Antivirus/Anti-malware templates for SBIE
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
Antivirus/Anti-malware templates for SBIE
This is where we will collate templates for 3rd party security products, etc. be used with SBIE to enable certain compatibility with programs running under the authority of SBIE...
If you have templates, please feel free to add them in this thread. I will search the forum and add ones I find as well. I'll edit the title as needed to ensure consistency if needed. Thanks!
Also, templates that are baked into SBIE already, many are showing their age and have not been updated and are stale. So, if anyone has edits to them that you'd like to post, please do that. We'll also review those submissions to possibly be included in future SBIE releases.
The use of any such templates in this thread (or otherwise in this forum) will be at the discretion of the end user and shall not guarantee any level of support and the end user shall hold harmless the creator of said template as well as Sandboxie Holdings (Invincea, inc.) with that understanding. You also accept the knowledge that using such templates may open up security hole(s) within Sandboxie and may expose the user to unknown threats while online and/or cause SBIE not function correctly.
Sandboxie Holdings / Invincea recommends Windows Defender with SBIE.
If you have templates, please feel free to add them in this thread. I will search the forum and add ones I find as well. I'll edit the title as needed to ensure consistency if needed. Thanks!
Also, templates that are baked into SBIE already, many are showing their age and have not been updated and are stale. So, if anyone has edits to them that you'd like to post, please do that. We'll also review those submissions to possibly be included in future SBIE releases.
The use of any such templates in this thread (or otherwise in this forum) will be at the discretion of the end user and shall not guarantee any level of support and the end user shall hold harmless the creator of said template as well as Sandboxie Holdings (Invincea, inc.) with that understanding. You also accept the knowledge that using such templates may open up security hole(s) within Sandboxie and may expose the user to unknown threats while online and/or cause SBIE not function correctly.
Sandboxie Holdings / Invincea recommends Windows Defender with SBIE.
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
HomeGuard
@Syrinx
In light of the positive response from 'yoavpol' found here about the added line solving his problem with the web filter in HomeGuard Activity Monitor I'd like to submit the solution for review and potentially have it added/updated within the existing templates.ini for the HomeGuard template if it isn't deemed abnormally dangerous.
Even if it isn't updated in the templates, I'll repost it here in case any other HomeGuard Activity Monitor users also need to use the website filter within a program protected by Sandboxie.
The solution was to open a named pipe under [Global Setings] of the Sandboxie.ini, much like the default sandboxie templates are applied globally:
Current Template as of 5.07.2
As a side note, there were a couple more numbers (sorry don't recall them) where I placed the * but I wasn't sure if they would change between pcs or versions of HomeGuard so I opted to add the * there but it may not have been needed~I only tested in one VM.
In light of the positive response from 'yoavpol' found here about the added line solving his problem with the web filter in HomeGuard Activity Monitor I'd like to submit the solution for review and potentially have it added/updated within the existing templates.ini for the HomeGuard template if it isn't deemed abnormally dangerous.
Even if it isn't updated in the templates, I'll repost it here in case any other HomeGuard Activity Monitor users also need to use the website filter within a program protected by Sandboxie.
The solution was to open a named pipe under [Global Setings] of the Sandboxie.ini, much like the default sandboxie templates are applied globally:
Code: Select all
OpenPipePath=\device\namedpipe\vg145erxiii*
Code: Select all
[Template_HomeGuard]
Tmpl.Title=HomeGuard Activity Monitor
Tmpl.Class=Security
Tmpl.Url=http://veridium.net/
Tmpl.Scan=s
Tmpl.ScanService=HomeGuard AMC
OpenIpcPath=*\BaseNamedObjects*\*Ipc2Map*
OpenIpcPath=*\BaseNamedObjects*\*Ipc2Mutex*
OpenIpcPath=*\BaseNamedObjects*\mc2SWDIJ*
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW2*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\*AnswerBuf*Event*
OpenIpcPath=*\BaseNamedObjects*\*AnswerBuf*Map*
OpenIpcPath=$:vglset.exe
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
Mirillis Action
@Syrinx
Here's another template in case anyone needs to use this program with sandboxed software. It can be used with Mirillis Action!. Action!, created some issues after injecting sandboxed programs (in this case Mumble) and causing them to crash when it couldn't communicate as (it) expected in some instances. The template doesn't allow Mirillis Action to be sandboxed, but rather just gets Action! to 'work correctly' with sandboxed programs. eg Action! must still be installed on the host [it uses a service] and no template will change that.
