security token
Moderator: Barb@Invincea
security token
My USB cryptographic token (Watchdog) is not seen from within the sandbox by Firfox ESR, though both were installed in the same sandbox.
Sandboxie 5.20 x64
Widnows 7 x64
GDATA Antivirus
Sandboxie 5.20 x64
Widnows 7 x64
GDATA Antivirus
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
Does the token work outside Sandboxie?
Are you receiving an error message when you try to use it?
Try disabling your Antivirus and creating a new Sandbox to see if the problem persists.
Maybe this workaround does the trick for you:
viewtopic.php?p=128787#p128787
Last, but not least, give the latest beta a try:
viewtopic.php?p=129389#p129389
Regards,
Barb.-
Does the token work outside Sandboxie?
Are you receiving an error message when you try to use it?
Try disabling your Antivirus and creating a new Sandbox to see if the problem persists.
Maybe this workaround does the trick for you:
viewtopic.php?p=128787#p128787
Last, but not least, give the latest beta a try:
viewtopic.php?p=129389#p129389
Regards,
Barb.-
Re: security token
The token works when I install it outside the sandbox, but I'd like to install it inside a sandbox.
No error message.
Disabling Anti-Virus doesn't change anything.
I tried the new beta, same result.
As far as the threads are concerned, I don't find a USB device in the monitor:
No error message.
Disabling Anti-Virus doesn't change anything.
I tried the new beta, same result.
As far as the threads are concerned, I don't find a USB device in the monitor:
Code: Select all
Pipe -------------------------------
Pipe \Device\KsecDD
Pipe \Device\NamedPipe\chrome.1328.7.159420133
Pipe \device\namedpipe\chrome.1328.7.159420133
Pipe \Device\NamedPipe\chrome.1328.8.30247384
Pipe \device\namedpipe\chrome.1328.8.30247384
Pipe \device\namedpipe\gdkbdpipe1
Pipe \Device\NamedPipe\GDKBDPipe1
Pipe \device\namedpipe\gdkbdpipe1
Pipe \device\namedpipe\gecko-crash-server-pipe.1328
Pipe \Device\NamedPipe\gecko-crash-server-pipe.1328
Pipe \device\namedpipe\gecko-crash-server-pipe.1328
Pipe \Device\NamedPipe\jpi2_pid620_pipe1
Pipe \device\namedpipe\jpi2_pid620_pipe1
Pipe \Device\NamedPipe\jpi2_pid620_pipe1
Pipe \device\namedpipe\jpi2_pid620_pipe1
Pipe \Device\NamedPipe\jpi2_pid620_pipe2
Pipe \device\namedpipe\jpi2_pid620_pipe2
Pipe \Device\NamedPipe\jpi2_pid620_pipe2
Pipe \device\namedpipe\jpi2_pid620_pipe2
Pipe O \Device\Afd
Pipe O \Device\NamedPipe
Pipe O \Device\NamedPipe\
Pipe O \device\namedpipe\
Pipe O \Device\NamedPipe\
Pipe O \device\namedpipe\
Pipe O \Device\NamedPipe\
Pipe O \Device\Nsi
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
Did you try a new Sandbox with default settings?
How about a different browser, sandboxed?
Did you get a chance to try the workaround provided on my previous post?:
viewtopic.php?p=128787#p128787
Regards,
Barb.-
What are you installing, exactly? Does it require a driver/service? If so, it will not install inside Sandboxie.The token works when I install it outside the sandbox, but I'd like to install it inside a sandbox.
Did you try a new Sandbox with default settings?
How about a different browser, sandboxed?
Did you get a chance to try the workaround provided on my previous post?:
viewtopic.php?p=128787#p128787
Regards,
Barb.-
Re: security token
Yes, the token requires a service. That means there is no point in installing it sandboxed?
------ MERGED POST -----
I've installed the token now outside the Sandbox.
Now it is seen by Firefox ESR, but accessing it I get a message "Certificate private key is not avaliable".
You're workaround referes to the "Pipe \Device\00000064" and "Pipe \Device\USBPDO-0"? I don't have these in my resource monitor.
With a new default sandbox, the problem remains.
------ MERGED POST -----
I've installed the token now outside the Sandbox.
