Trust No Program

Can't get LastPass plugin to autologin / remember password

Please post your problem description here

Postby BUN B » Sun Mar 11, 2012 11:26 pm

so malware in one sandbox, has no change to read the cookie that's located in the second sandbox?

any change that tzuk will have some kind of discount for sandboxie? i am so mad I missed previous sale

thank you for your answer

also, too bad he ain't offering support with the app rather than "as it is", if i am not mistaken, that would be awsome!
BUN B
 

Postby BUN B » Mon Mar 12, 2012 8:11 pm

Hi Guest10,

Will you be so kind to take a look at my Sandboxie.ini file, and suggest what can I do to improve my security?
Restrict access to windows system32 filder maybe?
Please, your suggestions will be aprechiated

-----




[GlobalSettings]

ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe
TemplateReject=OfficeLicensing
Template=LastPass
ForceDisableSeconds=3

[DefaultBox]

ConfigLevel=6
Template=IExplore_Force
Template=IExplore_Favorites_RecoverFolder
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
DropAdminRights=y
Enabled=y
AutoDelete=y
NeverDelete=n
NotifyInternetAccessDenied=y
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\
ClosedFilePath=G:
ClosedFilePath=H:\
ClosedFilePath=I:\
ClosedFilePath=\Device\Mup\
ClosedFilePath=J:\
ClosedFilePath=K:\
ClosedFilePath=L:\
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Http\*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Nsi
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
RecoverFolder=%Desktop%
AutoRecover=y
BoxNameTitle=n
BorderColor=#000000,off

[UserSettings_087C01B4]

SbieCtrl_UserName=mino
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=n
SbieCtrl_ShowWelcome=n
SbieCtrl_AutoApplySettings=n
SbieCtrl_SettingChangeNotify=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_WindowLeft=276
SbieCtrl_WindowTop=143
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=449
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView_DefaultBox=n
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_BoxExpandedView_test=y
SbieCtrl_ReloadConfNotify=n
BUN B
 

Postby Guest10 » Mon Mar 12, 2012 8:17 pm

First, I suggest that you update to the latest version. Either 3.64, or better yet, the latest beta version:
http://sandboxie.com/phpbb/viewtopic.php?t=12517
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby soccerfan » Mon Mar 12, 2012 11:38 pm

BUN B wrote:any change that tzuk will have some kind of discount for sandboxie? i am so mad I missed previous sale

You better hurry!
http://sandboxie.com/phpbb/viewtopic.php?t=12627
soccerfan
soccerfan
 
Posts: 435
Joined: Tue Sep 25, 2007 7:59 pm

Postby tailandturr » Tue Mar 13, 2012 9:56 am

Helper wrote:A sandboxed program doesn't know it's using a sandbox so if it wants to read from a file or folder on the hard drive it will look at the unsandboxed files/folders.

Using an example of an IE cookie that a sandboxed program wants to read, the program would look at:
C:\Users\username\Appdata\Roaming\Microsoft\Windows\Cookies
but if the cookie it's looking for is in a sandbox underneath "C:\Sandbox\...", it won't find it there.
The chances that malware will know to look underneath the C:\Sandbox\... folder, in a different sandbox, is about zero.


Very interesting to read your forum. Thank you very much.
tailandturr
 
Posts: 1
Joined: Wed Mar 07, 2012 3:35 pm

Postby BUN B » Tue Mar 13, 2012 11:54 am

i've upgraded just as you suggested!
i've closed sandboxie in taskbar, ran install, chose upgrade, and restarted

my sandboxie.ini looks like this now!
what can I add more to increase protection, what directories should I block in "restricted access" and so on?
I will now enable experimental protection, after this post

please do reply!
have a great day!
---------------------------


[GlobalSettings]

ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe
TemplateReject=OfficeLicensing
Template=NOD32
Template=LastPass
ForceDisableSeconds=3
FileRootPath=I:\Sandbox\%USER%\%SANDBOX%
ActivationPrompt=y
EditAdminOnly=y
ForceDisableAdminOnly=y
ForgetPassword=n

