Sandboxie Support

When closing Chrome while running in a sandbox under EMET 4 it appears to exit, but 1 or 2 chrome.exe processes remain running. So clicking the X and then opening Chrome again results in many duplicate chrome.exe processes running in the sandbox. I can close them in task manager or in the Sandboxie Control window.

The problem does not occur under EMET 4 when chrome is run outside a sandbox. Removing chrome.exe from the EMET 4 list works, but even just adding chrome to the list and disabling all mitigations results in the problem.

Tried in multiple sandboxes with different settings (forced programs/folders, drop rights, etc.) with the same results. Tried deleting Chrome AppData, and running without extensions.

I've had a few other programs occasionally stay open after closing (firefox,7zip, few other random programs), but nothing else that I can reliably reproduce like Chrome.

Can confirm the same behaviour (even after diabling all mitigations) for all other programs (firefox, sandboxie, mediemonkey) running sandboxed and under EMET v4 protection.
Seems to happen only on Win8x64 (couldn' reproduce it with Win7x86) and happens only with EMETv4 final (with EMETv4 Preview it was not there).

Anyone tried Microsofts EMET 4 just recently released with Sandboxie 3.76 and can confirm it works okay?

I am running windows 7 64 bit version and would be interested to know before I upgrade EMET

Same problem except I'm using Firefox. I closeout Firefox but the sandbox contents is not deleted. Sandboxie is still active and in Task Manager Firefox is still listed. I can kill Firefox in Task Manager and Sandboxie deletes the sandbox contents. I can also choose Teminate All Programs in Sandboxie's right-click listings and the sandbox contents are deleted plus Firefox is closed in Task Manager.

In EMET 4.0 beta everything is fine. I'm using EMET 4.0 beta right now because with EMET 4.0 final Firefox and Sandboxie 4.02 are unusable.

Hey, tzuk.

Later...

glennh wrote:Anyone tried Microsofts EMET 4 just recently released with Sandboxie 3.76 and can confirm it works okay?

I am running windows 7 64 bit version and would be interested to know before I upgrade EMET

Bo one here has upgraded to EMET 4 ???

Short update. I played a while and find out the following:
(1) In EMET change system wide DEP settings - for exmple to Application opt in.
(2) Reboot.
(3) Choose DEP settings that you want again.

Since I've done that I wasn't able to reproduce the issue. Can anyome recheck?

Setting the system-wide DEP to opt-in does seem to fix it, but using opt-out and disabling DEP just on chrome or setting the system back to always on makes the problem come back.

Glen, I don't use EMET but I remember reading a few days ago (don't remember where), someone saying that the last EMET beta gets along better with SBIE than the stable that was recently released.

Bo

bo.elam wrote:Glen, I don't use EMET but I remember reading a few days ago (don't remember where), someone saying that the last EMET beta gets along better with SBIE than the stable that was recently released.

Bo

Hi Bo
Thanks for responding. I think I have seen that post. But I believe he was using the latest beta version of sandboxie rather than version 3.76.
Glenn

I'll look into this incompatibility with EMET 4.

Please check version 4.03.01.

It should fix the issue where EMET 4 was causing Internet Explorer to hang during start up.

I am sorry but I did not remember to check what effect this has on Firefox closing, but hopefully this is fixed as well.
If not, please let me know.

tzuk,
4.03.01 fixed my problem with EMET 4.0 final and Firefox 21. The sandbox contents are now deleted when I close. I can now run DEP with setting Always On instead of Opt-in.

Great work (as usual). Thank you very much. .

Best regards,

Bob

Can confirm version 4.03.01 fixes the problems with EMET4 for me.
great work - as usual.