Buster Sandbox Analyzer

[Curt@invincea]

Curt: In what are you working actually to get BSA in business?

I mean, what is necessary to change in Sandboxie to get BSA working fine?

The problem in notepad SaveAs appears to be a bug in duser.dll. It is complaining of reentrancy. It is very low priority because all it does is cause an error msg to be displayed by Sbie. Notepad keeps running. And how many people are going to be testing notepad under BSA anyway?

Firefox was starting werfault.exe for me, but you say it is running fine for you. So what problems remain?

[Buster]

Curt: In what are you working actually to get BSA in business?

I mean, what is necessary to change in Sandboxie to get BSA working fine?

The problem in notepad SaveAs appears to be a bug in duser.dll. It is complaining of reentrancy. It is very low priority because all it does is cause an error msg to be displayed by Sbie. Notepad keeps running. And how many people are going to be testing notepad under BSA anyway?

Firefox was starting werfault.exe for me, but you say it is running fine for you. So what problems remain?

For me applications using SaveAs crashes. Example: MKVToolNix

And it is not just me:

http://forums.sandboxie.com/phpBB3/view ... 41#p100841

Also programs such as notepad.exe crash when I try to save a text-file to disk.

Do you want I record a video where you can see it happening? I do not think it is necessary as this problem was reported by other user and I confirm it happens.

[Coldblackice]

^Any update on this? The same thing happens with me, as well.

[Buster]

eeeeeeeeeeeeeeeeeeoooooooooooooooooooooooooooooooo!!!

[Curt@invincea]

If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.

[Buster]

If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.

As far as I know there are two remaining issues with BSA:

- The SaveAs dialog crashes.

Maybe meanwhile a final solution can not be provided you could include a workaround at next beta version and avoid DLL injection to duser.dll. What do you think?

- Sandboxie returning path to real folder when using NtQueryInformationProcess API.

This issue is supposed to be fixed in Beta version 4.13.2, right? When is it going to be released?

[Buster]

eeeeeeeeeeeeeeeeeeoooooooooooooooooooooooooooooooo!!!

[Coldblackice]

If I understand correctly, the only remaining issue with BSA is the SaveAs dialog? Everything else is working?

The problem is this is a Windows dll bug. It is going to require further analysis and we have several higher priority issues right now.

As far as I know there are two remaining issues with BSA:

- The SaveAs dialog crashes.

Maybe meanwhile a final solution can not be provided you could include a workaround at next beta version and avoid DLL injection to duser.dll. What do you think?

- Sandboxie returning path to real folder when using NtQueryInformationProcess API.

This issue is supposed to be fixed in Beta version 4.13.2, right? When is it going to be released?

Any update on this Curt?

[sigtrap]

I also have problems with Sandboxie 3.76 and BSA 1.88 rev 4 and log_api64.dll from 2014-05-19.

When running installations (MSI or setup.exe) I get the following error:
"Windows installer service could not be accessed" (error 1603)

If I only use log_api32.dll the installation starts but gives the error 1603 later in the installation process (registration?) but I dont get the "installer service" error text..
(One example is the installation of Attachmate Reflection Pro 2014 (x64) - Evaluation)

If I don't use injectdll the installation complete successfully and BSA can do a report, but I miss the API Call Log....

Just want to give some feedback to the forum. Thanks for the software so far!
Regards
//Sigtrap

[k123]

I'm not sure I am posting in the right place, so please let me know if I should post this somewhere else. I am using BSA with sandboxie 4.16 on windows 7 x64. I get a high risk alert when opening a Microsoft word docx file, but the strange thing is all the analysis seems to be related to McAfee Site Advisor, which is listed as the . I'm not sure why this is involved in opening a word document.

Code: Select all

[ General information ]
   * File name: C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
   * File length: 155368 bytes
   * File type: Unknown
   * MD5 hash: 2d94efdd340bbd9de7d5f627b298512d
   * SHA1 hash: 7363517c09aa17b3c46ddf8f00bd4e987701db42
   * SHA256 hash: a9de485352616a37dfd32270bbb65ca15b34cf26394a9418a5182801569aebcd

I'm not sure if this is a) normal on a computer running McAfee, even when just opening a Word document, b) Something wrong with my BSA/Sandboxie setup or usage, or c) malware.

Thanks for the great tool and any feedback -Danny

[Buster]

I'm not sure I am posting in the right place, so please let me know if I should post this somewhere else. I am using BSA with sandboxie 4.16 on windows 7 x64. I get a high risk alert when opening a Microsoft word docx file, but the strange thing is all the analysis seems to be related to McAfee Site Advisor, which is listed as the . I'm not sure why this is involved in opening a word document.

Code: Select all

[ General information ]
   * File name: C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
   * File length: 155368 bytes
   * File type: Unknown
   * MD5 hash: 2d94efdd340bbd9de7d5f627b298512d
   * SHA1 hash: 7363517c09aa17b3c46ddf8f00bd4e987701db42
   * SHA256 hash: a9de485352616a37dfd32270bbb65ca15b34cf26394a9418a5182801569aebcd

I'm not sure if this is a) normal on a computer running McAfee, even when just opening a Word document, b) Something wrong with my BSA/Sandboxie setup or usage, or c) malware.

Thanks for the great tool and any feedback -Danny

You should not have installed software that may interfere with analysis. McAfee would be an example.

[bjm]

Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template

[Buster]

Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template

I recommed using Sandboxie 3.76.

[bjm]

Thank you...interesting = 3.76

[Coldblackice]

Hello
Just found Buster Sandbox.
Are the Installation and usage instructions at http://bsa.isoftware.nl/1.88 okay with 4.16
Why no Template

I recommed using Sandboxie 3.76.

Do you anticipate a recommendation of a higher 4+ version anytime in the near future? What's the current reasoning for recommending v3.76?

(I remember you mentioned it's because of some changes to v4+, but can't remember specifics)