS 2015/2016 in Windows 7.

For Windows 8/8.1 & Win 10 -KS 2015 and 2016/2017 is not compatible with Sandboxie. Kaspersky must NOT be installed, otherwise Sandboxie will not work.

IT'S BEST TO NOT HAVE ANY KASPERSKY PRODUCTS INSTALLED. DISABLING WILL NOT WORK. We've instructed KIS what they need to change in their code, at this time, they have not. Thus, their code disrupts Sandboxie.

And I have done that yet the problem still persist, so it doesn't work for Firefox? Check this

Exclusion screenie

Untitled.png (26.37 KiB) Viewed 1235 times

and this

Service not implemented

Capture.PNG (36.26 KiB) Viewed 1235 times

attachment for screenshot.

[bo.elam]

Kaspersky is not compatible with Sandboxie. You should uninstall it.

Bo

[Sandboxie User]

Kaspersky is not compatible with Sandboxie. You should uninstall it.

Bo

Sorry for late reply, got busy and forgot about this.

So you're telling me I should give up my 30 years worth of licensing(Because that's how much I like Kaspersky as it's guarded me well over the past few years. It's split among computers in total of course - otherwise 30 years for a single computer does seem pretty silly and expensive) for Kaspersky Internet Security (KIS) and use what?

I tested this with previous versions of Sandboxie, and I found that version 3.76 seems to work perfectly fine(both Chrome and Firefox - with this new version neither Chrome or Firefox will open if you have KIS installed and running), however later versions don't...it seems you've done something that made it incompatible somehow..... Obviously the latest version should supposedly be more stable and bug free which is why I wish to run the latest version of Sandboxie over 3.76.

[bo.elam]

..it seems you've done something that made it incompatible somehow....

As I understand it, ts old code leftovers in Kaspersky what interferes with Sandboxie. Thats why there is conflict and the result being that you cant use SBIE and KIS at the same time.

Bo

[Syrinx]

https://forum.kaspersky.com/index.php?s ... &p=2483066

Issue with Sandboxie will be fixed in the future

https://forum.kaspersky.com/index.php?s ... &p=2491553

There is no release date right here & now.....other than it is on the list of known issues to be fixed.

https://forum.kaspersky.com/index.php?s ... &p=2540215
SBIE support:

Why KIS hooks at the level SBIE would for that process is unknown to our Devs and a bit troublesome for an A/V Product. Few, if any do that.

I understand where you are coming from and even some of the posts I didn't quote from the thread mirror my belief that prevention is better than containment and I've went on rants here about how the corporate Invincea products also seem to share this thought but the reality is just this:

Kaspersky changed something in their code that interferes with Sandboxie so unless Kaspersky is able to work around it and still keep the same level of protection (which seems to be implied from the responses quoted above) but just haven't gotten around to it... and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something. Regardless of who is at fault, a choice by the user will be required as they simply do not play well together at this time.

Unless you're on XP or Vista, 3.76 shouldn't be used (or even on those if at all possible), especially on x64 systems.
http://forums.sandboxie.com/phpBB3/view ... 90#p120187

It will stop working after certain updates. Version 5.05 of SBIE was broken after patch Tuesday updates back in Oct 2015 that rendered SBIE unusable in OS's from Win 7 through Win 10.

[Sandboxie User]

..it seems you've done something that made it incompatible somehow....

As I understand it, ts old code leftovers in Kaspersky what interferes with Sandboxie. Thats why there is conflict and the result being that you cant use SBIE and KIS at the same time.

Bo

ts old coode?

https://forum.kaspersky.com/index.php?s ... &p=2483066

Issue with Sandboxie will be fixed in the future

Ok, that's nice to know.....

https://forum.kaspersky.com/index.php?s ... &p=2491553

There is no release date right here & now.....other than it is on the list of known issues to be fixed.

Ok, at least they know it's a known issue and will be fixed, however it looks like they aren't even interested in getting it *done* asap...so I guess expect it to never be fixed...if ever?

https://forum.kaspersky.com/index.php?s ... &p=2540215
SBIE support:

Why KIS hooks at the level SBIE would for that process is unknown to our Devs and a bit troublesome for an A/V Product. Few, if any do that.

Isn't that why KIS is among one of the best AV products to own on your computer...?

I understand where you are coming from and even some of the posts I didn't quote from the thread mirror my belief that prevention is better than containment and I've went on rants here about how the corporate Invincea products also seem to share this thought

In general, yes prevention is better than containment in my opinion, however if prevention fails, at least you have a second layer that is containment to confine them. Also depending on the situation, containment would be better, for example if you're just testing something you suspect could be malware but would like to still see what it does - so analysis of malware. But the reason why I run Sandboxie is for a two protection system, prevention being the first that gets hit by malware and if that fails, at least I have containment....and if both fail...well then I'm big (censored). hahaha

but the reality is just this:

Kaspersky changed something in their code that interferes with Sandboxie so unless Kaspersky is able to work around it and still keep the same level of protection (which seems to be implied from the responses quoted above) but just haven't gotten around to it... and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something. Regardless of who is at fault, a choice by the user will be required as they simply do not play well together at this time.

If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?

Ok, so I tried other browsers, and it looks like Opera works with the latest version of Sandboxie AND KIS running. So how come Opera works but not Chrome or Firefox? Maybe we need to pull the devs from Chrome and Firefox into this mess too?

Agh, frustrating that I can't use my favorite web browser with Sandboxie as it would seem KIS is to blame......

Unless you're on XP or Vista, 3.76 shouldn't be used (or even on those if at all possible), especially on x64 systems.
http://forums.sandboxie.com/phpBB3/view ... 90#p120187

It will stop working after certain updates. Version 5.05 of SBIE was broken after patch Tuesday updates back in Oct 2015 that rendered SBIE unusable in OS's from Win 7 through Win 10.

64-bit Windows XP doesn't even work with Sandboxie as I've discovered already and I don't have any computers running Vista.

Pretty lame, owning both KIS and Sandboxie and I have to choose between the two if I want to run Firefox....... *sigh*

[Syrinx]

If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?

Not exactly, no. Sbie 4.x was a huge redesign. 3.x and below used kernel hooks (major reason it didn't work with x64) and a specific deny approach. With 4.x that got turned around to use ANONYMOUS LOGON [think default deny] and making certain things which it is normally blocked from accessing 'allowed' via the service and some internal rules. That's what I get from it anyway, that may not be accurate...Anyway, I played with it a little tonight for the first time:

I haven't tested this thoroughly and I'm sure you lose some, if not most, of the extra protections kaspersky might offer for browsers but here's a potential workaround:
Only tested on a Windows XP VM with SBIE 5.14 & a trial of Kaspersky Total Security 17.0.0.611 so far...

In sandboxie and the box you want to use with firefox (I suggest having a separate one)
Sandbox Settings > Resource Access > File Access > Blocked Access > Edit/Add

Code: Select all

*klsihk*.dll

This allowed me to launch firefox sandboxed without all the service errors or crashes. Even if it works for you I can't say how much doing this will amputate Kasperskys other protections but if you really want to use both of them together it might be worth considering as a possible workaround? Assuming it even works for you like it did me of course....

[Syrinx]

Did a couple more tests on Windows 7 x64 / Windows 10 x64 with SBIE 5.14, Kaspersky and Firefox.
Blocking that dll seemed to do the trick in both of them as well but my tests were not extensive.

I'm guessing that the problem is somehow related to its attempts at hooking KiUserCallbackDispatcher? Beyond that guess though I haven't a clue what's actually going on.

[Syrinx]

After testing it myself (see above) and figuring out what was causing this issue I felt the need to update/correct an area where I had posted before.

and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something.

Now that I (believe I) understand what's going on this statement is incorrect. [That is of course if I actually found the issue at hand]
Before I had assumed it was some kernel level struggle but that doesn't seem to be the case from what I have seen.

It doesn't have to do with SBIE being unable to access something (or do its job) but instead it is Kaspersky attempting to do something via this dll [inside the box/program] which Sandboxie is unwilling to let it do. Sure, Invincea could likely add a routine to allow it to pass through but then malware could also use this avenue in an escape attempt. /cough

As I don't understand the Windows APIs enough to say one way or the other (heck, maybe I'm completely wrong!) I wouldn't feel correct saying that Sandboxie is in the right here but I do wonder why Kaspersky would attempt a userland hook for an API that is meant to run usermode code from a kernel process. /me just got a headache from trying to sound like I know what I'm talking about, I DON'T!
[This implies to me that such a kernel process already exists and expects to handle it but like I said, I'm not a Windows pro (or any type of dev) so, doh!] Surely it would make more sense to control this via a driver or service to start with? Anyway, I'm just talking out my butt here so please feel free to ignore my likely incorrect drunken ramblings on this one...

/me is ready fer skool! :D

[Sandboxie User]

That's right, I had a thread going on on this topic that I must have forgotten about, sorry!

If that was the case, then wouldn't version 3.76 of Sandboxie not work with the latest version of KIS?

Not exactly, no. Sbie 4.x was a huge redesign. 3.x and below used kernel hooks (major reason it didn't work with x64) and a specific deny approach. With 4.x that got turned around to use ANONYMOUS LOGON [think default deny] and making certain things which it is normally blocked from accessing 'allowed' via the service and some internal rules. That's what I get from it anyway, that may not be accurate...

I see......

Anyway, I played with it a little tonight for the first time:

I haven't tested this thoroughly and I'm sure you lose some, if not most, of the extra protections kaspersky might offer for browsers but here's a potential workaround:
Only tested on a Windows XP VM with SBIE 5.14 & a trial of Kaspersky Total Security 17.0.0.611 so far...

In sandboxie and the box you want to use with firefox (I suggest having a separate one)
Sandbox Settings > Resource Access > File Access > Blocked Access > Edit/Add

Code: Select all

*klsihk*.dll

This allowed me to launch firefox sandboxed without all the service errors or crashes. Even if it works for you I can't say how much doing this will amputate Kasperskys other protections but if you really want to use both of them together it might be worth considering as a possible workaround? Assuming it even works for you like it did me of course....

Holy (censored); it works! Hmmmm, how do you know this cuts out some of Kaspersky's protection? Without know what protections is cut out, I have no idea if I'm walking into an abyss - thus right into my doom, that's in a pitch black room or if I'm walking into a door that opens to all things I ever wanted(also in the same pitch blackness)!

Wait a second.....there's been no record of *anything* ever escaping Sandboxie right...? So this should be a good enough general fix for anyone who uses firefox and Kaspersky product? Though I guess it would be nice if malware was suddenly discover when browsing on random sites, and if Kaspersky can't block it(thus preventive measures - it has blocked a few *malicious* links I've randomly come across on dodgy sites whilst sandboxing), at least Sandboxie will *hopefully* contain it.....but what if Sandboxie(first wall that malware has to break through sine Kaspersky's probably disabled? in Sandboxie) can't contain it is what I'm worried about? Sure don't visit random dodgy sites, but then what's the point of me having a license for Sandboxie if the purpose *was* to visit dodgy site so that any malware picked along the way is contained, which is what Sandboxie intentions(well overall in general it's intention is to contain everything, but I'm using it so that in the case of me receiving malware, it's at least contained and not screwing up my computer....haha) are?!

Did a couple more tests on Windows 7 x64 / Windows 10 x64 with SBIE 5.14, Kaspersky and Firefox.
Blocking that dll seemed to do the trick in both of them as well but my tests were not extensive.

I'm guessing that the problem is somehow related to its attempts at hooking KiUserCallbackDispatcher? Beyond that guess though I haven't a clue what's actually going on.

After testing it myself (see above) and figuring out what was causing this issue I felt the need to update/correct an area where I had posted before.

and if Sandboxie requires access to those same areas and can't work around it then it's a sort of stand off until one or the other changes something.

Now that I (believe I) understand what's going on this statement is incorrect. [That is of course if I actually found the issue at hand]
Before I had assumed it was some kernel level struggle but that doesn't seem to be the case from what I have seen.

It doesn't have to do with SBIE being unable to access something (or do its job) but instead it is Kaspersky attempting to do something via this dll [inside the box/program] which Sandboxie is unwilling to let it do. Sure, Invincea could likely add a routine to allow it to pass through but then malware could also use this avenue in an escape attempt. /cough

As I don't understand the Windows APIs enough to say one way or the other (heck, maybe I'm completely wrong!) I wouldn't feel correct saying that Sandboxie is in the right here but I do wonder why Kaspersky would attempt a userland hook for an API that is meant to run usermode code from a kernel process. /me just got a headache from trying to sound like I know what I'm talking about, I DON'T!
[This implies to me that such a kernel process already exists and expects to handle it but like I said, I'm not a Windows pro (or any type of dev) so, doh!] Surely it would make more sense to control this via a driver or service to start with? Anyway, I'm just talking out my butt here so please feel free to ignore my likely incorrect drunken ramblings on this one...

/me is ready fer skool!

err, what is Kaspersky trying to do inside the box? How could malware use this as an escape route if they've keyed it in with Kaspersky's signature? Unles the malware writers somehow now have access to and is using Kaspersky's digital signature - there's no way they can use it as an escape route....well you would assume, with such a software as this that's touted to contain *anything* and *everything* without fail, they would at least use some sort of verifier(that's not a word?) to verify the authenticity of Kaspersky to a malware pretending to be it and escaping through that hole....