D

Deleted member 178

Yes but the way he replied reminded me some comodo fanboys telling me i dont know how to use the product... seriously...

He just had to say : "ok let me see"
 
  • Like
Reactions: XhenEd

nissimezra

New Member
Pre-moderated
Btw tested the said malware in a real Windows 8.1.1 system with Sbie 4.10 in default setting : no bypass , just explorer get frozen and need hard reboot. Sbie still protect the OS.
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
 
D

Deleted member 178

you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
 
  • Like
Reactions: nissimezra

nissimezra

New Member
Pre-moderated
you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
maybe.
anyway the virus wasn't there but it did change premission which means it did leak even though i used sandboxie and time freeze, the test was panda cloud to see if it can detect the leftover viruses when running, nop it didnt
 

nissimezra

New Member
Pre-moderated
You could mistakenly run into some cryptolocker that could encrypt all of your data on all of your partitions. If you test malwares on the real machine just lock other partitions to be not accessible by OS, or if you don't mind formatting your HDD just don't keep important files on your computer.
Have a nice day, and be safe ;)
i sure can, there is nothing important in that pc, and i'd rather lose the os then runing vm, its killing my cooling sys on the laptop. the only problem is that im using remote desktop to conect to the machine, smart virus may copy itself to my laptop or network

cheers
 

kjdemuth

Level 8
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
 

nissimezra

New Member
Pre-moderated
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
thx
 

kjdemuth

Level 8
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
 
  • Like
Reactions: nissimezra

nissimezra

New Member
Pre-moderated
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
no prob bro, it is always good to learn new things. feel free.

thx for the link
 

kjdemuth

Level 8
Nope it just upgraded to 4.12.
"Sandboxie version 4.12 Released

The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.

The auto-update feature is working again.

The Portuguese (Portugal) language has been fixed.

For more information, see the download page:

http://www.sandboxie.com/index.php?DownloadSandboxie"

Straight from the forum.
 
  • Like
Reactions: Cats-4_Owners-2

Littlebits

Retired Staff
Version 4.12
Released on 29 May 2014.

These are the changes to Sandboxie since version 4.10:

  • The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.
  • The auto-update feature is working again.
  • The Portuguese (Portugal) language has been fixed.
http://www.sandboxie.com/index.php?VersionChanges#v_4_12

Enjoy!! :D