Closed Aholicknight closed 1 year ago
This is possibly a duplicate of #234 and #2178.
If a custom dll name it all it takes to evade detection, then it might be worth it. Once they apply more sophisticated approaches, it may fail, and I see why David does not want to get into an arms race, playing cat and mice.
Besides blocking access to the file you may fake it's path
Besides blocking access to the file you may fake it's path
@mysteriously how would I block access to the file or the path? does this require sandboxie premium?
Besides blocking access to the file you may fake it's path
Could you show us an example please?
You can block using ini or create symlink to fake path
You didnt mention the name of the software
You can block using ini or create symlink to fake path
You didnt mention the name of the software
Ill try this
@DavidXanatos
Are there any documents on how to build it?
@DavidXanatos do you know how i can symlink sbiedll? thank you
@mysteriously can you please show what the ini file should look like when blocking sbiedll? thank you
Ok, let's summarize that.
You are trying to run some shady software which detects SBIE for a reason. You don't even bother to post the name of the software thought. So, you know it is doing its job but at the same time you literally went to official support forum to ask for help anyway. Even if you find a solution and shady software developer will detect you are somehow bypassing the protection mechanism, this forum will be first place for the shady software developer to look for an answer why his protection does not work anymore.
What's more, you expect to post the solution on public instead of keeping it for yourself once you find it.
Seriously dude?
try this https://github.com/VeroFess/SbieHide
@VeroFess oh this is very nice, so this issue can be closed, great :D I have added a new readme section listing SbieHide: https://github.com/sandboxie-plus/Sandboxie/blob/master/README.md#-usefull-tools-for-sandboxie I hope that's all right?
This is possibly a duplicate of #234 and #2178.
If a custom dll name it all it takes to evade detection, then it might be worth it. Once they apply more sophisticated approaches, it may fail, and I see why David does not want to get into an arms race, playing cat and mice.
can you help me with that please? all I need is to rename the dll I'm fine with it being detected as long as it doesn't have Sbiedll.dll. I have tried renaming the dll through my_version.h
I don't know if I did something wrong but it didn't work as intended.
all I need is to rename the dll
👉 https://github.com/sandboxie-plus/Sandboxie/issues/2880#issuecomment-1532087581
Is your feature request related to a problem or use case?
Some programs that I want to run in a sandbox can detect that the program is being ran in a sandbox via module names. As seen in the screenshot, the detection method used is the DLL name. Most of these programs that have this are also protected with VMProtect or a different protector and cannot be modified.
Describe the solution you'd like
An option to rename the sbiedll to something else to improve less sandbox detections.
Describe alternatives you've considered