Sandboxie Version: 4.12 released

Status
Not open for further replies.
nissimezra said:
people i suggest you try it yourself and see, i'm not here to argue.

thx
Click to expand...
I wasn't trying to argue, I was curious as the member posting above and below. o_O

^ Looks like there was no bypass, but will be testing anyway.
 
  • Like
Reactions: nissimezra
Bo elam surely misunderstood your post, Umbra. :D
I too want to know if sandboxie can be bypassed by a variant of a ransomware.
 
  • Like
Reactions: nissimezra and Ink
Yes but the way he replied reminded me some comodo fanboys telling me i dont know how to use the product... seriously...

He just had to say : "ok let me see"
 
  • Like
Reactions: XhenEd
Umbra Polaris said:
Btw tested the said malware in a real win8.1.1 system with Sbie 4.10 in default setting : no bypass , just explorer get frozen and need hard reboot. Sbie still protect the OS.
Click to expand...
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
 
you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
 
  • Like
Reactions: nissimezra
Umbra Polaris said:
you should test with the latest version of Sbie (v4.10) , maybe the vulnerability you had is no more relevant.

also you have to be sure you deleted the contents of the sandbox before reboot.
Click to expand...
maybe.
anyway the virus wasn't there but it did change premission which means it did leak even though i used sandboxie and time freeze, the test was panda cloud to see if it can detect the leftover viruses when running, nop it didnt
 
BoraMurdar said:
You could mistakenly run into some cryptolocker that could encrypt all of your data on all of your partitions. If you test malwares on the real machine just lock other partitions to be not accessible by OS, or if you don't mind formatting your HDD just don't keep important files on your computer.
Have a nice day, and be safe ;)
Click to expand...
i sure can, there is nothing important in that pc, and i'd rather lose the os then runing vm, its killing my cooling sys on the laptop. the only problem is that im using remote desktop to conect to the machine, smart virus may copy itself to my laptop or network

cheers
 
nissimezra said:
hard reboot did solve the problem in my test however i can't tell in that case if sandboxie did solve ie coz i had time freeze running, and I've tested timefreeze with many rasomware with no changes after reboot.

I did have one sample that did change permission after reboot even that i used sandboxie and timefreeze, it prevented me from killing some process even that the malware was not running after reboot

thx
Click to expand...
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
 
kjdemuth said:
"reboot? u can't reboot, only force shutdown"
Thought you told me that you couldn't reboot only force shutdown? Which is it? Seems to me that you need a little more testing to be throwing around a bypass statement so openly. I'll test it out on my own and let you know whether it was "bypassed" or not.
Click to expand...
thx
 
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
 
  • Like
Reactions: nissimezra
kjdemuth said:
I'm not trying to bust your chops nissimeza. I just trying to clarify what you trying to say here.
Here is the Anubis break down of the video file.
https://anubis.iseclab.org/?action=result&task_id=15444170b4f6a0d945d353241169a592f&format=html

I love this part
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Local Settings %USERPROFILE%\Local Settings 1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Personal %USERPROFILE%\My Documents 1

I'll test it out later when I get my VM up and running again.
Click to expand...
no prob bro, it is always good to learn new things. feel free.

thx for the link
 
Nope it just upgraded to 4.12.
"Sandboxie version 4.12 Released

The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.

The auto-update feature is working again.

The Portuguese (Portugal) language has been fixed.

For more information, see the download page:

http://www.sandboxie.com/index.php?DownloadSandboxie"

Straight from the forum.
 
  • Like
Reactions: Cats-4_Owners-2
Version 4.12
Released on 29 May 2014.

These are the changes to Sandboxie since version 4.10:

  • The MS Visual C++ redistributable libraries have been broken out into a separate download. These now download and install during the Sandboxie install. Installing them this way will enable them to be automatically updated by Windows Update should MS issue any hotfixes.
  • The auto-update feature is working again.
  • The Portuguese (Portugal) language has been fixed.
http://www.sandboxie.com/index.php?VersionChanges#v_4_12

Enjoy!! :D
 
  • Like
Reactions: Cats-4_Owners-2 and MrXidus
Status
Not open for further replies.

You may also like...