Buster Sandbox Analyzer

Utilities designed for use with Sandboxie
Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1640
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Curt@invincea » Thu Jun 26, 2014 11:58 pm

Buster wrote:Curt: In what are you working actually to get BSA in business?

I mean, what is necessary to change in Sandboxie to get BSA working fine?
The problem in notepad SaveAs appears to be a bug in duser.dll. It is complaining of reentrancy. It is very low priority because all it does is cause an error msg to be displayed by Sbie. Notepad keeps running. And how many people are going to be testing notepad under BSA anyway?

Firefox was starting werfault.exe for me, but you say it is running fine for you. So what problems remain?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Fri Jun 27, 2014 1:30 am

Curt@invincea wrote:
Buster wrote:Curt: In what are you working actually to get BSA in business?

I mean, what is necessary to change in Sandboxie to get BSA working fine?
The problem in notepad SaveAs appears to be a bug in duser.dll. It is complaining of reentrancy. It is very low priority because all it does is cause an error msg to be displayed by Sbie. Notepad keeps running. And how many people are going to be testing notepad under BSA anyway?

Firefox was starting werfault.exe for me, but you say it is running fine for you. So what problems remain?
For me applications using SaveAs crashes. Example: MKVToolNix

And it is not just me:

http://forums.sandboxie.com/phpBB3/view ... 41#p100841
Also programs such as notepad.exe crash when I try to save a text-file to disk.
Do you want I record a video where you can see it happening? I do not think it is necessary as this problem was reported by other user and I confirm it happens.

Coldblackice
Posts: 5
Joined: Sat Feb 22, 2014 3:52 am

Re: Buster Sandbox Analyzer

Post by Coldblackice » Sat Jul 12, 2014 9:14 pm

^Any update on this? The same thing happens with me, as well.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Mon Jul 21, 2014 12:43 pm

eeeeeeeeeeeeeeeeeeoooooooooooooooooooooooooooooooo!!!

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1640
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Curt@invincea » Mon Jul 21, 2014 11:11 pm

If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Tue Jul 22, 2014 5:59 am

Curt@invincea wrote:If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.
As far as I know there are two remaining issues with BSA:

- The SaveAs dialog crashes.

Maybe meanwhile a final solution can not be provided you could include a workaround at next beta version and avoid DLL injection to duser.dll. What do you think?

- Sandboxie returning path to real folder when using NtQueryInformationProcess API.

This issue is supposed to be fixed in Beta version 4.13.2, right? When is it going to be released?

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Tue Jul 29, 2014 4:22 am

eeeeeeeeeeeeeeeeeeoooooooooooooooooooooooooooooooo!!!

Coldblackice
Posts: 5
Joined: Sat Feb 22, 2014 3:52 am

Re: Buster Sandbox Analyzer

Post by Coldblackice » Sat Sep 27, 2014 6:41 pm

Buster wrote:
Curt@invincea wrote:If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.
As far as I know there are two remaining issues with BSA:

- The SaveAs dialog crashes.

Maybe meanwhile a final solution can not be provided you could include a workaround at next beta version and avoid DLL injection to duser.dll. What do you think?

- Sandboxie returning path to real folder when using NtQueryInformationProcess API.

This issue is supposed to be fixed in Beta version 4.13.2, right? When is it going to be released?
Any update on this Curt?

sigtrap
Posts: 1
Joined: Thu Jun 26, 2014 8:32 am

Re: Buster Sandbox Analyzer

Post by sigtrap » Tue Feb 17, 2015 10:11 am

I also have problems with Sandboxie 3.76 and BSA 1.88 rev 4 and log_api64.dll from 2014-05-19.

When running installations (MSI or setup.exe) I get the following error:
"Windows installer service could not be accessed" (error 1603)

If I only use log_api32.dll the installation starts but gives the error 1603 later in the installation process (registration?) but I dont get the "installer service" error text..
(One example is the installation of Attachmate Reflection Pro 2014 (x64) - Evaluation)

If I don't use injectdll the installation complete successfully and BSA can do a report, but I miss the API Call Log....

Just want to give some feedback to the forum. Thanks for the software so far!
Regards
//Sigtrap

k123
Posts: 1
Joined: Sat Feb 21, 2015 11:27 am

Re: Buster Sandbox Analyzer

Post by k123 » Sat Feb 21, 2015 2:41 pm

I'm not sure I am posting in the right place, so please let me know if I should post this somewhere else. I am using BSA with sandboxie 4.16 on windows 7 x64. I get a high risk alert when opening a Microsoft word docx file, but the strange thing is all the analysis seems to be related to McAfee Site Advisor, which is listed as the . I'm not sure why this is involved in opening a word document.

Code: Select all

[ General information ]
   * File name: C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
   * File length: 155368 bytes
   * File type: Unknown
   * MD5 hash: 2d94efdd340bbd9de7d5f627b298512d
   * SHA1 hash: 7363517c09aa17b3c46ddf8f00bd4e987701db42
   * SHA256 hash: a9de485352616a37dfd32270bbb65ca15b34cf26394a9418a5182801569aebcd
I'm not sure if this is a) normal on a computer running McAfee, even when just opening a Word document, b) Something wrong with my BSA/Sandboxie setup or usage, or c) malware.

Thanks for the great tool and any feedback :) -Danny

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Sun Mar 08, 2015 7:57 am

k123 wrote:I'm not sure I am posting in the right place, so please let me know if I should post this somewhere else. I am using BSA with sandboxie 4.16 on windows 7 x64. I get a high risk alert when opening a Microsoft word docx file, but the strange thing is all the analysis seems to be related to McAfee Site Advisor, which is listed as the . I'm not sure why this is involved in opening a word document.

Code: Select all

[ General information ]
   * File name: C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
   * File length: 155368 bytes
   * File type: Unknown
   * MD5 hash: 2d94efdd340bbd9de7d5f627b298512d
   * SHA1 hash: 7363517c09aa17b3c46ddf8f00bd4e987701db42
   * SHA256 hash: a9de485352616a37dfd32270bbb65ca15b34cf26394a9418a5182801569aebcd
I'm not sure if this is a) normal on a computer running McAfee, even when just opening a Word document, b) Something wrong with my BSA/Sandboxie setup or usage, or c) malware.

Thanks for the great tool and any feedback :) -Danny
You should not have installed software that may interfere with analysis. McAfee would be an example.

bjm
Posts: 460
Joined: Sat Aug 02, 2008 4:24 pm

Re: Buster Sandbox Analyzer

Post by bjm » Sat Apr 18, 2015 3:10 am

Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template
Sandboxie 5.25.4 - W10 Home 1709 - WebrootSA 9.0.20.31 - Chrome

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: Buster Sandbox Analyzer

Post by Buster » Sat Apr 18, 2015 9:16 am

bjm wrote:Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template
I recommed using Sandboxie 3.76.

bjm
Posts: 460
Joined: Sat Aug 02, 2008 4:24 pm

Re: Buster Sandbox Analyzer

Post by bjm » Sat Apr 18, 2015 1:32 pm

Thank you...interesting = 3.76
Sandboxie 5.25.4 - W10 Home 1709 - WebrootSA 9.0.20.31 - Chrome

Coldblackice
Posts: 5
Joined: Sat Feb 22, 2014 3:52 am

Re: Buster Sandbox Analyzer

Post by Coldblackice » Sat Sep 12, 2015 7:41 pm

Buster wrote:
bjm wrote:Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template
I recommed using Sandboxie 3.76.
Do you anticipate a recommendation of a higher 4+ version anytime in the near future? What's the current reasoning for recommending v3.76?

(I remember you mentioned it's because of some changes to v4+, but can't remember specifics)

Locked

Who is online

Users browsing this forum: No registered users and 1 guest