Sandboxie does not terminate a malware
Moderator: Barb@Invincea
Sandboxie does not terminate a malware
Video:
https://www.youtube.com/watch?v=DEVC9CvECq0
Malware file:
Flight details.scr
https://malwr.com/analysis/MmZlZTk5MmQ5 ... E4NGFjZTY/
https://www.youtube.com/watch?v=DEVC9CvECq0
Malware file:
Flight details.scr
https://malwr.com/analysis/MmZlZTk5MmQ5 ... E4NGFjZTY/
Re: Sandboxie fails to stop malware
What exactly do you mean by fails to stop malware?
That SBIE couldn't stop/terminate the program or prevent from executing it in the first place?
That SBIE couldn't stop/terminate the program or prevent from executing it in the first place?
Windows 8.1 x64/x86 EN | Sandboxie latest beta or stable | All software latest versions unless stated otherwise
Re: Sandboxie fails to stop malware
That SBIE couldn't terminate the program.Mr.X wrote:What exactly do you mean by fails to stop malware?
That SBIE couldn't stop/terminate the program or prevent from executing it in the first place?
Re: Sandboxie fails to stop malware
Does the process manage to violate the boundaries of the sandbox or just set itself up that sandboxie has trouble with process persistence and kill permissions? If it's the former, logging out should and restarting the computer would kill it. If it's a sandbox boundary violation, it's a real problem.
Re: Sandboxie fails to stop malware
I think that something like that once happened to me. But nothing "ventured out of then sandbox". So it's all good.
Re: Sandboxie fails to stop malware
No, this is not about a sandbox escape whatsoever. OP is talking about Sandboxie not terminating the process itself. Sometimes this has happened to me even with goodware.problem wrote:Does the process manage to violate the boundaries of the sandbox or just set itself up that sandboxie has trouble with process persistence and kill permissions? If it's the former, logging out should and restarting the computer would kill it. If it's a sandbox boundary violation, it's a real problem.
Windows 8.1 x64/x86 EN | Sandboxie latest beta or stable | All software latest versions unless stated otherwise
Re: Sandboxie fails to stop malware
Wondering if a "kill process tree" in windows task manager on the process or on sandboxie itself would terminate it.Mr.X wrote:No, this is not about a sandbox escape whatsoever. OP is talking about Sandboxie not terminating the process itself. Sometimes this has happened to me even with goodware.problem wrote:Does the process manage to violate the boundaries of the sandbox or just set itself up that sandboxie has trouble with process persistence and kill permissions? If it's the former, logging out should and restarting the computer would kill it. If it's a sandbox boundary violation, it's a real problem.
-
- Sandboxie Lead Developer
- Posts: 1638
- Joined: Fri Jan 17, 2014 5:21 pm
- Contact:
Re: Sandboxie fails to stop malware
It is possible to make a process that cannot be terminated: https://blogs.technet.microsoft.com/mar ... processes/
Skype.exe is an example of one that makes it very difficult to terminate.
https://www.google.com/webhp#q=error+te ... +is+denied
Skype.exe is an example of one that makes it very difficult to terminate.
https://www.google.com/webhp#q=error+te ... +is+denied
Re: Sandboxie fails to stop malware
please fix... Sandboxie not terminating the process
Malware file:
h++p://updo.nl/file/da53177e.scr
Malware file:
h++p://updo.nl/file/da53177e.scr
-
- Posts: 24
- Joined: Thu Oct 29, 2015 12:39 am
- Location: Australia m8
Re: Sandboxie fails to stop malware
Interesting, I had a similar experience too(but for me, this program managed to escape Sandboxie), but with a game trainer that I didn't fully trust to run in normal windows mode as it required admin privileges to start which I thought was strange for a trainer to do so - mind you this is the first trainer I've executed in my entire life of gaming! So I wasn't too sure whether that is the usual for game trainers to require admin privileges to work properly or not but I wanted to be safe so started it in sandbox) so started it up in sandbox mode and then started the game it was to be for in the same sandbox or else the trainer obviously will not work and then tried to do those commands the trainer allowed but then something happened(maybe it was suppose to happen from the game trainers point of view? In which case the trainer I got is actually malware infected and not free from malware/virus as is touted by the download site I got it from.....) and then it crashed sandboxie (SB), the game went down with it(because it was ran under SB) but the trainer was still opened, however since sandboxie crashed and is no longer in process, the trainer was now running in normal windows mode with full admin privileges as I saw it with Process Explorer! I don't know how but it was now running unsandboxed with full admin privileges, yes I wanted to repeat that.Bellzemos wrote:I think that something like that once happened to me. But nothing "ventured out of then sandbox". So it's all good.