[DefaultBox]

ConfigLevel=7
Template=BlockPorts
Template=IExplore_Force
Template=IExplore_Favorites_RecoverFolder
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
DropAdminRights=y
Enabled=y
NeverDelete=n
NotifyInternetAccessDenied=y
ClosedFilePath=D:\
ClosedFilePath=E:\
ClosedFilePath=F:\
ClosedFilePath=G:
ClosedFilePath=H:\
ClosedFilePath=\Device\Mup\
ClosedFilePath=J:\
ClosedFilePath=K:\
ClosedFilePath=L:\
ClosedFilePath=I:\
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Http\*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Nsi
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*
RecoverFolder=%Desktop%
AutoRecover=y
BoxNameTitle=n
BorderColor=#000000,off
AutoDelete=y
NotifyStartRunAccessDenied=y
ProcessGroup=<StartRunAccess>,iexplore.exe
ClosedIpcPath=!<StartRunAccess>,*
ReadFilePath=C:\Windows\System32\
ReadFilePath=c:\windows\sandboxie.ini

[UserSettings_087C01B4]

SbieCtrl_UserName=mino
SbieCtrl_NextUpdateCheck=1555555555
SbieCtrl_UpdateCheckNotify=y
SbieCtrl_ShowWelcome=n
SbieCtrl_AutoApplySettings=n
SbieCtrl_SettingChangeNotify=n
SbieCtrl_HideWindowNotify=n
SbieCtrl_WindowLeft=276
SbieCtrl_WindowTop=143
SbieCtrl_WindowWidth=660
SbieCtrl_WindowHeight=449
SbieCtrl_ActiveView=40021
SbieCtrl_BoxExpandedView_DefaultBox=y
SbieCtrl_ColWidthProcName=250
SbieCtrl_ColWidthProcId=70
SbieCtrl_ColWidthProcTitle=310
SbieCtrl_BoxExpandedView_test=y
SbieCtrl_ReloadConfNotify=n
SbieCtrl_EditConfNotify=n
BUN B
 

Postby BUN B » Tue Mar 13, 2012 12:30 pm

i've found out through poking that lastpass does save data under registry, but under different path then the one described in compatibiltiy

please, look the images bellow to see the path, and to confirm that the path is different then the one inside compatibiltiy

i did change one setting, and those settings were written inside this path, inside registry

how can we include this to be excluded from sandboxie and to allow lastpass plugin to remember it's settings when changed in sandboxed browser?

Direct Links

Image
Image

[/img]
BUN B
 

Postby Guest10 » Tue Mar 13, 2012 12:37 pm

BUN B wrote:i've upgraded just as you suggested!
I can see by the line:
ConfigLevel=7
that you have upgraded the program.
Frankly, I expected that a couple of the settings would have been simplified or moved during the upgrade process, but they will still work the same as they are now.
I don't really see anything that needs to be done.
I do note though, that there are no settings for use with an email program.

ReadFilePath=C:\Windows\System32\
ReadFilePath=c:\windows\sandboxie.ini

Sandboxed programs are automatically restricted from writing outside of the sandbox, so technically you don't have to set the System32 folder as a read-only folder.
Any sandboxed program that writes to System32 will actually write to that folder inside of the sandbox, and the write will be deleted when the 'AutoDelete=y' setting deletes the sandbox contents.
It will however, stop a program from "trying" to write to that folder, and that could cause a sandboxed program to stop with an error when it finds that it can't write there.

