Application wont start if I sandbox it. Help please

Hi everyone. :slight_smile:

I am testing an application wich I am %100 shure has a lot of viruses. Is capable of disconnect my vpn secure client connection (proxpn and anchorefree and trustconnect) Its also capable belive it or not to avoid and dodge sandboxie protection. The problem is it wont start if I sandbox it with comodo CIS. I put the level of sandbox in minimum, partially limited I think, and even there it wont start. What you guys recommend me to do, I wanna give it a shot and see if comodo sandbox is stronger and capable of stop any malicious activity like the one discribed above from this application. I am kinda noob with comodo sandbox part only, I haven study very well that part.

Can some one help me? If you guys need anything from me just tell me.



As far as I know, there are some programs which can detect the presence of Sandbox or any virtual environment and they simply stop executing. If yours is such a case, there is no easy workaround.
May be some one else can tell some other idea…

How does it dodge Sandboxie? Can it do things it is not supposed to do or does it simply not start like when it is sandboxed by CIS?

If it runs in Sandboxie then it is not likely that is have sandbox evasive strategies. That means that CIS sandbox is able to contain it.

When I say sandboxie I refer to this program

not the sandbox that has CIS

With sandboxie is capable of running the infected application with no problems. In the past sandboxie did the trick, and the virus isolated was not capable of disconnect vpn secure connection client. Then they release an update for this virus or infected application that is capable of dodge sandboxi security, and now able to disconect your vpn no matter if is inside of sandboxie.

Thats why I wanna make the infected application run but with CIS sandbox. To see if is capable of stop this intrusion. But like I said before, it wont start :frowning:

Ohh I see. Well I was trying to run the exe file of the infected application that was installed on my pc, and didnt open.

Now I am running the installer of the infected application and lucky me, it works, it opens the application once it has been installed. The only problem is once it gets installed I need to close it completly and then open it again. But I dont see where the infected application has been installed, is there a folder where I can go to open the exe file? There is no shorcuts on desktop. How can I reopen it. OMG it kinda work after all. I am pretty shure that if I do this in comodo, virus is not going to be able to disconnect my vpn. Which is great news :slight_smile:

If you have proves of bypassing sandboxie, let them know.

Does the bypass work with “lowered user rights” checked in sandboxie?
Are the disabled things enabled again after you close the last program in sandboxie?
Gets your sandboxie erased after closing the last program?

Yep I just told them in their forum.

I havent try what you are describing about, what do you mean: Does the bypass work with “lowered user rights” checked in sandboxie? Where can I found this option, so I can enable it.

Maybe that would do the trick with sandboxie, but I dont see the option check mark or something

Open the main window of sandboxie.
Switch “View” to: Programs
Right click on Sandbox default sandbox in the list then.
Choose: Sandboxie settings
Restrict rights: x Restrict the rights for administrator and user groups

If you are anyway in contact with the developer of sandboxie in this case, you could suggest him to make the settings better accessable. Especially if it would do the trick against your file example :wink:

Ok, restrictions, I suppose you are refering to checkmark in DROP RIGHTS for administrators and power users groups

I run the infected application in xp not from administrator account, I use users account wich has the less privilages.

Ok, I will give it a try and see how it goes. I got my fingers cross. Wish me luck hahaha lol :smiley: