Page 1 of 1

Hidden Sandboxie

Posted: Thu Oct 01, 2015 12:05 am
by ORange
I understand that Cryptowall now detects sandboxing, by detecting certain Sandboxie dll processes (SbieDll.dll)?

Would it be possible to allow for anonymizing of program names/processes in some way? If switched on, Sandboxie automatically changes the names of its processes and/or file names?

Re: Hidden Sandboxie

Posted: Thu Oct 01, 2015 11:01 am
by Craig@Invincea
It's been talked about in the past, the creator of SBIE said it wasn't worth it. And it can still be detected. You can read the posts here.... ... dll#p32059 And maybe get some hints on what other users attempted to do?

Re: Hidden Sandboxie

Posted: Fri Oct 02, 2015 12:32 am
by ORange
Thank you, Craig.

I hadn't seen that, it having gone back quite a few years. Reference was made to "LOG_API.dll" that had been developed to deal with this issue (to the extent it can be realistically dealt with). Does anyone still use this, does it work with current version?