Advice Request Do I still need a Sandboxing Utility ?

Please provide comments and solutions that are helpful to the author of this topic.

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
Sandboxing is not just for your browser. Most modern browsers are pretty safe anyway, you don't hear much about browser exploits actually affecting people these days.

The more important use of sandboxing is for Office and PDF applications. This is where the really nasty exploits are happening.
Both Sandboxie and ReHIPS will sandbox such applications.
Sandboxie will do it if you set it up, and ReHIPS will do it out of the box.
(You don't need the paid version of ReHIPS for this, by the way.)

Well, I've uninstalled IE and have installed Chrome as my default browser.

Have also installed ReHIPS but paid for a year's license as I think there are more than 10 processes running in the browser when you take into account RoboForm etc.
Having installed ReHIPS, I just have Chrome as an Isolated Program but RoboForm wont load "Cannot Start RoboForm" is displayed with the red border. I expect it has something to do with the Isolated Program setting which is the default setting and I would be grateful for some help to have RoboForm running correctly in this isolated Sandbox.

Also, when closing Chrome, does this delete the contents of the container folder for this isolated program and how would I save downloads or added bookmarks to the real environment ?

Thanks in advance for any assistance.

Andy
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Well, I've uninstalled IE and have installed Chrome as my default browser.

Have also installed ReHIPS but paid for a year's license as I think there are more than 10 processes running in the browser when you take into account RoboForm etc.
Having installed ReHIPS, I just have Chrome as an Isolated Program but RoboForm wont load "Cannot Start RoboForm" is displayed with the red border. I expect it has something to do with the Isolated Program setting which is the default setting and I would be grateful for some help to have RoboForm running correctly in this isolated Sandbox.

Also, when closing Chrome, does this delete the contents of the container folder for this isolated program and how would I save downloads or added bookmarks to the real environment ?

Thanks in advance for any assistance.

Andy
Hi, about roboform, please check out this thread on the ReHIPS forum, where roboform is discussed. You might have to scroll through a few posts until you get to the roboform issue.
Firefox add-on to backup profile
If it doesn't answer your question, my best advice is to ask directly on the ReHIPS forum, and you should get first-class service over there. If you ask here, the dev probably won't see it, so you won't get real support.

As for your second question, no, closing Chrome does not delete any data.
 

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
Hi, about roboform, please check out this thread on the ReHIPS forum, where roboform is discussed. You might have to scroll through a few posts until you get to the roboform issue.
Firefox add-on to backup profile
If it doesn't answer your question, my best advice is to ask directly on the ReHIPS forum, and you should get first-class service over there. If you ask here, the dev probably won't see it, so you won't get real support.

As for your second question, no, closing Chrome does not delete any data.

I have created a thread on the ReHIPS forum and see where we ho from there.

How do you recover downloaded data from the isolated Sandbox ?

@Elantris - I have a paid license for Sandboxie but I was having difficulty getting it to work with KTS although I thought Sandboxie was OK with KTS v 2018
 
  • Like
Reactions: vtqhtr413 and AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I have created a thread on the ReHIPS forum and see where we ho from there.

How do you recover downloaded data from the isolated Sandbox ?

@Elantris - I have a paid license for Sandboxie but I was having difficulty getting it to work with KTS although I thought Sandboxie was OK with KTS v 2018
About recovering data:
1 to make things easier for yourself, it is good to set the browser's default download location to C:\ReHIPS\Browser
All your isolated browsers will have access to that folder, and it is easy to find.

2 in the meantime, the files will go into the downloads folder of that particular ReHIPS user folder (often referred to as an IE -- isolated environment)

In order to find the IE for your browser, open the ReHIPS GUI and go into ReHIPS/RulesDatabase/Isolated/YourUserName
Then double-click on the browser you want, look in the upper righthand corner, and it will say something like ReHIPSUser4
That is where your downloads went. Look in that folder, and you will find them there.

If you happen to know the name of the downloaded file, it might be more convenient to just do a search in C:\Users for that file. You will quickly find your file, and also you will find out the folder your browser is linked to, so you can pin it to quick access or make a shortcut or something.

But the easiest way is to just go to downloads through the browser itself. You can then copy and paste your file from there to another location, if you want.

In previous versions of ReHIPS, there was an issue that KIS+ReHIPS=initial delay in launching isolated programs after a reboot. But this issue was fixed in the current stable version.
 

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
About recovering data:
1 to make things easier for yourself, it is good to set the browser's default download location to C:\ReHIPS\Browser
All your isolated browsers will have access to that folder, and it is easy to find.

2 in the meantime, the files will go into the downloads folder of that particular ReHIPS user folder (often referred to as an IE -- isolated environment)

In order to find the IE for your browser, open the ReHIPS GUI and go into ReHIPS/RulesDatabase/Isolated/YourUserName
Then double-click on the browser you want, look in the upper righthand corner, and it will say something like ReHIPSUser4
That is where your downloads went. Look in that folder, and you will find them there.

If you happen to know the name of the downloaded file, it might be more convenient to just do a search in C:\Users for that file. You will quickly find your file, and also you will find out the folder your browser is linked to, so you can pin it to quick access or make a shortcut or something.

But the easiest way is to just go to downloads through the browser itself. You can then copy and paste your file from there to another location, if you want.