In the same way a sandboxed program cannot write to the sandboxie.ini file, outside of the sandbox. Any write there would be trapped inside of the sandbox.
It would appear that the sandboxie.ini file had been changed, to programs that use the same sandbox (until the sandbox is deleted).
But if you have another sandbox, the programs that use it would never see any change to the file.
I've never seen the need to use a read-only path for these two items.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby Guest10 » Tue Mar 13, 2012 12:48 pm

BUN B wrote:i've found out through poking that lastpass does save data under registry, but under different path then the one described in compatibiltiy
There isn't any Registry key listed in the LastPass template to allow changes to these settings, because they are written into the Registry when the program is first installed.
After the initial install, there's really no reason to allow a sandboxed program to change them, since they are "program settings" but they are not "data".
I don't see anything there that LastPass needs to save outside of the sandbox, when the program is used.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby Bun B » Tue Mar 13, 2012 1:32 pm

thank you for your comment regarding system32 and sandbox.ini
you are completly right!

so you say, i'd have different confiruation ini if I have installed the sandbox from scratch
there is no need to do that now again, right?

one thing i did noticed, that I need to allow dlhost.exe under Start/run programs inside sandboxie, as when I am attaching somethin in gmail, dialog pops up
is this allrgith to have it enabled to run in sandboxie?


regarding the LastPass, i think you are wrong

When I changed the setting in LastPass "autologin after 25s to 222s" the change of 222 seconds is written in that registry path

the above disqualifies your theory
should I provide some more details (screenshot or something)

i did tried adding my own exclusion, but it didn't have the effect, or maybe i didn't know how to correctly point to that path

also, under settings in sandboxie, tree FOLDERS, everything is empty
is this normal?
Bun B
 

Postby Bun B » Tue Mar 13, 2012 1:56 pm

sorry, I misspelled in previous post

dllhost.exe
Bun B
 

Postby Guest10 » Tue Mar 13, 2012 5:42 pm

Bun B wrote:so you say, i'd have different confiruation ini if I have installed the sandbox from scratch
there is no need to do that now again, right?
Yes, some of your settings would have been a little different.
I thought that the upgrade would have revised them, but apparently not.
Things still work as they are, though.

This line:
[GlobalSettings]
ProcessGroup=<InternetAccess_DefaultBox>,iexplore.exe

I expected to be modified and placed under:
[DefaultBox]
ProcessGroup=<InternetAccess>,iexplore.exe

These lines:
[DefaultBox]
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Http\*
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Nsi
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip6
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\RawIp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Udp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Tcp
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Ip
ClosedFilePath=!<InternetAccess_DefaultBox>,\Device\Afd*

I expected to be replaced with:
[DefaultBox]
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
Bun B wrote:I need to allow dlhost.exe under Start/run programs inside sandboxie, as when I am attaching somethin in gmail, dialog pops up
is this allrgith to have it enabled to run in sandboxie?
Yes, that should be all right. You will likely find more that need to be added, as well.
Bun B wrote:When I changed the setting in LastPass "autologin after 25s to 222s" the change of 222 seconds is written in that registry path
I should have looked a little closer at your Registry screen prints.
They appear to me to be a copy of the program's settings - ones that are located in the Reghive file in the sandbox - and not the settings in the unsandboxed part of the Registry.
When a sandbox is in use, all Registry settings/changes etc. made by the sandboxed program are written into the "RegHive" file in the sandbox at:
C:\Sandbox\(user)\DefaultBox\RegHive
While the sandbox is active (a sandboxed program is using that sandbox) the RegHive file is mounted to the "real" Registry, under the HKEY_USERS key.
When the sandboxed programs end, the paths shown in your Registry screen prints should no longer exist - until the sandbox is used again, assuming that the sandbox contents have not been deleted in the meantime.

