Does Sandboxie Protect Kernel ?

If it's not about a problem in the program
Post Reply
arran
Posts: 72
Joined: Sun Aug 17, 2008 2:02 am

Does Sandboxie Protect Kernel ?

Post by arran » Fri Dec 02, 2016 3:19 pm

I remember reading that due to microsoft 64 bit patch guard Sandboxie is no longer able to block Kernel exploits is this true?

like this
https://labs.bromium.com/2013/07/23/app ... rspective/

and this recent attack
http://arstechnica.com/security/2016/11 ... d-in-2013/

What about using file folder rules to block access to the kernel32.dll file?

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1658
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Does Sandboxie Protect Kernel ?

Post by Curt@invincea » Fri Dec 02, 2016 4:19 pm

This has been discussed quite extensively. http://forums.sandboxie.com/phpBB3/view ... 3&p=103163

And, no, you cannot block the kernel with Sbie. At any rate, kernel32.dll is not part of the kernel. It contains the user mode APIs that interface to the kernel.

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Re: Does Sandboxie Protect Kernel ?

Post by Peter2150 » Sat Dec 03, 2016 8:36 am

Where does the arstechnica article say Sandboxie was bypassed?

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1658
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Does Sandboxie Protect Kernel ?

Post by Curt@invincea » Sat Dec 03, 2016 5:09 pm

Peter2150 wrote:Where does the arstechnica article say Sandboxie was bypassed?
It didn't. And that wasn't even a kernel exploit.

Peter2150
Posts: 879
Joined: Tue Mar 27, 2007 9:46 pm
Location: Washington DC

Re: Does Sandboxie Protect Kernel ?

Post by Peter2150 » Mon Dec 05, 2016 10:48 am

I didn't think so. Don't see why OP linked that article

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests