Breaking out of sandboxie

Learn about Computer Security General Security Questions and Comments
#1

Hey guys, I think I’ve come across something that may be able to bust out of sandboxie, Can someone please confirm?

(See attached)
http://www.ghostsecurity.com/registrytest/

In the attached picture it shows that Regtest.exe attempted to terminate Comodo while inside the sandbox.
If i let the test continue for a short while, Explorer.exe will shutdown At which point I pressed CTRL+ALT+DEL and terminated Regtest.exe

[attachment deleted by admin]

#2

Are you running the test inside the box Kyle?

I just tried the same test,with similar results but run from C:\Sandbox.…

D+ blocked the lot :-TU

Maybe someone over at Tzuk is better informed as to what is happening

[attachment deleted by admin]

#3

Hey Matty, Thanks for the reply. Yes I was running it inside of the Box see the display icons; # # # #

These are the settings I used;

[Test_Box]

ConfigLevel=4
AutoRecoverIgnore=.part
AutoRecoverIgnore=.jc!
RecoverFolder=C:
LingerProcess=acrord32.exe
LingerProcess=jusched.exe
LingerProcess=syncor.exe
LingerProcess=devldr32.exe
LingerProcess=wuauclt.exe
LingerProcess=trustedinstaller.exe
Enabled=y
NeverDelete=n
CopyLimitKb=3000000
CopyLimitSilent=y
BoxNameTitle=y
ForceFolder=F:\
ForceFolder=E:\
ForceFolder=C:\Documents and Settings\Kyle\My Documents
ForceFolder=C:\Documents and Settings\Kyle\Desktop
NotifyInternetAccessDenied=y
ClosedFilePath=\Device\RawIp6
ClosedFilePath=\Device\Udp6
ClosedFilePath=\Device\Tcp6
ClosedFilePath=\Device\Ip6
ClosedFilePath=\Device\RawIp
ClosedFilePath=\Device\Udp
ClosedFilePath=\Device\Tcp
ClosedFilePath=\Device\Ip
ClosedFilePath=\Device\Afd*

EDIT::
In your screen shot- It shows that regtest.exe is attempting to terminate Comodo. (2nd line)

#4

Missed em(blinking grey on grey),

So if you force something to run sandboxed does it leave out the Sandbox bit in the path?

It certainly seems like it`s doing stuff outside the box,whether or not anything permanant would happen is the question,i may try it with something else…

ps on second try its trying to "send message" It seems CIS is blocking it from memory access while other apps dont

#5

I’ve been trying to report this to Tzuk, Though for some reason he still doesn’t understand how to run the test ???

http://sandboxie.com/phpbb/viewtopic.php?p=30703#30703