Here's another template in case anyone needs to use this program with sandboxed software. It can be used with Mirillis Action!. Action!, created some issues after injecting sandboxed programs (in this case Mumble) and causing them to crash when it couldn't communicate as (it) expected in some instances. The template doesn't allow Mirillis Action to be sandboxed, but rather just gets Action! to 'work correctly' with sandboxed programs. eg Action! must still be installed on the host [it uses a service] and no template will change that.
Code: Select all
[Template_MAction]
Tmpl.Title=Mirillis Action
Tmpl.Class=Misc
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mirillis Action!
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mirillis Action!
OpenWinClass=*ACTION_X*
OpenIpcPath=*\BaseNamedObjects*\ActionIpc*
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
MBAE Template
Courtesy of @BTM aka @Syrinx
Windows Vista/7/8/10 32 bit & SBIE 4.x/5.x
Windows Vista/7/8/10 64 bit & SBIE 4.x/5.x
Windows Vista/7/8/10 32 bit & SBIE 4.x/5.x
Code: Select all
[Template_MBAE]
Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
Code: Select all
[Template_MBAE]
Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
-
- Sandboxie Support
- Posts: 3523
- Joined: Thu Jun 18, 2015 3:00 pm
- Location: DC Metro Area
- Contact:
Comodo Internet Security(CIS)
Courtesy of @rpljhun
Comodo Internet Security(CIS) Compatibility Setting.
Enable CIS compatibily settings in sandboxie.
Add this under global settings:
For CIS Enabled HIPS:
Add HIPS Rules for SbieSvc.exe set to Installer or Updater
For CIS Enabled Autosandbox:
You need to add ignore sandbox rules for any unrecognized applications by CIS
By default any unrecognized applications will be auto sandbox by CIS
To avoid inconvenience disable autosandbox.
If everything goes well, you may update the template.
Comodo Internet Security(CIS) Compatibility Setting.
Enable CIS compatibily settings in sandboxie.
Add this under global settings:
Code: Select all
ClosedFilePath=*\guard64.dll
Add HIPS Rules for SbieSvc.exe set to Installer or Updater
For CIS Enabled Autosandbox:
You need to add ignore sandbox rules for any unrecognized applications by CIS
By default any unrecognized applications will be auto sandbox by CIS
To avoid inconvenience disable autosandbox.
If everything goes well, you may update the template.
Code: Select all
[Template_ComodoInternetSecurity]
Tmpl.Title=Comodo Internet Security / Antivirus / Firewall
Tmpl.Class=Security
Tmp.Url=http://www.comodo.com/home/internet-security/free-internet-security.php
Tmpl.Scan=s
Tmpl.ScanService=cmdGuard
ClosedFilePath=*\Guard32.dll
ClosedFilePath=*\guard64.dll
Malwarebytes 3
This is just a minor tweak to the old MBAE template [found above] to work with the new build of Malwarebytes 3 which now includes the Anti-Exploit module.
The only real difference is a path change to point at the new location of the dll with this program.
If you didn't install MB3 with the default directory selected you'll still need to manually alter the path of the InjectDll= lines to reflect the mbae*.dlls real locations.
The only real difference is a path change to point at the new location of the dll with this program.
If you didn't install MB3 with the default directory selected you'll still need to manually alter the path of the InjectDll= lines to reflect the mbae*.dlls real locations.
Code: Select all
[Template_MB3]
Tmpl.Title=Malwarebytes 3 Anti Exploit Component (Vista,7,8,10)
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanService=MBAMService
InjectDll64=C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll
InjectDll=C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
Goo.gl/p8qFCf
Who is online
Users browsing this forum: No registered users and 0 guests