Sandboxie Version: 4.12 released

Status
Not open for further replies.
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Bo elam surely misunderstood your post, Umbra. :D
I too want to know if sandboxie can be bypassed by a variant of a ransomware.
 
  • Like
Reactions: nissimezra and Ink
D

Deleted member 178

Yes but the way he replied reminded me some comodo fanboys telling me i dont know how to use the product... seriously...

He just had to say : "ok let me see"
 
  • Like
Reactions: XhenEd
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
Umbra Polaris said:
Btw tested the said malware in a real win8.1.1 system with Sbie 4.10 in default setting : no bypass , just explorer get frozen and need hard reboot. Sbie still protect the OS.
Click to expand...
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
 
D

Deleted member 178

you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
 
  • Like
Reactions: nissimezra
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
Umbra Polaris said:
you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
Click to expand...
maybe.
anyway the virus wasn't there but it did change premission which means it did leak even though i used sandboxie and time freeze, the test was panda cloud to see if it can detect the leftover viruses when running, nop it didnt
 
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
BoraMurdar said:
You could mistakenly run into some cryptolocker that could encrypt all of your data on all of your partitions. If you test malwares on the real machine just lock other partitions to be not accessible by OS, or if you don't mind formatting your HDD just don't keep important files on your computer.
Have a nice day, and be safe ;)
Click to expand...
i sure can, there is nothing important in that pc, and i'd rather lose the os then runing vm, its killing my cooling sys on the laptop. the only problem is that im using remote desktop to conect to the machine, smart virus may copy itself to my laptop or network

cheers
 
kjdemuth

kjdemuth

Level 9
Verified
Jan 17, 2013
410
nissimezra said:
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
Click to expand...
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
 
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
kjdemuth said:
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
Click to expand...
thx
 
kjdemuth

kjdemuth

Level 9
Verified
Jan 17, 2013
410
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
 
  • Like
Reactions: nissimezra
nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
kjdemuth said:
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
Click to expand...
no prob bro, it is always good to learn new things. feel free.

thx for the link
 
CapeBuffalo

CapeBuffalo

Level 2
Verified
May 12, 2014
59
4.10 is released on the site, but my software says 4.12 is released
anyone can confirm that?
and is sandboxie signed? i'm sure the last time i check it was
 
  • Like
Reactions: Cats-4_Owners-2
kjdemuth

kjdemuth

Level 9
Verified
Jan 17, 2013
410
Nope it just upgraded to 4.12.
"Sandboxie version 4.12 Released

The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.

The auto-update feature is working again.

The Portuguese (Portugal) language has been fixed.

For more information, see the download page:

http://www.sandboxie.com/index.php?DownloadSandboxie"

Straight from the forum.
 
  • Like
Reactions: Cats-4_Owners-2
Littlebits

Littlebits

Retired Staff
Thread author
May 3, 2011
3,893
Version 4.12
Released on 29 May 2014.

These are the changes to Sandboxie since version 4.10:

  • The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.
  • The auto-update feature is working again.
  • The Portuguese (Portugal) language has been fixed.
http://www.sandboxie.com/index.php?VersionChanges#v_4_12

Enjoy!! :D
 
  • Like
Reactions: Cats-4_Owners-2 and MrXidus
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
  • Locked
Sandboxie v5.24
Replies
0
Views
3,709
Other security for Windows, Mac, Linux
silversurfer
silversurfer
Bot
    • Like
Pale Moon 28.3.0 Released
Replies
1
Views
1,504
Firefox
71Hemi
7
Myna
    • Like
  • Locked
Sandboxie 4.09 Beta Available (Latest Version 4.09.1)
Replies
3
Views
3,794
Other security for Windows, Mac, Linux
Moose
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top