Keylogger blocked by sandboxie - Windows Server

If it's not about a problem in the program
Post Reply
SecurityQ
Posts: 1
Joined: Wed Nov 29, 2017 10:56 am

Keylogger blocked by sandboxie - Windows Server

Post by SecurityQ » Wed Nov 29, 2017 11:14 am

Hi,

I am running a program that "might" be dangerous regarding its use of graphics cards memory and it does need internet access to run.

I have setup a seperate normal user account for just that program to run in and have used NTFS permissions to block off all folders and drives except C:\windows. I have used GPO settings to block control panel and settings and regedit and powershell. The program does need the cmd though as well as windows gui forms etc.

This program runs in the sandbox on that account used only for this program. NTFS permissions deny that account access to all browsers.

Is it possible for the program to view other user's video memory - it does not run as admin and no permissions are asked? Also is the sandboxed program able to run key logging on other user accounts whilst running in the sandbox.

All normal actions take place in other user accounts and outside of the sandbox. The "rogue" program runs in the sandbox.

I tried using a legitimate keylogger to test if it could see outside the sandbox and it was not able to!

The OS is Windows server 2016.

I would appreciate all advice on if it can view outside the sandbox e.g. other user screen memory and keyboard events. And any other advice to lockdown the system.

Thanks!!!

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2821
Joined: Mon Nov 07, 2016 3:10 pm

Re: Keylogger blocked by sandboxie - Windows Server

Post by Barb@Invincea » Wed Nov 29, 2017 11:32 am

Hello SecurityQ,

Please include this information :
viewtopic.php?f=11&t=19746
Without knowing what programs you are using and how do they work, we cannot really provide much assistance.

Does the program work in a new Sandbox with default settings? (Sandbox --> Create new Sandbox - Under "Copy settings from existing sandbox" select "none" ).

Regarding Windows Server, we do not officially support it, but we will try to help as much as possible.

As for Applocker, and keyloggers please read these entries:
Applocker: viewtopic.php?p=124147#p124147
Keyloggers: https://www.sandboxie.com/DetectingKeyLoggers

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests