Sandboxie Support

It's probably not the Hasher program per se Blues. More likely some conflict/incompatibility with forced program in general. In any case I tried it just now but I still get normal and expected behavior.

Do you guys use any other security software in the mix?

tzuk wrote:It's probably not the Hasher program per se Blues. More likely some conflict/incompatibility with forced program in general. In any case I tried it just now but I still get normal and expected behavior.

Do you guys use any other security software in the mix?

I'm pretty sure that Pete uses AppGuard and NVT ExeRadar Pro if I recall correctly.

I just run (in real-time) Sandboxie with OA and Emsisoft Anti-Malware. (I scan manually with MBAM Pro.)

Tzuk,

A little bit later when I have a moment and have backed up my system with a new image, I'll install the latest SBIE beta and try again.

That would be the one remaining question mark since I already know that the forced folder issue is not happening with 3.76 and either the OA beta or stable release.

I'll report results as soon as possible.

Tzuk, I can confirm that the issue still exists.

I downloaded and installed the new beta you released today. (Installed on top of 3.76)

Ran "Hasher" from my forced downloads folder and system became unresponsive. I could see after some time that SBIE was trying to load the app in the designated sandbox but it was not completed successfully and I could neither terminate the sandbox nor reboot without a hard reset.

Reinstalled 3.76 and ran "Hasher" from the forced downloads folder and it ran as normal.

So, at least now we know that it's neither the OA beta nor stable release of OA which is at the heart of the matter as both run the forced folder and executable fine under 3.76.

Wish I had better news to report. I'll be sticking with 3.76 until a resolution to the issue can be found.

Tzuk

I did some further testing. As Blues said I normally run OA in a muted mode(I have Program Files and Windows excluded) and NVT's ExeRadarPro (ERP and Appguard.

To narrow things down here is the test mode. I ran all tests from the desktop by right clicking leaktest.exe(GRC) and telling it to run sandboxed. SBIE 4.01.04 OA 1798 Appguard 3.4.2

1. If I exclude the Desktop in OA everything is fine. If I drop the exclusion leaktest gives an application error. To run this test Appguard is in install mode

2. I uninstalled NVT's ERP and re tested. Same result.

3. I installed Appguard and re tested. Again same result (At this point it was just OA and SBIE 4.01.04

4. I removed the IPC statement for ERP to work with SBIE and re tested. Again same result

5. Re installed SBIE 3.76 and this time everything worked fine.

I may test again with 4.01.05

Pete

PS You should now have OA 1798

Blues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?

(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)

Hi Blues

I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.

Pete

Hi Tzuk

Just retested with 4.01.05 No change in the results.

Pete

Peter2150 wrote:

Blues wrote:Pete, if you have the time and the Sbie beta installed, could you maybe try running that program "Hasher" from a forced folder?

(It's a safe program, I've scanned it with EAM as well as via VirusTotal plus it would be in a forced folder. It's under a megabyte download and it's just an executable.)

Hi Blues

I probably won't have time for this. Also I don't like to test with something I am not using, which is both Hasher and forced folder. Makes it hard for me to judge.

Pete

No problem, Pete. I was able to do it and posted results above. (I'm back to 3.76 for now as stated.)

Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.

tzuk wrote:Thanks to Pete I can reproduce the problem. I get a system lockup apparently when Online Armor wants to block some operation. So it's not the Hasher program specifically, except that it in a general sense it is considered untrusted by Online Armor and some of its operations get blocked. I am looking into some workaroud/solution.

That's great Tzuk. I have no doubt you will figure it out.

Pete

Thanks Tzuk and Pete. I'll look forward to hearing what you come up with.

Please check version 4.01.06.

Please note: From my checks and my point of view, it seems the Online Armor Program Guard component gets locked up,
when it is running in the context of a program that is supervised by Sandboxie v4 and trying to block access to some resource.

My workaround is for programs in the sandbox to bypass some of the hooks placed by Program Guard. This may not work in all system configurations as other hooks inserted by other security software may confuse this workaround.

Also, the workaround is currently limited to the few Program Guard hooks that I found to be relevant. You may still get lock up,
in that case please tell me which program is triggering the lock up. It is easy to find out which program triggered the lock up,
by restarting the computer after the lock up, and inspecting the History view in Online Armor and locate a history entry for a
resource that was blocked.

Will test later and post results.

Thanks Tzuk

Pete

Okay. Tested and for me it works beautifully. But be warned I am excluding both Windows and Program Files, so I may be seeing limited exposure.

Anyway for me it's perfect.

Thank you Tzuk

Pete

I'll download and give it a try later this morning or afternoon and report back.