Sandboxie Support

Built in dedicated Hotkeys that can't be circumvented to the terminate command would be of help against some ransom/screenlockers type malware.

I know they are contained but hotkeys could save a reset.

I support this feature request.

Sounds good to me too.

I explained the problem at the bottom of this post:

http://www.sandboxie.com/phpbb/viewtopic.php?t=9338

I've not fixed that yet, but what I described there is going to be the approach that I will take to deal with this issue.

Ok thanks tzuk.

For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.

Thanks to majoMo wilders.

Oneder wrote:For those that are testing these ransom/screenlockers the below batch file will run the terminate command every 30 seconds whilst the command window is open.[/code]

Thanks Oneder. In a followup post in that thread http://www.wilderssecurity.com/showpost ... ostcount=6 Franklin says:

I was using WinHotKey here but some of these new Ransom/Winlock/Screenlockers lock everything up where hotkeys just won't work whereas the batchfile, which has to be running before executing the malware, works a treat.

The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!)

soccerfan wrote: The batchflie must be already running before executing the malware.
This may be nice for those testing malware (not me!)

Franklin and I are always testing malware so the batch works a treat in not having to reset with these screenlockers.

On my XP VM's where I'm not using SB I point the batch to RogueKiller.

Yes you can use Task scheduler to run a normal terminate bat but minimum wait to execute is a minute.

I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Buster wrote:I coded a tool to manage malware and I added a feature to allow to terminate sandboxed processes in a user defined amount of time.

Sounds good buster, wouldn't mind a look at it if OK by you.

Oneder wrote:Sounds good buster, wouldn't mind a look at it if OK by you.

The program, named Extractor, is used to extract contents from all kind of packed files: archives, setups, embedded files, etc.

It supports: 7z, ZIP, GZIP, BZIP2, TAR, RAR, CAB, ISO, ARJ, LZH, CHM, Z, CPIO, RPM, DEB, NSIS, ACE, EML, Inno Setup, Microsoft SZDD, Microsoft TNEF, RTF, Gentee, Setup Factory, RapSFX, Thraex´s Astrum InstallWizard, SEA, Instyler, BInstall, Cexe, Quick Batch File Compiler, WScript, Smart Install Maker, Stubbie SFX Extractor, ARC, ZOO, SIS and virtually any executable compressed file format.

I can show you a screenshot of the project:



Extractor is an improved version of Universal Extractor: http://legroom.net/software/uniextract

In fact I started coding Extractor in 2007 because I was not satified with UE. Right now Extractor is the best program of its kind (there are not many of them ). It´s able to automatize many setups even. That means contents get extracted without any user intervention because the program automatically clicks on "Next" button.

Here you can see some statistics:

Excellent Buster. Will give it a whirl in a little while.

Buster wrote:Extractor is an improved version of Universal Extractor:...
In fact I started coding Extractor in 2007 because I was not satified with UE...

Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie.
Buster, do you have any plans of a public release (or a contributed utility)?

soccerfan wrote:Wow. I have been using uniextract for quite a while but your Extractor even wraps it all in sandboxie.

Well, Extractor uses a combination of 7Zip, Sandboxie and other custom extraction procedures.

As you can see in the statistics, 7Zip does the job most of the time and Sandboxie usually does the rest.

soccerfan wrote:Buster, do you have any plans of a public release (or a contributed utility)?

No, I don´t have plans of releasing this tool.