In previous versions of ReHIPS, there was an issue that KIS+ReHIPS=initial delay in launching isolated programs after a reboot. But this issue was fixed in the current stable version.

This is very helpful - many thanks.

If Chrome is isolated, would I need to add RoboForm to the isolate environment or should this usually happen automatically ?

I am ratherr liking ReHIPS and its just a matter of sorting RoboForm and then I think i'm OK
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This is very helpful - many thanks.

If Chrome is isolated, would I need to add RoboForm to the isolate environment or should this usually happen automatically ?

I am ratherr liking ReHIPS and its just a matter of sorting RoboForm and then I think i'm OK
You're welcome.

I don't know how roboform works, so I hesitate to say. I assume that it can be added to the isolated environment, but the best way to do that depends on how it works and what other processes it communicates with.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I also use the Lastpass Chrome extension in ReHIPS without any issues.

It looks to me like roboform needs installing as a regular program (i.e. it is not just a browser extension), so you could try right-clicking the installer file, and choose ReHips deploy helper, and select to install it in the IE of your favorite browser. This is the standard solution, but, like I said, I am not familiar with roboform.
 

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
I also use the Lastpass Chrome extension in ReHIPS without any issues.

It looks to me like roboform needs installing as a regular program (i.e. it is not just a browser extension), so you could try right-clicking the installer file, and choose ReHips deploy helper, and select to install it in the IE of your favorite browser. This is the standard solution, but, like I said, I am not familiar with roboform.
I have asked the Fixer at ReHIPS if this looks right but every time I open Chrome isolated, RoboForm data does not seem to be retained. I do have "copy user data" checked in the IE settings

Capture.PNG
checked in the IE
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I have asked the Fixer at ReHIPS if this looks right but every time I open Chrome isolated, RoboForm data does not seem to be retained. I do have "copy user data" checked in the IE settings

checked in the IE
fixer is the dev. If anyone can figure it out, it is him. I saw on the ReHIPS forum that he installed the program and analysed how it works, so he is light years ahead of me...
 
  • Like
Reactions: harlan4096

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
Seems a very helpful guy so I am hoping to get this fixed properly. As I write this, i am in Chrome Isolated and RoboForm is working fine but as soon as I close the browser and re-open it again, I will have to do it all again as the settings dont seem to save themselves within the IE
 
  • Like
Reactions: shmu26
I

illumination

This thread has given me an idea: I will test the next malware samples at MWTHub with KTS2018 + Default settings + TAM On + PUP/PUA/AdWare/ and will see how it performs in dynamic tests...
Will you monitor system changes (file/registry) as well as system resource usage during the test of TAM, I would be interested to see how efficient it really is.
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
With TAM enabled system usually goes a bit slower (and specially if virtual machine), that's an evidence... about file/system registry? TAM just blocks the executions, so no chance to modify system registry or drop/change any file...
 
I

illumination

With TAM enabled system usually goes a bit slower (and specially if virtual machine), that's an evidence... about file/system registry? TAM just blocks the executions, so no chance to modify system registry or drop/change any file...
I must have misread your post, as it looked as you stated TAM would be tested at default settings, which is of course not locked down to a complete default/deny.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
TAM is not a "real/pure" default-deny system, I think it has been discussed many times in this forum :)

Except TAM On + PUP On, all the others settings are in default settings...
 
  • Like
Reactions: shmu26

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Personally I think people have sandboxing backwards but what do I know (literally, what do I know :ROFLMAO:). I think we should focus on sandboxing/virtualizing the kernel and the most essential components of Windows so that they cannot be compromised to get access to everything else. In essence, Microsoft already offers this but it breaks so many programs that they are too afraid to shovel it down everyone's throat. Just finding the instructions alone is a big deterrent to most average users. :cautious: Oh and only available for Windows 10 Pro and up since it requires Hyper-V.
Enable virtualization-based protection of code integrity

I really think Microsoft is wasting so much potential here. They already have the entire virtualization environment and they do offer application virtualization.... to enterprise customers. The entire application environment should be completely separated from the driver/kernel environment like it's done in mobile operating systems. But I know that would piss some people off.
 

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
I am giving Sandboxie another go and excluded the SBIE folder from KTS 2018 under Threats and Exclusions. I have created a "Chrome" sandbox and forced Chrome to run in the sandbox which it does upon clicking the desktop shortcut however either Web Anti Virus or Anti Banner, or both, are blocking web pages being displayed and I do not know what exclusion to add and where to add it to facilitate it running directly from the Google Chrome desktop shortcut..

Strangely, if I add a desktop shortcut via Sandboxie control to the "Chrome" sandbox, I dont get a problem at all and if I right click the Google Chrome desktop shortcut and run sandboxed in the "Chrome" sandbox I dont get a problem at all either

Any help to sort this would be appreciated.

Thanks

Andy
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Also I have sandbox containers for each seperate web facing solutions and the box is setup to compartmentalize each solution within it's own sandbox. I.e. my VLC player can't talk to my chrome or see any drives besides what I tell it to see. My adobe reader is the same, etc etc etc.
Microsoft is bringing better control over your local privacy, by letting the user decide whether an App can access your files. Whether it's for Win32 apps too, I don't know.
Windows 10 build 17093 for PC: Everything you need to know
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top