Now it is seen by Firefox ESR, but accessing it I get a message "Certificate private key is not avaliable".
You're workaround referes to the "Pipe \Device\00000064" and "Pipe \Device\USBPDO-0"? I don't have these in my resource monitor.
With a new default sandbox, the problem remains.
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
The workaround in the topic I provided reads as follows:
https://www.sandboxie.com/ResourceAccessMonitor
Regards,
Barb.-
The workaround in the topic I provided reads as follows:
I wonder if that works for you. If it doesn't, let's gather more info from your Resource Access Monitor, using a new Sandbox with default settings. Please see these steps (be sure to use the "</>" option in the forum to format the output) to capture the results:I found when using a sandboxed browser if I insert the key before its required i.e. at the username or password stage, then when it gets to the authentication stage the key will activate and function normally. However if the key is inserted when already on the authentication request page, then it doesn't work. On unsandboxed browsers it works both ways.
https://www.sandboxie.com/ResourceAccessMonitor
Regards,
Barb.-
Re: security token
The workaround doesn't make a difference. I've created a new sandbox, same result. Please find the Resource Monitor below:
Code: Select all
(Drive) \Device\CdRom0
(Drive) \Device\HarddiskVolume5
(Drive) \Device\HarddiskVolume6
Clsid -------------------------------
File/Key -------------------------------
Image -------------------------------
Image *:\users\user\appdata\local\scytl\icpbravoaccess.extension\icpbravoaccess.windows.chrome.app.exe
Image c:\program files\sandboxie\sbiedll.dll
Image c:\users\user\appdata\local\scytl\icpbravoaccess.extension\icpbravoaccess.windows.common.dll
Image c:\users\user\appdata\local\scytl\icpbravoaccess.extension\newtonsoft.json.dll
Image c:\users\user\appdata\local\scytl\icpbravoaccess.extension\nlog.dll
Image c:\users\user\appdata\local\scytl\icpbravoaccess.extension\scytl.icpbravo.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\mscorlib\ae297c0391919d23b8eebc5c349edb67\mscorlib.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.configuration\b1a4e5fb7db27bf3740be36f347b4125\system.configuration.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.core\c492b244caac9c856b927dba120e188e\system.core.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.data\d9f7aa41913b8ab0f17caae5d1f9a1f0\system.data.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.numerics\3460a2d6d29218073fa19d562fd02ce1\system.numerics.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.runteb92aa12#\73d6b75a3c7db911aa7d69f169bfb1fb\system.runtime.serialization.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.servicemodel\375d9329aef6a25afbde6c2d95cb3db1\system.servicemodel.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.xml.linq\7ccbe78ef79c5287dac4a71875c927d3\system.xml.linq.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system.xml\14ae6ad709f860da6220a1d3395df5ad\system.xml.ni.dll
Image c:\windows\assembly\nativeimages_v4.0.30319_64\system\114196eb67ce32fc45d498121285fa02\system.ni.dll
Image c:\windows\microsoft.net\assembly\gac_64\system.data\v4.0_4.0.0.0__b77a5c561934e089\system.data.dll
Image c:\windows\microsoft.net\framework64\v4.0.30319\clr.dll
Image c:\windows\microsoft.net\framework64\v4.0.30319\clrjit.dll
Image c:\windows\microsoft.net\framework64\v4.0.30319\mscoreei.dll
Image c:\windows\microsoft.net\framework64\v4.0.30319\nlssorting.dll
Image c:\windows\system32\advapi32.dll
Image c:\windows\system32\atl.dll
Image c:\windows\system32\bcrypt.dll
Image c:\windows\system32\certcli.dll
Image c:\windows\system32\cfgmgr32.dll
Image c:\windows\system32\crypt32.dll
Image c:\windows\system32\cryptbase.dll
Image c:\windows\system32\cryptnet.dll
Image c:\windows\system32\cryptsp.dll
Image c:\windows\system32\devobj.dll
Image c:\windows\system32\dsrole.dll
Image c:\windows\system32\gdi32.dll
Image c:\windows\system32\hid.dll
Image c:\windows\system32\iertutil.dll
Image c:\windows\system32\imm32.dll
Image c:\windows\system32\kernel32.dll
Image c:\windows\system32\kernelbase.dll
Image c:\windows\system32\lpk.dll
Image c:\windows\system32\msasn1.dll
Image c:\windows\system32\mscoree.dll
Image c:\windows\system32\msctf.dll
Image c:\windows\system32\msvcr120_clr0400.dll
Image c:\windows\system32\msvcrt.dll
Image c:\windows\system32\nsi.dll
Image c:\windows\system32\ntdll.dll
Image c:\windows\system32\ole32.dll
Image c:\windows\system32\oleaut32.dll
Image c:\windows\system32\profapi.dll
Image c:\windows\system32\psapi.dll
Image c:\windows\system32\rpcrt4.dll
Image c:\windows\system32\rsaenh.dll
Image c:\windows\system32\sechost.dll
Image c:\windows\system32\sensapi.dll
Image c:\windows\system32\setupapi.dll
Image c:\windows\system32\shell32.dll
Image c:\windows\system32\shlwapi.dll
Image c:\windows\system32\sspicli.dll
Image c:\windows\system32\urlmon.dll
Image c:\windows\system32\user32.dll
Image c:\windows\system32\userenv.dll
Image c:\windows\system32\usp10.dll
Image c:\windows\system32\version.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\tokenmgr.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\uirese3.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdalg.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdcsp03.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdcspui.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdkmgr.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdpkcs.dll
Image c:\windows\system32\watchdata\watchdata icp csp v1.0\wdsafe3.dll
Image c:\windows\system32\wininet.dll
Image c:\windows\system32\winscard.dll
Image c:\windows\system32\winspool.drv
Image c:\windows\system32\winsta.dll
Image c:\windows\system32\wldap32.dll
Image c:\windows\system32\ws2_32.dll
Ipc -------------------------------
Ipc \BaseNamedObjects\CLR_PerfMon_StartEnumEvent
Ipc \RPC Control\epmapper
Ipc \RPC Control\LSMApi
Ipc \RPC Control\protected_storage
Ipc \SBIE_DummyJob_firefox.exe_3
Ipc \SBIE_DummyJob_firefox.exe_4
Ipc \Sessions\1\BaseNamedObjects\Cor_Private_IPCBlock_v4_8464
Ipc \Sessions\1\BaseNamedObjects\Cor_Private_IPCBlock_v4_8588
Ipc \Sessions\1\BaseNamedObjects\CPFATE_8464_v4.0.30319
Ipc \Sessions\1\BaseNamedObjects\CPFATE_8588_v4.0.30319
Ipc \Sessions\1\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0
Ipc \Sessions\1\BaseNamedObjects\NLS_CodePage_850_3_2_0_0
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_8464
Ipc \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_8588
Ipc \Sessions\1\BaseNamedObjects\SboxSession
Ipc \Sessions\1\BaseNamedObjects\UrlZonesSM_****
Ipc \Sessions\1\BaseNamedObjects\Watchdata ICP CSP v1.0_BinFileShare
Ipc \Sessions\1\BaseNamedObjects\Watchdata ICP CSP v1.0_CSPNumStrin1
Ipc \Sessions\1\BaseNamedObjects\Watchdata ICP CSP v1.0_SharePageFile
Ipc \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Ipc \Sessions\1\BaseNamedObjects\ZoneAttributeCacheCounterMutex
Ipc \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
Ipc \Sessions\1\BaseNamedObjects\ZonesCounterMutex
Ipc \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
Ipc O \...\Cor_SxSPublic_IPCBlock
Ipc O \BaseNamedObjects\TermSrvReadyEvent
Ipc O \KernelObjects\LowMemoryCondition
Ipc O \KnownDlls\advapi32.dll
Ipc O \KnownDlls\CFGMGR32.dll
Ipc O \KnownDlls\CRYPT32.dll
Ipc O \KnownDlls\DEVOBJ.dll
Ipc O \KnownDlls\gdi32.dll
Ipc O \KnownDlls\IERTUTIL.dll
Ipc O \KnownDlls\kernel32.dll
Ipc O \KnownDlls\kernelbase.dll
Ipc O \KnownDlls\LPK.dll
Ipc O \KnownDlls\MSASN1.dll
Ipc O \KnownDlls\MSCTF.dll
Ipc O \KnownDlls\MSVCRT.dll
Ipc O \KnownDlls\NSI.dll
Ipc O \KnownDlls\ole32.dll
Ipc O \KnownDlls\OLEAUT32.dll
Ipc O \KnownDlls\PSAPI.DLL
Ipc O \KnownDlls\rpcrt4.dll
Ipc O \KnownDlls\Setupapi.dll
Ipc O \KnownDlls\SHELL32.dll
Ipc O \KnownDlls\SHLWAPI.dll
Ipc O \KnownDlls\URLMON.dll
Ipc O \KnownDlls\user32.dll
Ipc O \KnownDlls\USP10.dll
Ipc O \KnownDlls\WININET.dll
Ipc O \KnownDlls\WLDAP32.dll
Ipc O \KnownDlls\WS2_32.dll
Ipc O \RPC Control\ConsoleLPC-0x0000000000002124-378449943-17290014841367315349-1956158870796987615-5305902461060697199-2096042535
Ipc O \RPC Control\ConsoleLPC-0x000000000000219C-154243396011047636131071144817-136856048835932168414354817571967989125202799788
Ipc O \RPC Control\DNSResolver
Ipc O \RPC Control\lsapolicylookup
Ipc O \RPC Control\LSARPC_ENDPOINT
Ipc O \RPC Control\lsasspirpc
Ipc O \RPC Control\SbieSvcPort
Ipc O \RPC Control\senssvc
Ipc O \Security\LSA_AUTHENTICATION_INITIALIZED
Ipc O \Sessions\1\Windows\ApiPort
Ipc O \Sessions\1\Windows\SharedSection
Pipe -------------------------------
Pipe \Device\KsecDD
Pipe \Device\NamedPipe\GDKBDPipe1
Pipe \device\namedpipe\gdkbdpipe1
Pipe \Device\NamedPipe\GDKBDPipe1
Pipe \device\namedpipe\gdkbdpipe1
Pipe \device\namedpipe\lsarpc
Pipe \device\namedpipe\subprocesspipe.6668.10
Pipe \Device\NamedPipe\SubProcessPipe.6668.10
Pipe \device\namedpipe\subprocesspipe.6668.10
Pipe \device\namedpipe\subprocesspipe.6668.11
Pipe \Device\NamedPipe\SubProcessPipe.6668.11
Pipe \device\namedpipe\subprocesspipe.6668.11
Pipe \Device\NamedPipe\SubProcessPipe.6668.6
Pipe \device\namedpipe\subprocesspipe.6668.6
Pipe \Device\NamedPipe\SubProcessPipe.6668.6
Pipe \device\namedpipe\subprocesspipe.6668.6
Pipe \Device\NamedPipe\SubProcessPipe.6668.7
Pipe \device\namedpipe\subprocesspipe.6668.7
Pipe \Device\NamedPipe\SubProcessPipe.6668.8
Pipe \device\namedpipe\subprocesspipe.6668.8
Pipe \device\namedpipe\subprocesspipe.6668.9
Pipe \Device\NamedPipe\SubProcessPipe.6668.9
Pipe \device\namedpipe\subprocesspipe.6668.9
Pipe O \Device\Afd
WinCls -------------------------------
WinCls O Shell_TrayWnd
Last edited by Barb@Invincea on Mon Oct 09, 2017 2:34 pm, edited 1 time in total.
Reason: Formatted the output.
Reason: Formatted the output.
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
Does it work in a different browser, sandboxed?
If you connect the device, does it show in Windows Explorer? (If yes, does it show in a Sandboxed windows explorer?)
This looks like it may be related (is not Watchdog, but Watchdata):
\Sessions\1\BaseNamedObjects\Watchdata ICP CSP v1.0_*
To test it, create a new Sandbox (or use the one you just created for the Res. Acc. Mon results)
Right click on the Sandbox --> Sandbox Settings --->Resource Access ---> IPC Access---> Direct Access
Hit "Add"
Paste:
*\BaseNamedObjects\Watchdata ICP CSP v1.0_*
Hit Apply and Ok your way out.
Go to Configure --> Reload Configuration
Delete the contents of your Sandbox and re-try
Regards,
Barb.-
Does it work in a different browser, sandboxed?
If you connect the device, does it show in Windows Explorer? (If yes, does it show in a Sandboxed windows explorer?)
This looks like it may be related (is not Watchdog, but Watchdata):
\Sessions\1\BaseNamedObjects\Watchdata ICP CSP v1.0_*
To test it, create a new Sandbox (or use the one you just created for the Res. Acc. Mon results)
Right click on the Sandbox --> Sandbox Settings --->Resource Access ---> IPC Access---> Direct Access
Hit "Add"
Paste:
*\BaseNamedObjects\Watchdata ICP CSP v1.0_*
Hit Apply and Ok your way out.
Go to Configure --> Reload Configuration
Delete the contents of your Sandbox and re-try
Regards,
Barb.-
Re: security token
It doesn't work in Chrome either.
The device shows up as CD-Drive in Explorer, also in a sandboxed one.
Watchdata belongs indeed to the token, which is called Watchdog (the service it installs is also called Watchdata).
I think we're on the right way, but unfortunately "*\BaseNamedObjects\Watchdata ICP CSP v1.0_*" didn't do the trick...
The device shows up as CD-Drive in Explorer, also in a sandboxed one.
Watchdata belongs indeed to the token, which is called Watchdog (the service it installs is also called Watchdata).
I think we're on the right way, but unfortunately "*\BaseNamedObjects\Watchdata ICP CSP v1.0_*" didn't do the trick...
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
One more thing you can try is giving direct access to your CD-ROM drive following these steps:
https://www.sandboxie.com/ResourceAccessSettings#file
Once you are done making the changes:
Go to Configure --> Reload Configuration
Delete the contents of your Sandbox and re-try
Also, do try the workaround after applying the new settings.
Regards,
Barb.-
One more thing you can try is giving direct access to your CD-ROM drive following these steps:
https://www.sandboxie.com/ResourceAccessSettings#file
Once you are done making the changes:
Go to Configure --> Reload Configuration
Delete the contents of your Sandbox and re-try
Also, do try the workaround after applying the new settings.
Regards,
Barb.-
Re: security token
Unfortunately no change.
Just to be sure: I added "E:\*" as Resource Access/Direct Access at File and IPC, correct? (E ist the letter assigned to the CD-Drive).
Just to be sure: I added "E:\*" as Resource Access/Direct Access at File and IPC, correct? (E ist the letter assigned to the CD-Drive).
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: security token
Hello pantau,
You can try Direct Access only (not IPC). If all fails, try full access.
If that doesn't work, see if installing the stable version of Firefox makes any difference, or maybe try creating a different Firefox profile (be sure to delete the contents of your Sandbox after applying changes, or create new Sandboxes).
I also noticed you are using an add-on for Firefox:
icpbravoaccess
I am not sure it works Sandboxed, I haven't found any information about it.
Is there a different add-on that you can test? Or, can you try a different browser (after applying the changes we discussed before)?
Regards,
Barb.-
You can try Direct Access only (not IPC). If all fails, try full access.
If that doesn't work, see if installing the stable version of Firefox makes any difference, or maybe try creating a different Firefox profile (be sure to delete the contents of your Sandbox after applying changes, or create new Sandboxes).
I also noticed you are using an add-on for Firefox:
icpbravoaccess
I am not sure it works Sandboxed, I haven't found any information about it.
Is there a different add-on that you can test? Or, can you try a different browser (after applying the changes we discussed before)?
Regards,
Barb.-
Re: security token
Full Access makes no difference.
I've tested various versions of Firefox and Chrome. They are all stable versions (some were portable or Extended Support Release).
icpbravoaccess allows access to the certificate without java. It works sandboxed (that is, it recognizes the certificate), but it can't access the private key. Other ways of access (with java) result in the same error.
Maybe its just not possible...
I've tested various versions of Firefox and Chrome. They are all stable versions (some were portable or Extended Support Release).
icpbravoaccess allows access to the certificate without java. It works sandboxed (that is, it recognizes the certificate), but it can't access the private key. Other ways of access (with java) result in the same error.
Maybe its just not possible...
Who is online
Users browsing this forum: No registered users and 1 guest