I must admit though, your Registry paths are not what I expected to see under HKEY_USERS.
Your first screen print shows a Registry path:
HKEY_USERS\sandboxie\machine\software\...
On my computer that path would be:
HKEY_USERS\Sandbox_(user)_DefaultBox\machine\software\...
I thought that when the RegHive was mounted to the real Registry, it always shows as in my example, so I don't know if this is the default for Win 7 or not. Or, if it's just because you only have the one sandbox.
Bun B wrote:I did tried adding my own exclusion, but it didn't have the effect, or maybe i didn't know how to correctly point to that path
Assuming that I'm correct, these settings are inside of the sandbox RegHive file so adding a Registry Key exclusion to those Registry paths wouldn't do anything. I assume that they were copied there from some unsandboxed part of the Registry, if you made a program setting change for LastPass when it was sandboxed.
To make program setting changes that persist, the normal thing to do is to make the change when not sandboxed. That way the change will be remembered when sandboxed or unsandboxed.
Bun B wrote:.. under settings in sandboxie, tree FOLDERS, everything is empty
is this normal?
Assuming that you mean:
Sandbox Settings > Applications > Folders
there's no entry there if all you use is IE.
If you used Firefox and used any of the templates besides the one for phishing, you would see "Firefox" listed there.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby BUN B » Tue Mar 13, 2012 7:41 pm

thank you for you long message

I mounted the registry again (to my real registry) from sandbox, after changing some random setting in LastPass plugin.

It seems you were right
those settings from screenshot, from my mounter registry, are copied from my REAL registy

I've searched for Last Pass enteries in my real registry, and look what I found.
The settings seems to be saved in these locations:

HKEY_CURRENT_USER\Software\LastPass
HKEY_CURRENT_USER\Software\LastPass\#SOME CRAZY LONG STRING#


HKEY_USERS\##BUNCH OF NUMBERS##\Software\LastPass
HKEY_USERS\##BUNCH OF NUMBERS##\Software\LastPass\#SOME CRAZY LONG STRING#

In the mentioned values I've found one value named LPTEMPDIR
THis Value (LPTEMPDIR) has string value c:\users\mino\appdata\local\temp\lptmp-NUMBERS(followed by numbers)

This is apprently LastPass temp directory

The above doesn't fit inside the string in sandboxie compatibilty which is:
OpenFilePath=<Template_LastPass>,%USERPROFILE%\*\LastPass\*

Correct me if I am wrong


Wat's he purpose of LastPass compatibility f it is not to save settings?
BUN B
 

Postby Guest10 » Tue Mar 13, 2012 8:31 pm

BUN B wrote:THis Value (LPTEMPDIR) has string value c:\users\mino\appdata\local\temp\lptmp-NUMBERS(followed by numbers)
This is apprently LastPass temp directory
Yes, it looks like a temp directory that LastPass would create and use.
Normally, that temp folder would be created and used by LastPass outside of the sandbox.
There might even be a folder like that right now, if temporary files haven't been deleted from your temp folder.
However, when sandboxed, a corresponding folder would be created and used inside of the sandbox.
The contents of that folder will be deleted when the sandbox contents are deleted.
BUN B wrote:The above doesn't fit inside the string in sandboxie compatibilty which is:
OpenFilePath=<Template_LastPass>,%USERPROFILE%\*\LastPass\*?
No, it doesn't fit the template's Direct Access path, but then it doesn't have to.
That's because it's for temporary storage, and it's not used as a permanent storage location. All data in and underneath a "temp" folder is always expendable data.
It can be deleted at any time, and that would have no effect on programs.
BUN B wrote:Wat's he purpose of LastPass compatibility f it is not to save settings?
To save log in data, username and password, out of the sandbox - for the various Internet sites that you visit. It's not to save LastPass' own settings, but the settings for those Internet sites.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 32, Thunderbird 31.
Sandboxie user since March 2007.
Guest10
 
Posts: 4856
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby BUN B » Tue Mar 13, 2012 8:52 pm

but isn't everything save in the cloud, passwords and usernames for sites are not saved on hdd
i don't think there needs to be an exception in sandboxie for this to work

you say that this compatibility serves a purpose for lastpass plugin to comunicate with hq or for storing data on the hdd?

i am pretty sure, no data is stored locally
BUN B
 

PreviousNext

Return to Problem Reports

Who is online

Users browsing this forum: Yahoo [Bot] and 13 guests