Open Andrew3000s opened 3 years ago
Do these problems still persist with the latest version of Sandboxie? At the time of writing, this is 1.2.6 for the plus version.
As far as I know, you can't really use HitmanPro Alert together with Sandboxie without setting it up:
I would like to test Sandboxie and give it a try in portable mode, but I've already run into a problem with Hitman Pro Alert. I'm probably misunderstanding something somewhere, but I cannot start Firefox from a sandbox without HMPA interfering. To continue, I tried turning off mitigations for Sandboxie in HMPA, but I still get an Attack Intercepted alert (Sandboxie COM services). A beginners question: What is the proper way to avoid this from happening so I can continue testing?
Instead of disabling Exploit mitigations for Sandboxie in HMPA, went to Risk Reduction > Process Protection > uncheck Local Privilege Mitigation.
Yes correct, this is the only way to fix this, since HMPA hasn't implemented a whitelist, so it basically sees Sandboxie as malware. The risk is that malware might still elevate priviliges if it manages to run in the first place.
Reference: https://www.wilderssecurity.com/threads/trying-out-sandboxie-help-needed.446254/
That's not so nice to hear, thought that changes in Sandboxie or HMPA might have resolved this. At least there is a workaround to make it work. Again there is a tradeoff, until HMPA gets a whitelist or Sandboxie is excluded by other means.
Sandboxie does not work with HitmanPro.Alert (maximum protection). Here the errors while opening a malware/not know app:
With the last version of Sandboxie: Error: SBIE2101 CreateFile (C0000022) access=0012019F initialized=1 SBIE2314 Chiusura del processo Report-Review22-10.bin.exe [9484 / 7] in corso...
With the last version of Sandboxie plus: |Time| |Message| 10:38:25.470 SBIE2101 Object name not found: \Device\NamedPipe\hmpalert, error CreateFile (C0000022) access=0012019F initialized=1 by process: 2588