Here, you can check this place out for more information on what happened afterwards..... Thankfully nothing worse became of it(I guess all my proactive protection was doing their job properly....)...according to their malware expert............so I suppose that's a sigh of relief.
I've actually yet to receive further information on their analyses of said file.....I have a feeling they won't bother coming back to me on this.....though I will prod them a few more times and after which if I get no replies or keep hearing things like "Oh we'll get it to", "Please wait a bit longer, our team will be there to do this for you", "I will pass this onto the relevant departments", "I'll get back to you on that", "I'm sorry we're quite busy, perhaps wait a little longer?" etc, then I will assume they don't care because surely it doesn't take this long to analyse a file for me to see if it actually had any malware/virus intent on it or not.
-
- Sandboxie Lead Developer
- Posts: 1638
- Joined: Fri Jan 17, 2014 5:21 pm
- Contact:
Re: Sandboxie does not terminate a malware
Sandboxie User, if you are going to write provocative things like, " this program managed to escape Sandboxie", you are going to need to provide proof. Do you have a repro?
Re: Sandboxie does not terminate a malware
@Sandboxie User
I agree with Curt. And maybe this sounds rude but I don't believe you. I don't think there was a sandbox escape at all... Until you prove otherwise of course.
You have to give all details needed to replicate your scenario, then we'll talk.
I agree with Curt. And maybe this sounds rude but I don't believe you. I don't think there was a sandbox escape at all... Until you prove otherwise of course.
You have to give all details needed to replicate your scenario, then we'll talk.
Windows 8.1 x64/x86 EN | Sandboxie latest beta or stable | All software latest versions unless stated otherwise
Re: Sandboxie does not terminate a malware
Why Can't You fix this issue?
-
- Posts: 24
- Joined: Thu Oct 29, 2015 12:39 am
- Location: Australia m8
Re: Sandboxie does not terminate a malware
Curt@invincea wrote:Sandboxie User, if you are going to write provocative things like, " this program managed to escape Sandboxie", you are going to need to provide proof. Do you have a repro?
Ok, I'm sorry, it does sound a bit rude and provocative now that I'm in calm state, heh. I was just frustrated at the time and I guess I took it out on you guys.Mr.X wrote:@Sandboxie User
I agree with Curt. And maybe this sounds rude but I don't believe you. I don't think there was a sandbox escape at all... Until you prove otherwise of course.
You have to give all details needed to replicate your scenario, then we'll talk.
Ok so if it *didn't* escape seeing how you two seem to tout that *nothing* ever escapes(without proof but I don't have proof as I didn't tape it at the time as I was obviously not expecting such an event to take place - I've since tried to replicate it and hasn't happened so I guess it must have been a one off issue And no I wasn't dreaming this up either as if you two have followed through that Spybot forums thread, that exists and this was triggered by this event I had - albeit maybe a week or two late ), how come there was no Yellow border around the window(yes I always have this on so I know which windows are sandboxed and which aren't and that I also know that sandboxie is working) and that the process was not under Sandboxie when I had checked via Process Explorer when Sandboxie crashed, at the time? Explain that. Perhaps a reasonable explanation might sooth my dying curiosity about this.
Maybe because it can't be fixed as according to the information link provided, it's basically a process that can't be stopped even in normal windows mode? So if you can't stop that, how do you stop it in Sandboxie? Unless they can somehow whip up a special command of some sort that can kill *anything*, whether being these unkillable processes or normal processes that can be easily killed, then I guess they can't?123456 wrote:Why Can't You fix this issue?
Re: Sandboxie does not terminate a malware
no, i cant terminate in normal windows mode. I can terminate with PCHunterSandboxie User wrote:Maybe because it can't be fixed as according to the information link provided, it's basically a process that can't be stopped even in normal windows mode? So if you can't stop that, how do you stop it in Sandboxie? Unless they can somehow whip up a special command of some sort that can kill *anything*, whether being these unkillable processes or normal processes that can be easily killed, then I guess they can't?123456 wrote:Why Can't You fix this issue?
http://www.softpedia.com/get/Security/S ... nter.shtml
Who is online
Users browsing this forum: No registered users and 1 guest